More than 50 types of scams are coming, can you avoid them?

"The account is at risk. Please verify the other party's true identity before transferring money."

On October 11, the 2021 National Cyber ​​Security Awareness Week was launched in Xi'an. At the Cyber ​​Security Expo held at the same time, the interactive simulation product "Anti-Fraud Blind Box" attracted many people to stop and experience it.

After opening this blind box, the experiencer got a "boyfriend" who fell out of the Internet. This "boyfriend" used sweet words to lure you to transfer money, although it was only 2 cents, but Alipay still prevented it through pop-up prompts and anti-fraud test papers. The AI ​​customer service even spent more than 5 minutes to "earnestly persuade" you.

The picture shows staff using the "anti-fraud blind box" system. Photo by Zhang Yuan, a reporter from China News Service

New technologies such as artificial intelligence are becoming an anti-fraud weapon. But at the same time, it makes scammers stronger.

As people move more and more life scenes online, Internet security becomes more and more important. Fraud and anti-fraud are like a war without gunpowder, which is protracted and unpredictable: people born in the 1990s are the hardest hit by fraud, the fraud "industry chain" is becoming more and more complete, and fraud can also be "technically outsourced"...

Handling the relationship between security and development has also become an issue we must face in the cyber world. This year, General Secretary Xi Jinping issued important instructions on combating telecommunications network fraud crimes, emphasizing that we must put people at the center, coordinate development and security, strengthen system concepts and legal thinking, focus on source governance and comprehensive governance, adhere to joint efforts and group prevention and control, fully implement various measures for combating, preventing, controlling and controlling, and the main responsibilities of financial, telecommunications, Internet and other industry regulators, strengthen legal system construction, strengthen social publicity and education prevention, promote international law enforcement cooperation, and resolutely curb the high incidence of such crimes.

1

There is no “immune group” against fraud

People born in the 1990s are the hardest hit by fraud

People with high education and certain economic foundation

You are not immune to online fraud

If you were asked to describe the victims of online fraud, what do you think they look like?

Are spiritual emptiness, love of taking advantage of others, and lack of judgment the characteristics of "gullibility"? In fact, most of them are young, well-educated, and familiar with the Internet.

People born in the 1990s and 2000s, who are the natives of the Internet, are becoming the main targets of fraud gangs.

The 2020 China Mobile Security Status Report jointly released by the China Academy of Information and Communications Technology and 360 shows that among users who report online fraud, those born in the 1990s account for 37.5% of all victims, making them the main target group for online fraud by criminals. The second largest group is those born in the 2000s, accounting for 28.7%. Those born in the 1970s and 1960s, who are thought to be more vulnerable to fraud, account for less than 10%.

The Shanghai Public Security Bureau has also disclosed that among the completed telecommunications and Internet fraud cases reported across the city, the number of victims born after 1990 accounted for more than 60%.

Some time ago, a media reported that one of their editors born in the 1990s who had published countless news reports on telecommunications fraud was defrauded of 50,000 yuan by a scammer who "impersonated public security, procuratorial and judicial organs".

The other party claimed to be "police" and said that he was suspected of money laundering and wanted to transfer his property to a "safe account". Under the control of the scammers, he not only transferred nearly 30,000 yuan from his account, but also borrowed nearly 20,000 yuan from an online lending platform.

A post-90s editor received a fraudulent call. Image source: China News Network

According to his subsequent summary, the other party's deception was not sophisticated in fact, and there were many opportunities to avoid the trap: don't answer unfamiliar calls with strange numbers, don't believe that calls from public security organs will be forwarded, don't believe in so-called "safe accounts"... But due to carelessness and some strange mistake, the journalist became a party to the news.

"Many people believe that older people with lower education levels are most likely to be scammed online. In fact, people with higher education and a certain economic foundation are not immune to online scams," said Hu Yongtao, director of the preparatory office of the anti-fraud committee of the Criminal Science Association. "As online scams gradually become mainstream, the victims are getting younger and younger."

He said that in general, the highest proportion of victims are those aged 18 to 40, and those born in the 1990s and 2000s are the "key targets" of fraudsters. The most common types of fraud include fake orders and reputation, online loans, investment and financial management, pretending to be a shopping customer to get a refund, and pretending to be an acquaintance to defraud. According to incomplete statistics, those born in the 1990s are the hardest hit by fraud, with the number of victims exceeding the total number of people in other age groups, accounting for 63.7%.

According to data released by the Shanghai police, among the completed telecom network fraud cases encountered by the post-90s and post-00s groups, part-time order fraud accounted for 24.7%, online shopping accounted for 23.2%, impersonating customer service accounted for 13.2%, and "pig-killing" (a type of telecom fraud that uses online dating to induce victims to invest in gambling) accounted for 12.1%. These fraudulent methods are not new, but they are enough to lure young people and even minors into the trap.

2

Internet fraud also has an “industry chain”

Good and evil technology versus anxiety

The scams are constantly changing

The upstream and downstream of the fraud industry chain are also evolving

What kind of people are committing online fraud?

"It's not easy to pry open people's wallets." Black Cat was once a policeman and is now a security expert at the "Guardian Project". He found that many fraud companies have already developed a complete "training process" including ideological courses, technical courses, role-playing, etc. They write their own "scripts" of more than 100 pages to teach fraudulent rhetoric, and group members also have to role-play and simulate battles.

When writing scripts, scammers even consider the different levels of vigilance and negative reactions of users, and set up different plans to break down the psychological defenses of the other party. For example, to trigger tension, they also need to take into account local customs and seasonal solar terms, and speak naturally - ticket fraud is more common during the Spring Festival; before the Golden Week, they mainly use "passport application" fraud; they usually speak directly to northerners, and they need to be organized and logical when speaking to southerners.

In the workroom where the sound-absorbing sponge is installed, each operator must make at least 300 effective calls every day, with each call lasting more than 30 seconds. This means that a criminal gang of about 20 people can make nearly 10,000 calls every day.

In addition to the constantly updated scams, the "upstream and downstream" of the fraud industry chain is also "evolving."

"Ten years ago, there was a certain threshold for telecommunications fraud. Building a den overseas might require an investment of two million yuan, and some technical knowledge was required. But now, only one person and a computer are needed, and the rest is outsourced to 'professionals' - traffic promotion, account maintenance, payment channels, money laundering... Various types of cybercrime are invisible and intangible, but have developed a complete industrial chain, collectively known as 'black and gray industries'." Xiao Shu, a security expert at the "Guardian Project", said.

In 2016, Xu Yuyu, an 18-year-old girl who had just been admitted to university, died due to telecommunications fraud, which caused a stir in public opinion. In the same year, Tencent launched the "Guardian Plan", a joint anti-fraud public welfare platform for the government and enterprises, and established the first anti-fraud laboratory. Relying on its security big data, underlying technology and massive user advantages, it coordinated the efforts of various social parties to provide the public with all-round network security protection.

After years of fighting, Xiaoshu talked about the scammers' "keeping up with the times": the physical work of making phone calls has long been handed over to mechanized machine group calls, and the "number merchants" operate in a corporate manner, obtaining large quantities of account numbers, passwords and citizens' personal information in batches.

On March 28 last year, Xi'an Beilin police disclosed a case of illegal provision of "group call" equipment: they found a GoIP equipment den with multiple mobile phone numbers in their jurisdiction, which may be involved in multiple telecommunications network fraud cases across the country. It is understood that GOIP equipment is a device with multiple lines and multiple mobile phone SIM card slots, which supports mobile phone card access and converts traditional telephone signals into network signals, enabling hundreds of phone numbers to talk at the same time.

Similar devices only need a broadband connection and can be controlled by a computer. "They are all remotely controlled. The equipment is in China, but the gangs that actually carry out the fraud are hiding abroad. This is also the main reason why telecom fraud cases are difficult to crack." According to local police, the gangs that were destroyed provided "technical support" to overseas fraud gangs.

In just eight days before the operation was taken down, multiple overseas fraud gangs made more than 100,000 fraud calls through the GoIP equipment they set up, of which more than 130 were successfully carried out, showing how highly efficient they were.

"At present, online fraud crimes are showing a trend of precision, organization and specialization, which has spawned black and gray industries that provide help and support for fraud crimes and profit from them, becoming a breeding ground for online fraud." Hu Yongtao said that their research found that online fraud crimes have formed a chain-like black and gray industry organization built by number maintenance, rental and sale, code printing and promotion, technical team operation, script compilation and money laundering channels, which has accelerated the spread of online fraud crimes.

"The bottom layer is the basic technical links, such as verification code recognition, automated software development, phishing website production, etc.; the middle layer is some account and user information providers, who organize, operate and promote fraud activities and develop downlines; further up are the fraudsters who use stolen information, accounts and fraud tools to carry out fraudulent activities including fraud, theft, phishing, etc. to make profits." Wu Haisang, senior vice president of Zhixiang Technology, further explained.

Last year, the "pig-killing scam" emerged as a new type of fraud with the highest amount of losses for victims. With this new type of fraud under the banner of love, a small group of three or five people was able to deceive more than 800 people into becoming "piglets", with the amount involved exceeding 200 million yuan.

The rapid development of the Internet industry has accelerated the changes in criminal methods and means. Often, as new Internet technologies and new forms of business emerge, telecommunications network fraud using them will follow. "At present, the technical confrontation between Internet fraud and anti-fraud is in a state of tension. Basically, every time we crack a scam, the criminals will upgrade their technical means." Wei Liang, director of the Anti-Fraud Center of the Ministry of Industry and Information Technology and vice president of the China Academy of Information and Communications Technology, said helplessly.

Hu Yongtao said that according to incomplete statistics, the public security organs have escalated their crackdown in recent years. In the past two years, there has been a new trend in the method of committing crimes, from telephone and text messages to the Internet. The proportion of Internet fraud cases has rapidly increased to more than 80%, among which online loans, online order brushing, online shopping, online investment and other frauds have the most cases.

3

Clarify rights and responsibilities and implement social co-governance

Fighting against illegal and gray industries requires collective efforts

Establishing a group prevention and control mechanism

Need to strengthen organization and coordination

What is so difficult about combating online fraud?

If you fail to steal, you may go to jail. If you fail to rob, you may get beaten up. If you fail to defraud? Just try another phone number.

Although the joke is meant to be a joke, it actually implies the main reason why online fraud is so rampant. Hu Yongtao bluntly said: the cost of breaking the law is low, the obstacles to handling are great, and it is difficult to punish minor crimes.

He said that the core reason for the proliferation of online black and gray industries is the "separation of people (accounts)", especially the widespread rental/sale of phone cards, bank cards, and online accounts in the promotion chain and capital chain, which helps criminals use other people's real-name accounts and accounts as a cover to evade public security organs and create fraud scenarios, increasing the difficulty of prevention and crackdown at a relatively low cost of breaking the law. What's more difficult is that the illegal income of black and gray industry personnel who rent and sell online accounts is sometimes not enough to file a case. Some black and gray industry personnel have been engaged in related illegal activities for a long time, and have accumulated a lot of experience in confrontation and counter-investigation. They have begun to build a black and gray industry technology platform to provide professional support for overseas online fraud crimes.

Zhou Ke, a security expert from the "Guardian Project", mentioned that in a certain place in Southeast Asia, there is a telecommunications equipment store that specializes in serving criminal gangs. Professional HR uses the regular human resources recruitment process to deceive newly graduated college students into working as programmers for the black and gray industries. They are very powerful, and some can offer "employees" a monthly salary of tens of thousands of yuan and provide "benefits" such as the new crown vaccine. The "booming" of the fraud gangs has even caused local housing prices to rise.

"It is estimated that the number of people involved in black and gray industries reaches one million, while the number of people on the righteous side is less than one-tenth of the other side," said Zhou Ke.

However, after years of machine training, big data and artificial intelligence are now able to gradually find fraud risks on the platform on their own. Zhou Ke and his colleagues believe that all frauds will leave traces, whether through phone calls, text messages, phishing websites or plug-in software, and these traces will become part of big data. The larger the amount of data, the stronger the analysis technology, and the more accurate and effective the prevention, detection and crackdown on telecommunications network fraud will be. "This is an inviolable law."

In May this year, the Ministry of Industry and Information Technology launched the "Card Cutting 2.0" special operation. On July 14, the 12381 fraud warning and dissuasion SMS system was officially launched. The Ministry of Industry and Information Technology organized the construction of an anti-fraud platform for the information and communication industry to achieve integrated handling of the numbers, domain names, and Internet accounts involved in the case.

Hu Yongtao stressed that anti-fraud is a comprehensive governance work that requires the participation of various social forces, mainly including combating crime, early warning and dissuasion, industry governance, publicity and prevention, etc. He frankly said that in order to build a group prevention and control mechanism, it is necessary to strengthen organization and coordination, and further solve problems such as information sharing, crime prevention and governance, and law and regulation construction.

"Our country has not yet introduced laws targeting new types of cybercrime, and many telecommunications network governance information sharing tasks are in a state of lawlessness." Hu Yongtao said that the governance of telecommunications network crimes involves the exercise of public power, the protection of public interests, and the risk control of various companies. How to measure the conflict between national, social and corporate interests and the individual rights and interests carried by personal information urgently requires corresponding guidance and norms.

At the same time, he also mentioned that due to the lack of clear governance rights, a large number of early warning clues and information have not been fully utilized due to the problems and clues found by some enterprises and institutions in their governance work. On the one hand, since the problems found by enterprises often have not yet led to a case or the victims cannot be found, it is difficult for the public security organs to quickly identify and deal with them according to law. On the other hand, financial institutions, telecom operators, and Internet companies are unable to identify and deal with the fraud clues they have found, and it is also difficult for them to achieve joint prevention and control outside their own business scope.

This makes it urgent to establish laws and regulations and clarify responsibilities and powers. "First, we should clarify the division of labor, responsibilities and coordination mechanisms among regulatory departments, judicial departments, financial institutions, telecom operators, and Internet companies in combating telecom fraud, so as to form a joint governance force," Hu Yongtao suggested.

"On the one hand, we must require Internet service providers to be responsible for data security protection from the perspectives of technology, responsibility, and ethics at the legal level; on the other hand, we must punish online fraud in an all-round and vigorous manner. At the same time, we must establish a public information platform to aggregate and share information, publicity, and technology capabilities, and pool the capabilities of security vendors to better serve users." Wu Haisang said, and he specifically mentioned that relevant companies should fulfill their social responsibilities and actively offer suggestions on the formulation of laws and regulations and standards.

In addition, anti-fraud must be "offensive and defensive". Jiang Guoli, deputy director of the Criminal Investigation Bureau of the Ministry of Public Security, said that telecommunications and Internet fraud is a preventable crime. It is better to prevent it before it happens than to crack it down after the fact. It is better not to file a case than to solve it quickly. It is better to be deceived less than to recover more stolen goods.

Hu Yongtao also mentioned that since most fraud gangs hide abroad and are affected by the epidemic, the cost of police going abroad to combat such crimes is very high. In contrast, carrying out group prevention and control work can greatly save the overall social cost and reduce the risk of people being deceived.

The public is an important force in "social co-governance". As Black Cat said, ordinary people can easily mark fraudulent calls, text messages, and websites, report fraudulent activities in a timely manner, improve the anti-fraud security database, and contribute to "all people's anti-fraud, a world without fraud".

In the cat-and-mouse game of fraud and anti-fraud, everyone can be a victim or an activist.

(Black Cat, Xiao Shu, and Zhou Ke are all pseudonyms in this article)

◎ Author: Cui Shuang, Science and Technology Daily reporter

◎ Editor: Liu Li

Produced by Science and Technology Daily and Deep Eyes Studio

WeChat Editor | Zhang Qiqi

Audit | Yue Liang

Final Review | He Yi