The Faces of Cybercrime

I was recently reminded of the truism that security is about managing risk. You cannot eliminate all risk. When we think of cyber criminals we tend to think of phishers, criminal gangs writing malware to steal passwords, and eBay scammers. So we try to deal with “reputable” companies to eliminate the risk of theft and fraud, but as you will see, this does not always work out.

Cybercrime is simply crime using computers and/or the internet to commit crimes. There are a variety of variations on this definition, but I think this one works just fine.

Dealing with a reputable company can minimize your risk of fraud or theft, but it does not eliminate it. Before I get to my specific example, it may be useful to explain “Bait and switch”.

Bait and switch is essentially when a company offers a product at one price, but then fails to honor the offer. They may fail to honor the offer by offering an inferior product or by raising the price.

I recently booked a round trip flight from Frankfurt, Germany to Amsterdam, Holland on KLM airlines using the Northwest Airlines web site. Northwest Airlines sent an email confirming my purchase of the flight for the price of $313.63. The next thing Northwest airlines, who incidentally are the same as Delta Airlines now, did was to silently cancel my ticket. Northwest knew that I would be stranded in Frankfurt with my only real option being to pay KLM, who is also Air France, more than twice as much money to make my appointment in Holland.

This appears to be a particularly nefarious bait and switch scam in that the airlines know the customer can’t easily back out of the deal. One might say that it was an accident, but logically if it was an accident then Northwest Airlines would have accepted responsibility for the increased fare and refunded the difference since they were exclusively at fault for not notifying a passenger when they cancel a ticket. I contacted Northwest and their response was that they were sorry, but they would accept no responsibility for their actions. I would guess they have a pretty lucrative kickback scheme with Air France and that the money will be pretty hard to trace.

You can dramatically reduce risk by dealing with well known companies, but you can’t eliminate it. In this case, Northwest Airlines used the internet, which is how I booked my tickets, to perpetrate what appears to be a classic bait and switch scam.

I’ll figure out who the appropriate law enforcement agencies are and see what they think about it. In the mean while, I’ve filed a complaint with the Better Business Bureau.

Randy Abrams
Director of Technical Education
ESET LLC

Author ESET Research, ESET

  • http://vomitcomet.blogspot.com Steve

    Good luck with this. If they’ve done it to you they’ve probably done it to others also, and I bet there’s a lawsuit here. such scumbags. The airlines are one of the reasons I hardly ever fly.

    • Randy Abrams

      So, Northwest Airlines is not a member of the Better Business Bureau, so that was a dead end. Fortunately, Delta has taken over Northwest Airlines and eventually figured out it was their mistake. I had to ask them to tell me what “Purchase Confirmation” means and what “We will send you an e-ticket” means and paste their confirmation email into the email before they got it. They finally refunded the fare difference and gave me a few miles as a meager gesture of goodwill.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

5 articles related to:
Hot Topic
23 Jun 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.