• Yasir Aheer

The spoils of the (e)Confidence Man

by Yasir Aheer, Rahul Rao and Varun Rao


Summary:

  • Fraud and conman schemes have been around for centuries. However, the obscurity and anonymity of the internet has allowed fraud to thrive at an unprecedented scale.

  • Australians report cybersecurity incidents every 10 minutes and it is costing the economy over $29 billion each year. Fraud and con-man schemes have been around for centuries.

  • Despite all the technological advancements and the sophisticated safety protocols of the online world, we are still vulnerable as scammers typically exploit trust between individuals and entities.

  • It is more important than ever to be vigilant when traversing the digital “streets” and be on-guard against scammers.

Every year, hundreds of art dealers and buyers travel to Maastricht, Netherlands for The European Fine Art Fair (TEFAF). Among the items for sale a couple of years ago was a painting by John Constable: View of Hampstead Heath. Child’s Hill, Harrow in the distance. Rijksmuseum Twenthe, a museum a few hours north of Maastricht, was keen to acquire the painting, however didn’t have funds immediately available to purchase the piece. Rijksmuseum Twenthe made a deal with the London based art dealer, Dickinson, in which the museum would acquire the painting and use it to raise funds to then be paid to the art dealer.


The museum eventually raised around USD 3 million and was ready to pay Dickinson. Just before wiring the funds, the museum received an email from Dickinson with new bank account details, one based in Hong Kong. Looking to be a legitimate email, the museum wired the funds to the new account. And, as you probably have guessed by now, the art dealer never received the funds.


Hackers had been intercepting email correspondence between the museum and the art dealer, and were able to inject their account details at the very last minute, getting away with a perfect heist. Since the incident, Dickinson is pursuing legal actions to re-acquire the painting as they have not been paid, while the museum claims that it was Dickinson’s emails that were hacked and that the museum paid the funds as “instructed”, and so will not be returning the item.


Australians report cybersecurity incidents every 10 minutes and it is costing the economy over $29 billion each year. Fraud and con-man schemes have been around for centuries. However, the obscurity and anonymity of the internet has allowed fraud to thrive at an unprecedented scale. According to one study of all fraudulent credit applications, 57% were submitted online (Figure 1).

Cybercrime typically exudes pop culture imagery of a lone hacker typing away in his basement. However with the increasing degree of our lives moving online, cyberthreats are not limited to opportunists trying to make a quick buck. According to a report from McKinsey & Company, nation-state agents and organised crime also pose significant cyberthreat. Cyber threats take several different forms. The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security for Australians and make Australia a secure place to connect online. According to their 2019 report, the top most frequent types of cyber crime reported were:

  • Identity theft: One of the most common and costly types of cyber crime affecting Australians is identity theft. Hackers seek to compromise the identity of their victims, which they on-sell to others to apply for credit cards, purchase goods or open bank accounts.

  • Online fraud and shopping scams: This type of scam commonly involves creating a webpage that imitates a well-known brand or site and tricking people into paying for goods or services that are never delivered.

  • Bulk extortion: This involves contacting thousands of victims a day by over email or chat, and using social engineering techniques to pressure the victim into paying money.

  • Online romance scams: Scammers initiate online conversations through dating apps and forming a ‘relationship’ with the victim. Once a sense of trust has been established, the scammers start to make requests for money, commonly for urgent medical issues or other unforeseen expenses.

  • Wire-fraud and business email compromise: Scammers exploit the trust between businesses and their suppliers. Scammers can use varied techniques in order to divert cash to their account. One technique involves compromising a supplier’s email account and sending fraudulent invoice that contains the scammer’s bank details.

Cybercrime affects not only individual customers, but businesses too. According to one estimate, the financial impact of identity crime alone for Australian businesses is over AUD $1.4b. A paper from McKinsey & Company provides deeper insights into the three categories of impact to financial services companies: Direct loss, Indirect loss and Regulatory fines (Figure 2). On top of these short-term financial impacts, victim businesses also have to manage longer-term implications to brand and reputation.


Parting thoughts

The intention of this post was to explore different aspects of cybercrime and associated threats. We will cover cybersecurity solutions, approaches and methodologies in detail in a later article. However, despite all the technological advancements and the sophisticated safety protocols of the virtual world, we are still vulnerable as scammers typically exploit trust between individuals and entities. It is more important than ever to be vigilant when traversing the digital “streets” and be on-guard against scammers.


At the end, we leave you with a photo of the painting by John Constable, ownership of which is still in dispute between Dickinsin and Rijksmuseum Twenthe. As the legal proceedings continue, the painting is stored away by the museum. Who knows when it will next be seen by the general public - a reminder of the threats and impacts when traversing the digital world.

Co-Authors:













Disclaimer: This article is based on our personal opinion and does not reflect or represent the views of any organisation that we might be associated with.

0 comments