Consumers being turned into online criminals

Organised criminals are creating the online equivalent of pyramid schemes for would-be cybercriminals and ID fraudsters, a new report warns.

The growing trend towards luring people into taking part in targeted and sophisticated online attacks, innocently or not, was highlighted in the latest Internet Security Threat report (ISTR) Volume XII from security company Symantec.

Typical hooks for greedy or unsuspecting consumers are to turn them into money mules, or to sell them the tools to hack into people's PCs and steal personal information.

Andrew Goodwill, managing director of online fraud surveillance company Early Warning, is not surprised by reports about the growing number of adverts for fake jobs to launder money.

He said: "The internet is littered with free classified advert websites with money laundering jobs. We have been warning people about this for months. For example, to test how well the owners of these sites monitored for fraudulent ads, Early warning placed a spoof advert on the website adzozok entitled 'work from home by becoming a money mule'.

"But despite repeatedly advising Trinity media group, the publishers of this site, the spoof job ad remained live for weeks. The owners and operators of these job websites have a social responsibility to make sure they protect the public; some will know what they are getting into, others won't because many of these ads pretend to come from legitimate companies."

A typical ad for money mules might read: “Seeking smart, creative, entrepreneurial individual to build own business. Working from home on a part-time basis, develop your own client base from across the globe. Be your own boss and earn up to £4,500 a week. The world really is your oyster!”

For the wannabe DIY thief, it is also becoming easier; commercial online software, such as phishing tools with in-built support for everything from website creation through to email targeting or malware to install keystroke loggers, can be bought for as little as £25-£50.

Security company PC Tools said its research shows sites such as Ebay are prime places to buy these tools.

Mike Greene, PC Tools vice president for Product Strategy, said: "A number of software items for sale on the Ebay auction site are in fact aimed at helping users hack computers, websites and even individual user accounts. The software comes as a DVD containing a variety of programs including keyloggers, Trojans and other malware making devices, as well as advice on how to set up a phishing site.

“While Ebay makes every effort to ensure its auctions are safe and law abiding, it is very worrying that something intended ultimately to steal consumer ID details and eventually money is being sold via what is in fact the world’s number-one target for the ID thieves."

While it is no surprise that the past 18 months have shown online attacks are motivated by financial gain because they are so profitable, the move towards enticing members of the public to engage in illegal online activities is a fast-growing trend.

Symantec UK's consumer sales director Lee Sharrocks said these latest findings show that it is "essential for consumers to be aware of the new types of threats that they face everyday and understand how to protect themselves and their identities".

The report also found the United States was the top country for underground economy servers, accounting for 64 per cent of the total known to Symantec. Following this were Germany and then Sweden.

In terms of the actual data bought and sold, credit card details were the most frequently advertised item, making up 22 per cent of all goods advertised by the criminals for as little as 25p for batches of 10 or 20.