Web Fraud 2.0: Digital Forgeries
For businesses, positively identifying someone online - by name, or physical location - is extremely difficult. Many Internet firms seek to verify the identity of customers by requesting scanned copies of their driver's licenses, passports, or utility bills. But what if services aimed at creating counterfeit versions of these documents became widespread? How long would businesses continue to rely on this method of identification?
Unfortunately, there are several such services. Among the most active is a site called scanlab.name. For roughly $35 USD, you provide the site with the type of document or credential you're seeking and the identifying information you want to appear on it and scanlab will produce a very authentic-looking digital image that appears to be a scanned copy of said item.
For example, let's say I'm a scammer and I've just gained access to someone's online account and I want to move their funds to my own account. The victim's institution says, "Hold on there, cowboy. In order to prove you are who you say you are, we'll need to see a scanned copy of your driver's license and a utility bill with your name and address on it." At scanlab, those images would cost me about $60 total (albeit payable only through Webmoney, a virtual currency unknown to most Americans but quite popular in Russia and many parts of Eastern Europe.)
From the chatter about this service on certain online criminal forums, it appears scanlab does a fairly brisk business. Security Fix was able to register an account at the service and take a few screen shots of the options available to scanlab members. Here's a shot of some of the prices, broken down by document type, country and U.S. state.
Why would someone need to use this service? In most cases, companies request scanned documents when they're trying to combat fraudulent activity. PayPal has been known to freeze users' accounts if it suspects them of being used for fraud, often demanding a copy of the user's utility bill to unfreeze them.
Online gambling sites often will try to prevent money laundering (a scammer depositing funds from a stolen credit or debit card and then trying to withdrawal said funds to a cash account a few days later) by requesting scanned documents. In other cases, scanned documents can allow foreigners to create official U.S. corporations complete with U.S. based bank accounts protected by the FDIC. All that is required are certain scanned documents.
August 21, 2008; 7:00 AM ET
Categories: Fraud , From the Bunker , Web Fraud 2.0
Save & Share: Previous: Web Fraud 2.0: Validating Your Stolen Goods
Next: Opera Update Plugs Multiple Security Holes
Posted by: nle | August 21, 2008 2:02 PM | Report abuse
Posted by: Bk | August 21, 2008 2:19 PM | Report abuse
Posted by: Charles Decker | August 21, 2008 7:30 PM | Report abuse
Posted by: jm | August 21, 2008 9:21 PM | Report abuse
Posted by: Wladimir Palant | August 22, 2008 2:39 AM | Report abuse
Posted by: Bob | August 26, 2008 2:29 PM | Report abuse
Posted by: Ford | August 26, 2008 3:50 PM | Report abuse
Posted by: Kevin | August 26, 2008 8:25 PM | Report abuse
The comments to this entry are closed.