C6 intelligence Fraud Glossary Whitepaper

2,163 views

Published on

The C6 intelligence Fraud Glossary Whitepaper is a list of terms used within the fraud industry.

The glossary has 5 categories:

Definition
Crime
Law
Organization
Slang

Example:

Account Detection Rate
Definition -
The percentage of fraud cases or accounts that are detected. Since a fraud case may have more than one fraudulent transaction this number is generally higher than the transaction detection rate.

This current updated version has 315 entries

Published in: Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,163
On SlideShare
0
From Embeds
0
Number of Embeds
586
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

C6 intelligence Fraud Glossary Whitepaper

  1. 1. Fraud GlossaryFOR PUBLIC DISTRIBUTION Date: 30 October 2012© C6 Intelligence Information Systems Limited, 2012NO PART OF THIS PUBLICATION MAY BE REPRODUCED, OR TRANSMITTED WITHOUTTHE PRIOR PERMISSION OF C6 INTELLIGENCE INFORMATION SYSTEMS LTD
  2. 2. This page is intentionally left blank.
  3. 3. Fraud Glossary CATEGORY: (Definition, Crime, DESCRIPTIONNO. TERM Law, Organization, (Various Sources) Slang)1 Account Detection Definition The percentage of fraud cases or accounts that are Rate detected. Since a fraud case may have more than one fraudulent transaction this number is generally higher than the transaction detection rate.2 Account Takeover Crime Involves fraud on existing financial accounts. When (1) a criminal uses a stolen credit card number to make fraudulent purchases on an existing credit line. Account takeovers are the more common type of identity theft, in contrast to a second type of identity theft referred to as “new account creation” Form of Identity Theft.3 Account Takeover Definition A fraudster impersonates the victim and falsely (2) claims a change of address so that he or she can ‘take over’ the victim’s bank account or other financial products.4 Advance Fee Fraud Crime A type of advance-fee fraud in which individuals or (419 Fraud) companies receive unsolicited emails or letters, originating from West Africa, promising a percentage of a huge sum of money in return for allowing funds to pass through the victim’s bank account. There is an administration fee to pay as a pre-condition of releasing the funds.5 419 Fraud (Nigerian Crime Email asking to funnel money through users bank Advance Fee Fraud) account. 419 is the Nigerian penal code under which this offence would be prosecuted.6 420 Fraud (Nigerian Definition Partner to the fraud scheme. Advance Fee Fraud)7 Advances Fraud (UK) Definition Premeditated credit abuse. This fraud can be carried out by the consumer or as a result of identity fraud.
  4. 4. 8 Advance Fee Fraud Crime The victim is required to pay significant fees in Scheme advance of receiving a substantial amount of money or merchandise. The fees are usually passed off as taxes, or processing fees, or charges for notarized documents. The victim pays these fees and receives nothing in return. Perhaps the most common example of this type of fraud occurs when a victim is expecting a large payoff for helping to move millions of dollars out of a foreign country.9 Advance-Fee fraud Crime This involves the criminal tricking a victim into paying an up-front fee with the promise of a large reward later.10 Adware Definition Software that carries advertising. The software is usually free provided that the user agrees to accept the receipt of advertisements (either in the form of a banner within the application, or as separate pop- up Windows). There is nothing wrong with this arrangement provided everything is openly and clearly agreed between all parties concerned. Adware becomes a concern when it starts to incorporate elements of spyware.11 Affidavit Definition A sworn statement.12 Affiliate Bidding Definition A condition in purchasing when multiple bids are tendered for a contract from a single company under various names to give the appearance of competition.13 Agent Fraud Crime Occurs when a third party involved in a financial transaction perpetrates fraud. See broker/dealer fraud.14 Alias/Handle Definition An alternative name used by people (or bestowed upon objects) to hide their true identity.15 Application fraud Crime A fraudster makes an application using a victims details or false supporting documentation.16 At Will Definition An employment situation where the employee is not protected from arbitrary firing. Contrast: For Cause.17 ATM attachments Definition These can be fixed to cash machines (ATMs) to extract PIN numbers and personal details from cards. The attachments can include skimming devices or false fronts with built-in card readers, as well as pinhole cameras.18 ATM Fraud Definition Encompassing term to describe fraud related to ATM card accounts where a card is used to immediately withdraw funds from a consumers account using a PIN based transaction at an ATM.
  5. 5. 19 Back Door Definition Unauthorized entry point or weakness discovered by a hacker.20 Back Door/ Trap Definition A way into a software system that the programmer Door or administrator of that system (or a cracker who has gained access) has deliberately left for himself. A typical back door will allow its designer access to the system without checking the file of authorized users.21 Backdate Definition To post a date on a document earlier than the actual creation for deception.22 Bait and Switch Definition In consumer fraud, advertising a low cost item and then steering the customer to a higher priced item when they come to buy, claiming the "low priced item was "sold out".23 Ban on Spam Law/Slang Nickname given to the EUs anti-spam directive. It sets out specific conditions for installing so-called cookies on users personal computers and for using location data generated by mobile phones. Notably, the Directive also introduces a ban on spam throughout the EU.24 Bank Examiner Crime The crook poses as a bank examiner who is trying to Scheme catch a dishonest teller. The crook needs the victim to withdraw a substantial sum of money to test the teller. The crook then asks the victim to turn over the cash for a receipt while they use the cash as evidence but runs with it.25 Bank Identification Definition Unique number consists of two part code that is Number (BIN) assigned to banks and savings associations for identification. The first part shows the location and the second part identifies the bank.26 Bankruptcy Fund Crime The crook files a notice of bankruptcy, then approaches each of his creditors and tells each one that he wants them to get paid something, maybe 10 %. After all have been approached and settled the crook withdraws his filing and most of the debt has been settled for a faction of what he owes.
  6. 6. 27 Behaviour Blocking / Definition Software monitors the executable actions of Sand Boxing potentially malicious software and stops dangerous operations from taking place (such as deleting files, modifying system settings and so on). Often considered to be more effective than virus scanners in blocking malicious code because they monitor actual functions rather than look for a known signature. In order for a traditional virus scanner to detect a virus, it has to have the actual signature, or fingerprint, of the virus within its database. New viruses often succeed because they are not immediately recognised simply because their signatures are not yet held in the database. Behaviour blocking doesnt care whether its a new virus, an old virus or something completely different - it simply stops it harming the system.28 Bid Rigging Definition Any scheme that gives the appearance of competition but is not because participants establish the winner before submitting bids for the contract. See Affiliate Bidding and Bid Rotation.29 Bin raiding Definition The practice of rifling through household or commercial bins to find documents, such as bills or statements, containing personal or confidential information about individuals, which could be used to assume their identity.30 Boiler Room Scam Crime Refers to a busy centre of activity, often selling questionable goods by telephone. It typically refers to a room where salesmen work using unfair, dishonest sales tactics, sometimes selling penny stock or committing outright stock fraud.31 BOLO Definition Be on the lookout for….32 Bot Herding Definition Gathering of compromised computers prior to becoming a Botnet33 Botnet Definition Set of compromised computers ("bots" or "zombies") under the unified command and control of a "botmaster;" commands are sent to bots via a command and control channel (bot commands are often transmitted via IRC, Internet Relay Chat).34 Bots Definition Software applications that run automated tasks such data mining of webpages.35 Broker/Dealer Fraud Crime Occurs when a third party involved in a financial transaction perpetrates fraud. See broker/dealer fraud.
  7. 7. 36 Browser Hijacker Crime Program or code that changes your browser settings so that you are redirected to different Web sites. Most browser hijackers alter the default home pages and search pages to those of customers who pay for the traffic generated.37 Brute Force Attack Crime Attack in which every possible key is attempted until the correct key is found. Cipher text is deciphered under different keys until recognizable plaintext is discovered. On average, this will take half as many attempts as there are keys in the keyspace.38 Buffer Overflow Definition A buffer is an area of memory used to hold data for processing. It has a predetermined size. If the data being placed into the buffer is too large, is not checked and is allowed to overflow the buffer, it can have unexpected effects. At best, the excess data is simply lost. At worst, the excess data might overwrite other legitimate data.39 Business / Crime Typically incorporate identity theft, freight Employment forwarding, and counterfeit check schemes. The Schemes fraudster posts a help-wanted ad on popular Internet job search sites. Respondents are required to fill out an application wherein they divulge sensitive personal information, such as their date of birth and Social Security number. The fraudster uses that information to purchase merchandise on credit. The merchandise is sent to another respondent who has been hired as a freight forwarder by the fraudster. The merchandise is then reshipped out of the country. The fraudster, who has represented himself as a foreign company, then pays the freight forwarder with a counterfeit check containing a significant overage amount. The overage is wired back to the fraudster, usually in a foreign country, before the fraud is discovered.40 Bust Out Fraud (US) Crime When fraud occurs in an account that has only been opened for a short time. The account appears to be a good account until the limit is raised, charged up, and then does not pay. Differs from account takeover since it is intended and carried out by original holder.41 Call Centre Fraud Crime Call centre fraud happens when a call service representative accesses several accounts during a call from a customer and steals the data.
  8. 8. 42 Capital Controls Definition Measures such as transaction taxes or caps on volume and other limitations which a countrys government can use to regulate the flows into and out of the nations capital account. They include exchange controls that prevent or limit the buying and selling of a nation currency at the market rate, controls on the international sale or purchase of various financial assets, transaction taxes such as the proposed Tobin tax and sometimes even limits on the amount of money a private citizen is allowed to take out of the country.43 Captcha Definition A security technique that ensures that a human has made the transaction online rather than a computer. It is also known as "Automated Turing Tests" and was originally developed at Carnegie Mellon University. Random words or letters are displayed in a distorted fashion so that they can be deciphered by people, but not by software. This usually involves the use of graphic images of characters and numbers. Users are asked to type in what they see on screen to verify human involvement.44 Card capture device Definition A device inserted into the card slot of a cash / card trapping machine (ATM) to capture the data contained on cards.45 Card cloning or Crime Cloning involves creating a duplicate of your ‘Skimming payment card. The data on a cards magnetic stripe is read electronically by a skimming device and downloaded onto a computer or copied onto a duplicate card.46 Card Issuer loss Definition Three types of losses: “(1) costs associated with reissuing new payment cards, (2) costs associated with monitoring open accounts for fraud (with or without reissue), and (3) fraud losses.47 Card Not Necessary Definition Without possessing the victim’s credit card, having (CNN) sufficient personal and financial details to be able to orders goods online/mail order.48 Card Not Present Definition A transaction where the card is not present at the (CNP) time of purchase-internet, mail, telephone.49 Card Trapping / Card Definition A device inserted into the card slot of a cash Capture Device machine (ATM) to capture the data contained on cards
  9. 9. 50 Card Verification Definition Authentication number established by prepaid Value (CVV) debit card companies to further efforts towards reducing fraud for internet transactions. A three- digit number printed in the signature space on the back of most credit cards, such as Visa, Mastercard, and Discover cards. On American Express Cards it is a four digit code.51 Carderplanet Organization Prior to 2004, Shadow crew and Carderplanet were only two carding forums. Organized much like the Mafia.52 Carders Crime Individuals engaged in criminal carding activities.53 Cardersmarket Organization Founded in 2005. In 2006 one of its admins, "Iceman", took over four carding rivals to increase membership.54 Cardholder Definition Now called the Payment Card Industry Data Security Information Security Standard (PCI DSS), is a comprehensive set of Program (CISP) international security requirements for protecting cardholder data. Developed by VISA and etc to help facilitate the broad adoption of consistent data security measures on a global basis. Twelve Requirements.55 Cardholder-Not- Definition Using stolen cards or card details and personal Present Fraud (CNP) information, a fraudster purchases good or services remotely - online, by telephone or by mail order.56 Carding (1) Crime Broad definition. Process by which large volumes of data are stolen, resold, and ultimately used by criminals to commit fraud is revealed in an underground world.57 Carding (2) Crime Narrow definition. Refers to the unauthorized use of credit and debit card account information to fraudulently purchase goods and services.58 Carding (3) Crime Evolving definition. An assortment of activities surrounding the theft and fraudulent use of credit and debit card account numbers including computer hacking, phishing, cashing-out stolen account numbers, re-shipping schemes, and Internet auction fraud.59 Carding (4) Crime Involves the large scale theft of credit card account numbers and other financial information versus other methods with limited ID theft which uses dumpster diving, skimming, phishing, change of address, and “old-fashioned stealing.”
  10. 10. 60 Carding (5) Crime Process by which large volumes of data are stolen, resold, and ultimately used by criminals to commit fraud. Narrow sense- Unauthorized use of credit and debit card account information to fraudulently purchase goods and services.61 Carding Forums Crime Websites for carders who have membership.62 Case Management Definition System that provides the facility to assign and prioritize transactions for review on suspect cases.63 CCpowerForums (1) Organization Carding forum with forums on hacking, trojans, keylogger, etc.64 CCpowerForums (2) Organization Offered hacking, etc help on its forum in addition to cards.65 Change of address Crime Using a victim’s name and address details, a fraud criminal contacts banks and businesses to register a change of address. The fraudster may then ask for valuable items such as cheque books, debit cards or account statements to be sent to the new address. Change of address fraud can also be used to facilitate an account takeover.66 Chargeback Definition A credit card transaction that is billed back to the merchant after the sale has been settled. Results when a card holder disputes a transaction to the issuer then initiates on the card holders behalf.67 Check Fraud Definition Encompassing term used to describe fraud related to checks including kiting, counterfeiting, forgery, and paperhanging.68 Check Kiting Definition The illegal act of taking advantage of the float to make use of non-existent funds in a checking or other bank account. It is commonly defined as writing a check from one bank knowingly with non- sufficient funds, then writing a check to another bank, also with non-sufficient funds, in order to cover the absence. The purpose of check kiting is to falsely inflate the balance of a checking account in order to allow checks that have been written that would otherwise bounce to clear.69 Checksum Definition Checksums are generated by a function that is dependent upon the data in question. For security purposes, checksums are generated by one-way hash functions. Once a checksum has been generated, it is either stored with or transmitted with the data in question. The integrity of the data can be checked by generating a new checksum. If the two checksums are identical, then the file has not changed. If the two checksums are different, then the data (or file) in question has been altered.
  11. 11. 70 CIFAS Organization UKs Fraud Prevention Service, a third sector organisation dedicated to preventing fraud. Originally founded in 1988 as the "Credit Industry Fraud Avoidance System", its membership today includes many organisations from outside of the credit industry. It addresses identity fraud, application fraud, staff fraud, first and third party fraud, insurance fraud and fraud against public sector organisations. . It provides a range of fraud prevention services to its members.71 Circular Check / Definition Forms of kiting in which one or more additional Cheque Kiting banks serve as the location of float, and involve the use of multiple accounts at different banks. In its simplest form, the kiter, who has two or more accounts of his own at different banks, writes a cheque on day one to himself from Bank A to Bank B (this cheque is referred to as the kite), so funds become available that day at Bank B sufficient for all cheques due to clear. On the following business day, the kiter writes a cheque on his Bank B account to himself and deposits it into his account at Bank A to provide artificial funds allowing the cheque he wrote a day earlier to clear. This cycle repeats until the offender is caught, or until the offender deposits genuine funds, thereby eliminating the need to kite, and often going unnoticed. May involve more than one person or groups.72 Click Fraud Definition/Crime Occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ads link. Use of a computer to commit this type of Internet fraud is a felony in many jurisdictions. There have been arrests relating to click fraud with regard to malicious clicking in order to deplete a competitors advertising budget.73 Click Jacking/ UI Definition/Crime A malicious technique of tricking Web users into Redressing revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. Vulnerability across a variety of browsers and platforms, a click jacking takes the form of embedded code or script that can execute without the users knowledge, such as clicking on a button that appears to perform another function.74 Collusion Definition/Crime An agreement between two or more people to participate in an illegal activity.
  12. 12. 75 Commercial / Definition/Crime The use of the identity of a company, business or its Corporate identity directors, without their knowledge, to facilitate theft fraud.76 Commercialware Definition Software id either shareware or commercial. Commercial costs money.77 Common Point of Definition A designation assigned to a Merchant by a Payment Compromise (CPC) Brand when a pattern of fraudulent use of credit cards has been detected after these cards were used legitimately at this Merchant location. Often used interchangeably with Point of Compromise Reports (POC).78 Common Point of Definition A designation assigned to a Merchant by a Payment Purchase (CPP) Brand when a pattern of fraudulent use of credit Common Point of cards has been detected after these cards were Compromise used legitimately at this Merchant location. Often used interchangeably with Point of Compromise Reports (POC).79 Confirmer Slang Accomplice that validates a fake identity.80 Consumer Loan Definition Application fraud related to consumer loans. Fraud81 Cookie Definition This is a small data file automatically stored on a users computer for record-keeping purposes. It contains information about the user in relation to a particular website, such as their username and preferences.82 Corporate Fraud Definition/Crime The dishonest abuse of their position by (usually) senior members of staff to misrepresent a companys true financial position.83 Corporate Kiting Definition/Crime Involves the use of a large kiting scheme involving perhaps millions of dollars to secretly borrow money or earn interest. While limits are often placed on an individual as to how much money can be deposited without a temporary hold, corporations may be granted immediate access to funds, which can make the scheme go unnoticed84 Corporate / Definition/Crime The use of the identity of a company, business or its Commercial Identity directors, without their knowledge, to facilitate Theft fraud.85 Counterfeit Card Definition/Crime A fraudulent reproduction of a printed, embossed and encoded credit or debit card. Or a payment card that has been validly issued but has been altered or fabricated.86 Counterfeit Check Crime A counterfeit or fraudulent cashier’s check or Schemes corporate check is utilized to pay for merchandise. Often these checks are made out for a substantially
  13. 13. larger amount than the purchase price. The victims are instructed to deposit the check and return the overage amount, usually by wire transfer, to a foreign country. Because banks may release funds from a cashiers check before the check actually clears, the victim believes the check has cleared and wires the money as instructed. One popular variation of this scam involves the purchase of automobiles listed for sale in various Internet classified advertisements. The sellers are contacted about purchasing the autos and shipping them to a foreign country. The buyer, or person acting on behalf of a buyer, then sends the seller a cashiers check for an amount several thousand dollars over the price of the vehicle. The seller is directed to deposit the check and wire the excess back to the buyer so they can pay the shipping charges. Once the money is sent, the buyer typically comes up with an excuse for cancelling the purchase, and attempts to have the rest of the money returned. Although the seller does not lose the vehicle, he is typically held responsible by his bank for depositing a counterfeit check.87 Credit Card Definition/Crime Programs used by criminal organizations to Generators generate valid credit card numbers that will successfully process for a transaction yet are not actual issued card numbers. Numbers are generated based on the institutions BIN and sequence numbers and also follow MOD-10 rules.88 Credit Freeze Definition Prevents potential creditors and other third parties from accessing your credit report unless you lift the freeze or already have a relationship with the company.89 Credit/Debit Card Definition/Crime It is the unauthorized use of a credit/debit card to Fraud fraudulently obtain money or property. Credit/debit card numbers can be stolen from unsecured web sites, or can be obtained in an identity theft scheme.90 Current Account Definition Fraud related to demand deposit accounts. This can Fraud (UK) include application fraud, check fraud, ATM fraud, or debit card fraud. Also called Demand Deposit Account Fraud.91 Current Address Definition Identity fraud perpetrated by a criminal who shares Fraud the same address as the victim. The fraudster is likely to have access to or is able to intercept the victims post and so can apply for and use existing products and services in the name of the victim.
  14. 14. 92 Cut and Paste Attack Definition/Crime An assault on the integrity of a security system in which the attacker substitutes a section of ciphertext (encrypted text) with a different section that looks like (but is not the same as) the one removed. The substituted section appears to decrypt normally, along with the authentic sections, but results in plaintext (unencrypted text) that serves a particular purpose for the attacker. A type of message modification attack: the attacker removes a message from network traffic, alters it, and reinserts it. This is called an active attack, because it involves an attempts to change information; in comparison, a passive attack, such as password sniffing, seeks information but does not itself modify the valid information, although it may be used in conjunction with an active form of attack for various purposes.93 Cyber Fraud Definition Fraud committed using a computer, such as hacking, denial of service attacks, phishing, etc.94 Daemon Definition A background process that carries out tasks on behalf of every user. Daemons spend most of their time sleeping until something comes along which requires their help. Unix systems have many daemons. The term probably originated in its mythological counterpart and was later rationalized into Disk And Execution Monitor.95 Data Theft / Definition Incidents seem to fall into three main categories: Personal theft (usually of laptops), hacking, and what is often Information Theft somewhat kindly referred to as “inadvertent disclosure.” Ironically, it is quite easy to draw a parallel between these categories and the three most commonly cited safeguards of security in the legislative specifications found in the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) regulations. Laptop theft is a physical security issue; hacking prevention falls under technical safeguards; and various breakdowns in process can be prevented with administrative security controls.96 Data Breach (1) Definition Generally and broadly defined to include “an organization’s unauthorized or unintentional exposure, disclosure, or loss of sensitive personal information, which can include personally identifiable information such as Social Security numbers, or financial information such as credit card numbers.
  15. 15. 97 Data Breach (2) Definition Generally and broadly defined to include “an organization’s unauthorized or unintentional exposure, disclosure, or loss of sensitive personal information, which can include personally identifiable information such as Social Security numbers, or financial information such as credit card numbers.98 Data Dump Slang It contains a record of the table structure and/or the data from a database and is usually in the form of a list of SQL statements. A database dump is most often used for backing up a database so that its contents can be restored in the event of data loss. Corrupted databases can often be recovered by analysis of the dump. Database dumps are often published by free software and free content projects, to allow reuse or forking of the database.99 Data Masking Definition A method of creating a structurally similar but inauthentic version of an organizations data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a functional substitute for occasions when the real data is not required. The format of data remains the same; only the values are changed. The data may be altered in a number of ways, including encryption, character shuffling and character or word substitution. Whatever method is chosen, the values must be changed in some way that makes detection or reverse engineering impossible.100 Data Protection Act Law The Data Protection Act 1998 sets out the legal (UK) basis for handling and protecting private information and data in the UK.101 Data Splitting Definition An approach to protecting sensitive data from unauthorized access by encrypting the data and storing different portions of a file on different servers. When split data is accessed, the parts are retrieved, combined and decrypted. An unauthorized person would need to know the locations of the servers containing the parts, be able to get access to each server, know what data to combine, and how to decrypt it.102 Day of the Jackal Definition/Crime Fraudster assumes the identity of a deceased child, fraud many years after their death when they would have been an adult, in order to commit identity fraud.103 Debit Card Fraud Definition/Crime Fraud with Debit Cards where funds are immediately withdrawn from account.
  16. 16. 104 Debit Cards Definition Three ways that can be processed-online debit (also known as PIN debit), offline debit (also known as signature debit) and the Electronic Purse Card System.105 Demand Deposit Definition/Crime Fraud related to demand deposit accounts. This can Account Fraud include application fraud, check fraud, ATM fraud, or debit card fraud. Also called Current Account Fraud.106 Denial of Service Definition An attack that is specifically designed to prevent the normal functioning of a system and thereby to prevent lawful access to that system and its data by its authorized users. DoS can be caused by the destruction or modification of data, by bringing down the system, or by overloading the systems servers (flooding) to the extent that service to authorized users is delayed or prevented.107 Detection Rate Definition/Crime Amount of fraud detected by a fraud prevention system at a given level of account reviews.108 Diploma Scam Definition/Crime The buying of degrees without studying. Fake degrees can help terrorist get around immigration issues and visa laws.109 DMZ/Perimeter Definition Sometimes called a DMZ (de-militarized zone); a Network perimeter network is an additional network between the protected network and the unprotected network, providing an additional layer of security. Servers that are necessarily exposed to the Internet (such as web servers, mail servers) are best placed in the DMZ and protected by a firewall or firewalls. Further firewalls separate the DMZ from the trusted network, or corporate LAN.110 DNS Poisoning Definition A way of forcing users to a malicious site by injecting bad data into a domain name servers cache in order to change (for users of that server) the destination a domain resolves to. The effect of DNS poisoning is that the conversion from a URL to an IP address fails. For example, instead of translating the address www.americanexpress.com to the IP address corresponding to the actual site of American Express, a server that has been a victim of DNS poisoning will supply the incorrect IP address. The URL that the user types will still be printed in the address bar, and if the content of the fraudulent website to which the translation is done looks the same as that of the legitimate site, then the user will not notice that the attack took place. Moreover, the fraudulent website will be able to harvest all the cookies intended for the legitimate website, which will allow it to impersonate the users machine to
  17. 17. the real site as well.111 DNS Server Definition A server that translates DNS names (such as malwarecity.com) into an IP address that is actually used for communication on the Internet.112 Dobber Slang The member of the criminal gang responsible for finding the Dates of Birth of intended victims of Identity Theft. The Dobber frequently also conducts credit searches as well as well as other personal data used as security questions by financial institutions.113 Dump Slang Information electronically copied from magnetic stripe on back of cards. See full track data.114 Dumpster Diving Crime Known as skipping in the UK is the practice of sifting through commercial or residential trash to find items that have been discarded by their owners, but which may be useful to the dumpster diver.115 Email Spoofing Definition When an e-mail appears to have been originated from one source, yet it has actually been generated from another is known as e-mail spoofing. The act of forging an e-mail header (the .....@email.com portion of an e-mail) allows individuals who are sending "junk mail", or "SPAM" to author e-mails that cannot (or can be difficult) be traced back to the originator.116 Embezzling Definition/Crime Cash taken directly from an organization by an insider.117 Encryption Definition The process of converting data into cipher text to prevent it from being understood by an unauthorised party.118 Exploit Definition The methodology for enacting an attack against a particular vulnerability.119 Extortion Definition/Crime A crime in which someone gets money or information from someone else by using force or threats120 Fail Safe Definition The design principle that requires that the failure of part of a system will not result in the failure of the rest of the system - particularly in terms of access to the rest of the system.121 False Identity Fraud Definition The creation of a fictitious or false identity to facilitate fraudulent activity.122 False Negative Definition A false negative is the term applied to a failure in an alerting system - most commonly in an anti-virus product or intrusion detection system. It occurs when a virus or intrusion condition exists, but is allowed (or ignored or missed) by the alerting
  18. 18. system.123 False Positive (1) Definition The amount of good or true accounts flagged by the fraud prevention system as fraudulent at a given level of account reviews.124 False Positive (2) Definition A false positive is a term applied to a failure in an alerting system - most commonly in an anti-virus product or intrusion detection system. It occurs when a virus or intrusion condition is incorrectly reported; that is, the alerting systems report a virus or intrusion condition that does not exist. Too many false positives can be very intrusive.125 Fictitious Identity Definition/Crime Fraudster creates false personal information or Fraud manipulates an existing identity to avoid detection. Also known as Identity Fraud.126 Financial Action Task Organization Also known by its French name Groupe daction Force (FATF) financière (GAFI) is an intergovernmental organization founded in 1989 by the G7. The purpose of the FATF is to develop policies to combat money laundering and terrorist financing. The FATF Secretariat is housed at the headquarters of the OECD in Paris.127 Financial Institution Definition The economic loss for both the financial institutions Loss issuing payment cards and the corporate entities from which cardholder account information is stolen is significant. Issuing financial institutions may experience three types of losses, including “(1) costs associated with reissuing new payment cards, (2) costs associated with monitoring open accounts for fraud (with or without reissue), and (3) fraud losses.128 Financial Services Law Imposed four statutory objectives upon the FSA: Act * market confidence: maintaining confidence in the financial system * public awareness: promoting public understanding of the financial system; * consumer protection: securing the appropriate degree of protection for consumers; and * reduction of financial crime: reducing the extent to which it is possible for a business carried on by a regulated person to be used for a purpose connected with financial crime Regulatory principles: * efficiency and economy: the need to use its resources in the most efficient and economic way. * role of management: a firm’s senior management is responsible for its activities and for ensuring that
  19. 19. its business complies with regulatory requirements. This principle is designed to guard against unnecessary intrusion by the FSA into firms’ business and requires it to hold senior management responsible for risk management and controls within firms. Accordingly, firms must take reasonable care to make it clear who has what responsibility and to ensure that the affairs of the firm can be adequately monitored and controlled. * proportionality: The restrictions the FSA imposes on the industry must be proportionate to the benefits that are expected to result from those restrictions. In making judgements in this area, the FSA takes into account the costs to firms and consumers. One of the main techniques they use is cost benefit analysis of proposed regulatory requirements. This approach is shown, in particular, in the different regulatory requirements applied to wholesale and retail markets. * innovation: The desirability of facilitating innovation in connection with regulated activities. For example, allowing scope for different means of compliance so as not to unduly restrict market participants from launching new financial products and services. * international character: Including the desirability of maintaining the competitive position of the UK. The FSA takes into account the international aspects of much financial business and the competitive position of the UK. This involves co- operating with overseas regulators, both to agree international standards and to monitor global firms and markets effectively. * competition: The need to minimise the adverse effects on competition that may arise from the FSAs activities and the desirability of facilitating competition between the firms it regulates. This covers avoiding unnecessary regulatory barriers to entry or business expansion. Competition and innovation considerations play a key role in the FSAs cost-benefit analysis work. Under the Financial Services and Markets Act, the Treasury, the Office of Fair Trading and the Competition Commission all have a role to play in reviewing the impact of the FSAs rules and practices on competition.129 Financial Services Organization An independent, non-governmental board Authority (FSA) appointed by UK Treasury.
  20. 20. 130 Firewall Definition Computer hardware or software designed to prevent unauthorised access to the system via the internet.131 First Party Fraud Definition/Crime Fraud committed against a financial institution by one of its own customers.132 Float Definition Duplicate money present in the banking system during the time between a deposit being made in the recipients account and the money being deducted from the senders account.133 Forgery Definition/Crime Process of making or adapting documents such as a check with the intent to deceive.134 Fraud Definition/Crime The use of deception to make a gain by unlawful or unfair means.135 Fraud Alert Definition When placed on credit report, potential creditors must either contact you or have “reasonable policies and procedures in place to verify your identity before issuing credit in your name.136 Fraud Alert Website Organization The Fraud section of the Metropolitan Police www.met.police.uk/ website originally designed and written by fraudalert Detective Sergeant Colin Holder in 2001.137 Fraud Prevention Organization UKs Fraud Prevention Service, a third sector Service (UK) organisation dedicated to preventing fraud. Originally founded in 1988 as the "Credit Industry Fraud Avoidance System", its membership today includes many organisations from outside of the credit industry. It addresses identity fraud, application fraud, staff fraud, first and third party fraud, insurance fraud and fraud against public sector organisations.138 Fraud Gang Definition A group of organised criminals / fraudsters working together to defraud financial organisations, retailers, companies or individuals.139 Fraud Ring Definition/Crime A group of organised criminals / fraudsters working together to defraud financial organisations, retailers, companies or individuals. In general, a group of individuals who collude together to commit fraud.140 Fraudster Definition/crime A person who commits fraud.141 Free product and Definition Drive traffic to its website, often registering Service Offers personal information, or some variable of rip-off.142 Freight Forwarding / Crime The receiving and subsequent reshipping of on-line Reshipping ordered merchandise to locations usually abroad. Individuals are often solicited to participate in this activity in chat rooms, or through Internet job
  21. 21. postings. Unbeknownst to the reshipper, the merchandise has been paid for with fraudulent credit cards.143 Front Companies Definition/Crime Businesses set up by criminals to facilitate fraud. The company may be used to process transactions on fraudulently acquired products.144 Full Track Data Definition In the Dump, it is the two tracks of data that is on the back of cards. Track 1 is alpha numeric and contains customers name and account number. Track 2 is numeric and contains the account number, expiration date, and secure code (CVV) and other institution data. Dumps for sale on forums usually contain Track 2. Carders refer to BINs and PINs.145 Fulls Slang A full set of personal information including maiden name of mother.146 Ghost Terminal Definition Skimming device where a fake ATM touch pad and reader are placed over a legitimate ATM. Reader obtain card information and PIN but will not process the transaction since the legitimate ATM does not function.147 Google Hacking Definition The use of a search engine, such as Google, to locate a security vulnerability on the Internet. There are generally two types of vulnerabilities to be found on the Web: software vulnerabilities and misconfigurations. The use of a search engine, such as Google, to locate a security vulnerability on the Internet. There are generally two types of vulnerabilities to be found on the Web: software vulnerabilities and misconfigurations.148 Grayware Definition Grayware (or greyware) is a general term sometimes used as a classification for applications that behave in a manner that is annoying or undesirable, and yet less serious or troublesome than malware. Grayware encompasses spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs apart from viruses that are designed to harm the performance of computers on your network. The term has been in use since at least as early as September 2004. Refers to applications or files that are not classified as viruses or trojan horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization.
  22. 22. 149 Hacker Definition The origin of the term is not clear. Some trace it back to the Model Railroad Club at the Massachusetts Institute of Technology in the 50s - others to early radio enthusiasts. The genuine hacker is more likely to use his or her own computer, or someone elses computer with permission and approval. The genuine hacker will look for weaknesses in the system, but will publish his or her discoveries. The cracker is more likely to keep discoveries secret or disclosed only to other crackers.150 Hactivism Definition Politically-motivated hacking. The term demonstrates how the two terms hacker and cracker are becoming confused - since there is malicious intent involved, it would be best described as cracktivism.151 Handle/Alias Definition An alternative name used by people (or bestowed upon objects) to hide their true identity.152 Hard Fraud Definition/Crime Type of fraud committed where the intent is to defraud an organization.153 Heist Definition/Crime An organized attempt by thieves to steal something154 Heuristic Analysis Definition The ability of a virus scanner to identify a potential virus by analysing the behaviour of the program, rather than looking for a known virus signature. In general, heuristic analysis is not as reliable as signature-based virus scanning as it is not possible to predict precisely what a program will do when executed. However, heuristic scanning is a useful addition to any anti-virus policy.155 Hype and Dump Definition Involve the touting of a companys stock (typically Manipulation (Pump microcap companies) through false and misleading and Dump) statements to the marketplace. After pumping the stock, fraudsters make huge profits by selling their cheap stock into the market. Pump and dump schemes often occur on the Internet where it is common to see messages posted that urge readers to buy a stock quickly or to sell before the price goes down.156 "I Go Chop Your Slang Song related to 419 Frauds. Made famous by Dollar" Nigerian singer who was arrested for fraud. ("Oyinbo man I go chop your dollar, I go take your money and disappear 419 is just a game, you are the loser I am the winner" *…+), which was banned in Nigeria after many complaints.157 Iceman Organization Cardersmarket admin took control of 4 competitors carding forums
  23. 23. 158 Identity Fraud (1) Crime The use of a misappropriated identity in criminal activity, to obtain goods or services by deception. This usually involves the use of stolen or forged identity documents such as a passport or driving licence.159 Identity Fraud (2) Crime Fraudster creates false personal information or manipulates an existing identity to avoid detection. Also known as Fictitious Identity Fraud.160 Identity Fraud (cifas) Definition The use of a misappropriated identity in criminal activity, to obtain goods or services by deception. This usually involves the use of stolen or forged identity documents such as a passport or driving licence.161 Identity Fraud / Definition/Crime The use of an individuals identifying details (name, Identity Theft date of birth, current or previous address, mother’s maiden name, etc) without their knowledge or consent to assume their identity. The criminal uses these details to obtain goods or services, loans, passports, credit cards or bank accounts in the victims name.162 Identity Theft (1) Crime Used without victim’s knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. Typically, the victim is led to believe they are divulging sensitive personal information to a legitimate business, sometimes as a response to an email solicitation to update billing or membership information, or as an application to a fraudulent Internet job posting.163 Identity Theft (2) Crime Includes Account Takeover and New Account Creation164 Identity Theft (3) Crime When someone steals personal information that is then used to either obtain credit in the victims name, employment, health care, or housing. Also known as True Name Identity Theft.165 Identity Theft (4) Crime Identity Theft (also known as impersonation fraud) is the misappropriation of the identity (such as the name, date of birth, current address or previous addresses) of another person, without their knowledge or consent. These identity details are then used to obtain goods and services in that persons name.166 Identity Theft Definition Identity Theft (also known as impersonation fraud) (CIFAS) Definition (also known asmisappropriation of the identity (such as the of the iden is the impersonation fraud) is the misappropriation name, date of birth, current address or previous addresses) of another person, without their knowledge or consent. These identity details are
  24. 24. then used to obtain goods and services in that persons name.167 Identity Theft/Fraud Definition The use of an individuals identifying details (name, date of birth, current or previous address, mother’s maiden name, etc) without their knowledge or consent to assume their identity. The criminal uses these details to obtain goods or services, loans, passports, credit cards or bank accounts in the victims name.168 IDs/novs Slang Identity fraud perpetrated by a criminal who shares the same address as the victim. The fraudster is likely to have access to or is able to intercept the victims post and so can apply for and use existing products and services in the name of the victim.169 Impersonation of Definition/Crime A criminal takes on the identity of a deceased the Deceased Fraud person to facilitate fraudulent activity. (IOD)170 Integration (1) Definition/Crime The third of the Money Laundering stages. If the Layering process succeeds, then the integration places the laundered proceeds back into the legitimate economy so that it seems like normal business funds. See Money Laundering Stages.171 Integration (2) Definition/Crime The money re-enters the mainstream economy in legitimate-looking form — it appears to come from a legal transaction. At this point, the criminal can use the money without getting caught.172 Internal Fraud Definition Fraud by someone within the organization. See Embezzling and Identity Theft.173 International Organization Criminal organization which later became Theft Association for the Services, CardersMarket, and CCpowersForum. Advancement of Criminal Activity (IAACA)174 Internet Crime Organization A multi-agency task force made up by the Federal Complaint Center Bureau of Investigation (FBI), the National White (IC3) Collar Crime Centre (NW3C), and the Bureau of Justice Assistance (BJA). Purpose is to serve as a central hub to receive, develop, and refer criminal complaints regarding the rapidly expanding occurrences of cyber-crime.175 Investment Fraud Definition/Crime An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities.176 IP Spoofing Definition IP spoofing involves imitating a trusted IP address in order to gain access to protected information
  25. 25. resources. One method is by exploiting source routing in IPv4. This allows the originator of a datagram to specify certain, or even all intermediate routers that the datagram must pass through on its way to the destination address. Effectively, you make the destination host think that you are a known and trusted host rather than a school kid on his fathers laptop.177 Key stroke logger (1) Definition Hardware or software installed onto a computer to record keystrokes and mouse movements. Fraudsters can use this device to obtain the passwords, user names and other confidential details of the computer user.178 Key stroke logger (2) Definition A program that operates without a user’s knowledge and records all of the keystrokes. Once the keystrokes are logged, they are hidden in the machine for later retrieval or shipped raw to the attacker. The attacker then carefully goes through the data in hopes of either finding a password, or possibly other useful information. Often used for identity theft.179 Kiting Definition Using several bank accounts in different banks, making deposits and writing checks against the accounts before the deposit checks clear the banking system, creating a "float" of money out of nothing more than the lag in time when checks clear and post to their respective accounts.180 Larceny Definition The crime of stealing personal property181 Layering Definition The second of the three Money Laundering stages. The process of separating criminal proceeds from their source using complex layers of financial transaction designed to hide the audit trail and provide anonymity. Involves sending the money through various financial transactions to change its form and make it difficult to follow. Layering may consist of several bank-to-bank transfers, wire transfers between different accounts in different names in different countries, making deposits and withdrawals to continually vary the amount of money in the accounts, changing the money’s currency, and purchasing high-value items (boats, houses, cars etc) to change the form of the money. This is the most complex step in any laundering scheme, and it’s all about making the original dirty money as hard to trace as possible. See Money Laundering Stages.
  26. 26. 182 Leeches Slang Leechers are actively downloading the file via torrent file. See Seeds.184 Letter Bomb Definition A piece of email containing live data intended to do malicious things to the recipients machine or terminal. Under UNIX, a letter bomb can also try to get part of its content interpreted as a shell command to the mailer. The results of this could range from amusing to denial of service.185 Logic Bomb Definition A resident computer program that triggers the perpetration of an unauthorized act when particular states of the system are realized. For example, a logic bomb could remain hidden and dormant until December 25th, and then delete all or specified files.186 London Illegal Organization London group that protects against loan sharks. Money Lending Team187 Lost card fraud Definition The fraudulent use of payment cards that have been reported as lost.188 Macro Virus Definition Similar to a standard virus in all but its delivery. Rather than being code written in a programming language and attached to an executable, it is code written in a macro language and attached to a document.189 Mail / telephone Definition/Crime A criminal uses a genuine account number obtained order fraud fraudulently to obtain goods or services from mail order companies.190 Mail Bomb Definition Mail bomb is generally used as a verb rather than a noun. It is the act of, or even incitement to, send massive amounts of probably meaningless text to a particular e-mail address. The purpose is to annoy the recipient, or even crash his/her system - and it is usually done in retaliation for some real or perceived offense.191 Mail Drop Definition Thieves use a mail drop address different than their own.192 Mail re-direct Definition Post is fraudulently re-directed to another address without the intended recipients knowledge. The fraudster then receives important documents, such as bank statements and bills, intended for the victim and uses them to facilitate identity fraud.193 Mailing Lists Definition A mailing list is an automated e-mail distribution mechanism for a defined subject (the list topic) to a registered readership (a list of e-mail addresses). Often just called lists, there are innumerable

×