Wednesday, January 31, 2007


In recent weeks we have received at KnightsBridge Castle an increasing number of fraudulent loan offers. Many of these offers come in the form of “pre-approved” loans and are sent to staff individually and to some general email addresses such as “information” and “press”. That a legitimate “pre-approved” credit offer should come to an email address without any possible credit history, such as “information,” tells you immediately that this spam is from a criminal group.

These spam messages then lead to websites that look legitimate, but to the trained eye they are clearly fraudulent and intent on committing criminal acts.

What are these criminal groups after? Your personal information, as required on any loan application, is a pure gold for a thief. This information is key to hijacking your identity and committing a wide variety of crimes against you such as mortgage fraud, IRS fraud, credit frauds, and simply looting your bank account.

These sites are either harvesting your personal information or asking you to pre-pay processing fees. The processing fee scam has two benefits, it helps pay for the cost stealing your identity information, and it allows the criminals to initiate unauthorized electronic transfers from your bank to the criminal organization. The result, it is a looted bank account, for which the bank need offer no restitution. You freely gave up your banking information and were defrauded. Banks are under no obligation to make the fraud good by restoring your funds.

The techniques used to make these websites seem real vary. But they often include the use of the following elements.

Https URL name certificates – yes criminals can buy a HTTPS website certificate as easily as a legitimate business. Https is a URI scheme which is syntactically identical to the http:// scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default port (443) and an additional encryption/authentication layer between HTTP and TCP. This system was designed by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons.

Use of Seals and Logos from respected institution such as the Better Business Bureau (BBB) appear fraudulently on the website.

The use of local addresses are used on the website, however the fraudulent business is not local at all but offshore and far beyond the reach of US law.

The use of a legitimate bank or lending institution’s name. The name of the website and the logo look like a familiar brand name, but they are not part of the banking institution at all. They are scams.

The use logos and realistic looking links of Truste or other website verification techniques such as Verisign. TRUSTe, founded in 1997, is an independent non-profit organization best known for its Web Privacy Seal. VeriSign is well known for the VeriSign Secured Seal, which is an outward expression of a Web site's authentication and encryption commonly posted to VeriSign SSL Certificate customers' Web sites. However these logos can be stolen and pasted on the offending website. Also the click through verification can be faked if the user lacks the tools for checking the ultimate location of the responding website.

If you need a loan, for a car, debt consolidation, or just to pay for something you want, go to your local bank. If you must use an online service, go directly to the website from your browser, never to a link provided by email.


Post a Comment

<< Home

Blog tracker