Cybercrooks take shine to Apple lineup

By Martha C. White
Sunday, March 21, 2010

Mac geeks estimate that Apple presold 120,000 iPads on March 12, but it's not just aficionados who are gearing up for Cupertino's next big thing: The iPad is expected to be a target for credit-card thieves and online scammers of all types. Antivirus software company McAfee is already warning consumers not to fall for e-mails or ads promising a free or reduced-price iPad if they enter an address . . . and a credit card number.

According to the Internet Crime Complaint Center, online fraud of all kinds rose 22.3 percent between 2008 and 2009. Credit-card fraud made up about 10 percent of the total number of complaints referred to law enforcement. Last year, companies and individuals lost more than half a billion dollars to cyberthieves, and a disproportionate share of that was Apple-related.

Why is Apple so popular with scammers? Its business model gives them two ways to use stolen credit-card numbers, according to Robert Vamosi, research analyst specializing in security, fraud and risk for market research firm Javelin Strategy & Research. First, electronics are a hot category for thieves.

Of course, Apple isn't the only company that makes or sells hardware; electronics retailers and big-box stores are also targeted by thieves. Wal-Mart seems to be another popular mark; security experts say overseas scammers gravitate toward it because they're familiar with the brand name (8,000 stores in 15 countries will do that) and because of the company's recent foray into more name-brand electronics. Domestic scammers like the Bentonville behemoth because it offers a nearly limitless variety of merchandise that can be bought with a stolen card and either resold on the street or returned for credit.

Electronics are popular with international crooks in part because they're an easy way to get money overseas. Crooks who want to avoid the scrutiny that comes from schlepping briefcases of cash across borders can essentially treat electronics as currency, using a stolen credit card to buy Apple products or other hot electronic goods and have them shipped to another country where they'll be resold, employing U.S.-based mules who get a small kickback for their participation.

Also, hardware is valuable because when thieves get their hands on the newest equipment, they can keep up their end of the arms race with banks, retailers and other developers of security features aimed at locking them out of the marketplace.

Apple might be particularly vulnerable because of the price disparity between the United States and the rest of the world when it comes to its iconic hardware. The blog cmyplay created a chart showing how laptop prices in Brazil, for instance, can be up to $1,200 higher than they are in the United States. Discrepancies like this can be tempting to black-market buyers and sellers.

Citing security, none of the major issuers or big banks would reveal how prevalent Apple-related credit-card scams are, but one bank rep did point out that computers and high-end electronics can be a magnet for thieves because of their resale value.

There's a second reason Apple could be at risk. When professional credit-card scammers get card numbers, they don't get just one. They get dozens or even hundreds, of which only a handful might still be valid. One of the easiest ways to test if a number has been "switched off" is to make a small, innocuous purchase. A 99-cent mp3 file of Ke$ha or Taylor Swift does the trick nicely, and the ubiquitous nature of iTunes means such a purchase is less likely to trip an automatic fraud monitor at the card's issuer.

Technology has raised the stakes on the cat-and-mouse competition between retailers and criminals, and the data show that cyberthieves display no signs of slowing down. If the iPad turns out to be as much of a blockbuster as Apple hopes, it's safe to assume the device will play a starring role in online scams for some time to come.

-- The Big Money

© 2010 The Washington Post Company