This week we are running a series of articles written by Professor William Buchanan of Napier University. He takes a look at serious crime in the cyber world. This first article introduces 'vishing' the act of using the telephone to scam and cites the case of Glasgow based Feezan Hameed who was recently jailed for 11 years.
In a world of Microsoft Windows, the job of the digital forensics investigator has been relatively easy, and where the operating system and applications leave lots of fragments of evidence. These were then relatively easy to piece together, and build up a timeline activity. We too leave traces of evidence all over the Internet, such as in chat logs, location tracking traces, Web accesses, and so on. But in a world where serious crime can generate millions in funds, criminals and terrorist are becoming a whole lot smarter in covering their tracks. So while you continue to be tracked by a whole range of things, including your ISP monitoring your network activity, the criminals often find ways of not leaving traces of their activities.
While many people think that phishing emails is one of greatest risks for fraud, it is vishing - the act of using the telephone to scam - that can have the greatest impact in terms of fraud. Many people, still, will give away the login details over the phone, if they think they are talking to a trusted person.
Recently, Glasgow-based Feezan Hameed, also known as Feezan Choudhary (see the image with this article), was jailed for 11 years, and is thought to have made over £113m by scamming companies through a telephone scam. He then used the money to purchase supercars, mansions and expensive holidays. As a cover, Feezan, also known as 'King', pretended that he was a music producer and who owned a Bentley, a Rolls-Royce, a Lamborghini and two Porsches.
His crime was that he defrauded over 750 UK firms, at a rate of around £3million every month. It criminal activity involved gaining information on bank accounts from insiders within banks, and then using this information to cold-call companies and telling them they had been hacked by someone called 'King' from Aberdeen. Once he had their trust, we then proceeded to ask for the bank details (including their log-in name and password).
Within hours he managed to syphon off funds from their accounts, while jamming their telephone network with fake calls, in order that they did not get messages from their bank. So that the calls could not be traced, the gang used 'burner' mobile phones (which are often used by terrorists and criminals), which, once activated, were ditched after one day. The usage of proxies and Skype could have covered his tracks, but the usage of a proxy can often show up on call records, so the burn method allowed Choudhary to work for years without being traced.
He also paid insiders in the banks, such as Amy and Emma Daramola and who were Lloyds customer service assistants. Initially they asked for £50 for each record, but increased this to £250, in order to fund their desire to new clothes.
Most people these days can spot the e-mail scams. We need to get to the same level of awareness with our phones. A telephone is not always our friend.
Our Something to Hide series continues tomorrow with a look at encryption - it can be used for 'good' and 'bad'. Whilst we aim to protect the rights of privacy for individuals, the same methods can be used by criminals to hide their tracks.
Napier University website: http://www.napier.ac.uk/