Last night I was surprised to receive a note in my email inbox notifying me of a direct message (DM) from Twitter. The message was from a high-profile businessperson that I follow; a CEO of an industry association. The message read “Hi someone is posting terrible things about you…” and it contained a link.
I clicked the link, and it took me to what appeared to be the Twitter login page, and asked me to enter my Twitter email address and password. This is where, as a person who has studied fraud, my “spidey senses” were tingling. I recalled reviewing fraudulent messages appearing to be from the Better Business Bureau, saying someone had made complaints about a company, which were also an attempt to lure the receiver into giving personal data. However, this was the first time I’d seen someone clone an identity on Twitter, and then used it to send a phishing link.
I sent a tweet to the Federal Trade Commission, and an email to our own Competition Bureau in Canada doesn’t as yet have a twitter account. (As well as notifying the CEO whose account was cloned). My own studies in fraud have taught me that fraud evolves quickly and creatively, and it does so at a pace that authorities have great difficulty in matching. As fraud is typically connected to organized crime, results can be major financial losses, humiliation, thievery of a complete identity, and even brutal violence.
In 2011, I completed a major thesis on Mass Marketing Fraud (MMF]. The purpose of the thesis was to figure out how to measure MMF. You see, there are countless varieties of scams, and since people are sometimes unaware that they have been scammed (or won’t admit to it), this makes it very difficult to measure.
Up until now, the only technique used measure MMF in Canada has been surveying – in other words, asking people the question “Have you ever been a victim of..[various types of scams]? ” But given the fact that few are aware, and others won’t admit, this technique greatly understates the problem.
The thesis proposed a unique method to identify and catch perpetrators. My concept was to carefully arrange a type of “bait” system; where numerous emails/phone numbers/addresses would be purchased and used by authorities. These contact points would then be forwarded to a well-trained staff with who would answer calls, pick up mail, and collect email. That way, all such solicitations would be collected and monitored on an ongoing basis.
The strategy would provide not only information about the volume of solicitations, but their very nature, and provide quick, immediate evidence. This would facilitate early warnings and rapid arrest. This would be effective for social media as well – setting up social media accounts is very easy, and it does not take a great level of skill to monitor them. A variation of this method that I also proposed was to enlist real volunteers with real identities into the program, and simply train them to watch for, record, and then forward fraudulent solicitations.
As of the current time, the Competition Bureau of Canada has no immediate initiatives to consider implementing this proposal (although they have received it, and told me it was interesting.) You see, because the problem has not yet been measured, no one knows how large is it, nor how much money should be invested in determining its measurement. I have several ideas on this in my full report, such as sponsorship from major telecommunications/internet companies, but as of yet, the proposal waits.
Meanwhile, I hope that authorities in Canada will at least get on the social media bandwagon quickly and start tracking such issues. Furthermore, it is certainly easy to imagine the potential for Competition Bureau to quickly disseminate fraud warnings on Twitter – a terrific resource to spread information globally, for nearly zero cost.
If you are studying or working in the area of white collar crime, and would like to receive the full content of the thesis on Assessing the Magnitude of Mass Marketing Fraud, please email me directly at email@example.com. TO REPORT A FRAUD, contact firstname.lastname@example.org.