Scam detectives handcuffed
The ability to identify and intercept cyber-scams and prosecute scammers is being hampered by classification schemes that are largely incompatible between nations, a conference has heard.
Research presented to the Cybercrime and Trustworthy Computing workshop in Brisbane last week called for a new classification scheme for categorising cyber-scams based on a description of their business processes.
A paper by the Internet Commerce Security Laboratory at the University of Ballarat in Victoria argues that current international classification schemes make comparisons of cyber-scam incidents across jurisdictions extremely difficult.
The paper, "The Case for a Consistent Cyber-scam Classification Framework", by Amber Stabek, Simon Brown and Paul A. Watters, says current cyber-scam classification schemes were developed by statistical reporting bodies such as the Australian Bureau of Statistics.
It says a uniform classification system is the critical first step to the development of an inter-jurisdictional and global approach to identify and intercept cyber-scams and prosecute scammers.
The paper says cyber-scams cost the Australian economy an estimated $980 million during 2007 alone.
Internet-assisted cyber-scams are considered a form of financial fraud. A cyber-scammer can operate in multiple countries on multiple victims in parallel. "While there is a constellation of classification schemes available, a consistent classification framework is seemingly non-existent," the paper says.
Scams are a method of tricking a victim into providing a criminal with access to something of value, such as financial gain, personal information or participation. A financial gain scam required victims to pay a fee in advance to collect a non-existent prize or pay for tickets to an event deceptively represented online, such as the 2008 Beijing Olympics ticketing scam.
The study says phishing and spoofing are popular methods used by cyber-criminals to scam victims and gain access to their personal information.
To aid in the detection and interception of cyber-scams, and prosecution of cyber-scammers, a clear and consistent classification scheme must be developed.
"Such a scheme may be derived 'bottom up', using text mining techniques, or 'top down', based on a business process analysis for each type of cyber-scam'," it concludes.
The researchers said a purpose-driven classification system for cyber-scams could be used by industry, law enforcement, financial institutions and government, as it could be tailored to suit the user.
The workshop was organised by Associate Professor Watters, director of the Ballarat laboratory, and his colleague, Professor Josef Pieprzyk from Macquarie.
Other presentations included two techniques to identify and cluster phishing emails to show which messages were created by the same authors and/or generated by the same tools.
Jennifer Foreshew | July 14, 2009 Australian IT News Story
