Cybercrime and Punishment

Posted 31st March 2023 by Barry Conlon

How fraud has changed through the ages. But hasn’t changed at all.

Picture it. There you are, enjoying your morning croissant in your Parisian chateau just a few short years after the French Revolution. A letter arrives at your door. It’s from someone you’ve never met, says he’s the servant of the renowned aristocrat Marquis de Lafayette. The pair are living in exile, having fled the country before the revolutionary hordes could throw his master into the Seine.

The faithful servant explains that, in their haste to evade the angry mob, they hid a chest of precious jewels down a well. Now, his master has sent him back to Paris to retrieve the treasure, but alas he has fallen foul of the authorities and finds himself in prison. What misfortune! With just a little help from you, a fellow Frenchman, to aid in the servant’s bail, you can have 30% of the loot…

Anything sound familiar? Although you may not have known the term at the time, you just received a “Jerusalem letter”, so called because many of the disaffected letter writers claimed to be holed up in that city. And according to Eugène Vidocq, the French criminal turned detective, “of a hundred such letters” sent by French confidence tricksters, “twenty were always answered”.

It’s one of the earliest known examples of the advance fee scam. A century later it became better known as “The Spanish Prisoner”, which describes a prisoner in Spain separated from his wealth during the Spanish-American War. And more recently of course the Nigerian Prince Scam, or “419” scam based on the Nigerian legal designation for fraud.

Over time, the treasure varied from precious jewels to gold bullion, gold dust or good old cash. The wealthy aristocrat became a deposed member of the royal family, a senior government official or a top executive at a petroleum company. And of course, the means of correspondence evolved into an email, phone call, or WhatsApp message.

Today’s scammers need to work harder than ever to separate people from their money. They spend weeks and months luring their victims into imaginary online relationships, before asking for money to come and visit them in person. They pose as landlords of a rental property, extracting deposits from desperate tenants to a house that isn’t theirs. They recreate entire websites to resemble your bank, energy supplier or streaming service, now if you could just update your payment details here…

And they move with the times. Just weeks after the UK government announced the Energy rebate scheme in 2022, criminals began phishing victims with links to “GOVUK” sites promising energy bill rebates. Similar attempts were made with free Covid tests and Council tax refunds. Some crafty types even printed fake parking tickets.

To fraudsters, anyone with money and an internet connection is a potential mark. As consumers, we live in a state of constant vigilance, wary of phone numbers we don’t recognise, unwilling to click on any links, double checking anyone who emails us with new bank account details. (This latter tactic is known as Business Email Compromise scam, and resulted in $2.4 billion worth of losses in USA in 2021)

As fraud becomes more sophisticated, so too does fraud prevention. And the biggest spenders in this field are national governments. Take Italy for example. In a country which loses €99 billion per year to tax evasion, including €30 billion in unpaid VAT, they have turned to Artificial Intelligence to close the tax gap.

Their “VeRa” algorithm looks for discrepancies between taxpayer annual returns and other personal records such as property registers, bank accounts and electronic payments. Any suspicious submissions warrant a letter asking the taxpayer to explain the differences. The more data VeRa processes, the smarter it becomes. In 2022, the Italian tax authority claimed to have identified 1 million high-risk cases and prevented more than €6.8 billion in fraud.

Other countries have also adopted algorithms to crack down on welfare fraud, including the Netherlands in 2013, Ireland in 2016, Spain in 2018, and Poland in 2021. In France, officials used artificial intelligence and satellite images to detect 20,000 undeclared swimming pools, landing their owners in, ahem, hot water to the tune of €10 million in taxes.

In 2016, the UK government revealed that benefit fraud at the hands of criminal gangs cost the Department of Work and Pensions nearly £2.1 billion. To combat this crime, they deployed AI to look for claim patterns such as repeat phone numbers or similar writing style across multiple applications. Once a claim is flagged as suspicious, a human investigator takes over to check for fraud.

But their AI doesn’t stop there. It also reviews Facebook and Instagram accounts to look for inconsistencies between social media activity and benefit claims. For example, if someone is claiming unemployment benefit while sharing pictures of their new sports car, the algorithm will get pretty suspicious. Likewise for a recipient of disability benefit who posts about their sky-diving trip.

However, as powerful as these robotic sleuths can be, the need for a human in the loop remains. Between 2013 and 2015, at least 20,000 residents of Michigan USA were falsely accused of fraud by an unsupervised algorithm. And in 2021, the entire Dutch government resigned after 20,000 families were wrongly accused of fraud by an algorithm that overly selected first or second generation migrants for suspicion, an outcome described by Amnesty International as “automated ethnic profiling”.

So let’s say AI detectives are still a work in progress. But some things never change. The Jerusalem letter is still around all these years later, masquerading as a crypto scam, Ponzi scheme or phishing scam. If our French friend Eugène Vidocq was working in the police force today instead of 200 years ago, he would likely be employed as a back office analyst scanning mountains of data for banking irregularities, incriminating phone records or sneaky hot tubs.

Because what was once anonymous letter writer versus local police is now networks of remote hackers against government-backed cybersecurity specialists. And both sides are armed with cutting edge technology. The challenge for the next generation of law enforcement will be to use technology to support human instincts for justice rather than replace them.

More news

Everything about placemaking, Loqiva and more ...