‘Middle-man’ services add new layer to online scams

Fraudsters offer bogus help to target users searching for legitimate website

Credit card details and personal information were requested in a scam that has become all too common in recent years on government sites around the world.
Credit card details and personal information were requested in a scam that has become all too common in recent years on government sites around the world.

In recent months a spate of emails and texts purporting to be from Revenue.ie and relating to tax refunds led some less than vigilant people to a website that was pretty close to the real thing. Financial details and personal information were requested in a scam that has become all too common in recent years on government sites around the world.

In the UK in June almost 6,000 complaints led to the arrest of five individuals who had created scam sites where unsuspecting users ordered passports, motor tax and other official documents, handing over cash for nothing. At the time, Lord Harris, chairman of Britain's National Trading Standards Board (NTSB), said his team was "making it as difficult as possible for these online hoaxers to operate".

Simple fraud measures

Chuka Eze of US-based security company Xipiter, however, said that in the case of the UK scam, the methods used to separate people from their money was “very simple”.

“They relied on similarity of names and slightly unnoticeable variations in the URLs to achieve their goals,” he said.

READ MORE

In a similar vein, Fraser Howard, principal threat researcher with Sophos Labs, said that should scammers register or buy a domain such as Motortax.net – as opposed to the legitimate Motortax.ie – for example, they can replicate a process that mirrors the real site in order to pilfer funds.

A site can be created that can “accept user login, fake the tax-renewal process, including online payment ability, and trick the user into releasing credit card details for payment”, he said.

“Cloning a site completely with a slightly different name is pretty trivial unfortunately,” said Robert McArdle of Trend Micro’s future threats research team. “There are tools out there, widely available ones as well, which can be used to do this, though these kinds of things are more commonly done with banks as it’s easier to result in financial gain.”

In relation to Government services, Howard, said what is perhaps of more concern for web users than outright cons are sites that tiptoe along the lines of legitimacy.

“Middle-man services,” said Fraser, in which someone “constructs a website that provides some form of service to ‘help’ people” are now a common method for gaining money from unsuspecting users.

“The service they offer will typically be something like validation of details – like checking the user submits the correct information – for which they charge a levy,” he adds.

In the case of Passport.ie, for instance, a site that looks similar to the official version could be set up to “provide some dubious service to ‘facilitate’ use of the service, charging a levy”.

According to Howard, “whether or not they make it clear to the user that there will be a charge, and that the charge is entirely for their service, and not associated with the Government service will vary with the site”.

Direct contact

Francis Murray, of

Dublin- based web design company Big Dog, believes most web users are used to the idea that they should not receive direct contact from their bank, tax office or other official body looking for financial details.

But what about those times when Google steers them towards middleman services in particular? In the UK, Lord Harris and the NTSB have begun to work alongside the search giant – and Bing – to remove adverts for such services from online search results.

However, the process of using established search engine optimisation methods to push these sites up the rankings to make them more visible to perspective victims is well established, said Eze.

“Fraudulent sites can be highly ranked on Google,” he added. “If the authorities or those running the valid sites are not actively working with search engines to have fraudulent sites stripped of their search ranks, then this will also unfortunately result in more success for the scammers.”