Telecom fraud: the value chain and pretending to be asleep, "night watchman"-Telecom fraud, personal information, information on cyber crime-IT

Residents of Shenzhen Luo Can last up to 20 a day selling business phone call problems. Luo Can told reporters that his father with his ID information to register a company, did not tell other people. As to how the news is business aware, Luo Can know, he sure is that their rents in estate agents, or in some business card information has been compromised and used by others.

Similar telecoms fraud occurred, the source of most victims of personal information being leaked.

Was put on the "shelves" of personal information

"Fraud ring would like personal information, almost all can be bought online. "A person close to police told reporters that at present, the disclosure of personal information is a serious problem, and a lot of information has been clearly marked, like on the" shelves "on the merchandise, for customers to buy.

Journalist login, Jingdong, Amazon and other shopping site Taobao, to retrieve the keywords related to your personal information, found that many had been in accordance with the relevant laws, regulations and policies cannot be displayed. However, the Reporter log Tencent QQ, search by adding friends and found that sell large quantities of personal information, identity cards, bank cards and QQ QQ Group number.

These, QQ and QQ groups, many of which are "hackers" claiming to be, and at individual signature bar marked "good faith" and so forth. They immediately add multiple annotations QQ can sell personal information, and to ask the buyer′s identity, they are that they can provide accurate and comprehensive personal information one or two hands.

A seller claims, information on the property There are two ways to sell, one is "get 100 Yuan 2000", or can be packaged, "500 Yuan city, 3 city can buy a discounted price 1000 Yuan", information included in the ID card, such as address, phone number, date of certificate issue.

Another seller says sell personal information of students and their parents at school, elementary school, junior high school student 0.2 Yuan/article, including students, parents phone number school name, class, and so on. In addition, management information, even official personal information third party payment platforms such as PayPal of account password information is sold.

In addition, journalists also found that unscrupulous businesses selling Bank and Chinese citizen ID card, and can complete the sale. Sellers to bundle real bank card, phone card, original of the second-generation ID card, Bank slips, online bank u shield package sale, set of cards of different banks have different price. Among them, the ICBC′s relatively expensive, is 1300 RMB, Bank, construction Bank, Societe Generale, and CITIC Bank 1000 Yuan.

Seller has repeatedly promised to sell the information is accurate. When asked where this information came from, sellers reply "no comment". These people close to police told reporters that the source of the citizens to information disclosure is personal information resources available banking, civil aviation, land and natural resources, telecom operators, hospitals and other institutions, which may also include the public security system.

"Information disclosure have formed an underground gray industrial chain, it was sold, was also acquired. "The people close to the police said, police handled a case seized to some personal information, including a bank VIP customers account information, including credit card number, customer name, identity card number, telephone, deposit balances and operations recorded for the last time. Criminals use the information to make Telecom fraud, it is easy to break the psychologically, implementing accurate frauds.

Black and white carrier

When implementing Telecom fraud, gangs, almost all from the phone, text message fraud begins. Collected information to victims and other preparatory work is directed at this step and go to. Operators as a communications provider, its regulatory duties are called into question.

Many people think, since telecommunications fraud in China spread yilai, from "posing as courts", and "guess guess I is who", and "I is you led", and "tickets flights information change", to pseudo base station mass fraud SMS, again to currently fast growth of SMS, and fraud phone and phone virus phase combined of form, operators are failed to in which play out due of regulatory role.

Most calls, SMS fraud cases have a common feature, software, fake, fraud criminals through tools such as tampering with the base station number, led to the victim′s cell phone showed public security agencies, banks, carriers and the phone numbers of friends and family, greatly reducing the victim′s vigilance, plus fraud criminals early to collect the victim information, improve the success rate of Telecom fraud.

This is the national people′s Congress, on behalf of the Honourable Albert CHAN to "knock dead" 6-year-old problem. 2016 on the CPPCC, Chen Weicai pointed out that users have to pay fee for caller ID, according to the People′s Republic of China Telecom Regulations Article fifth: Telecom service operators should be made available for telecommunications users fast, accurate, safe, convenient, and affordable telecommunication services. But why in reality provide false numbers result in users being cheated?

A branch of China Mobile told reporters that a senior person, hidden business operators have launched number, you can call the other number mobile phone when their numbers are not displayed, but it just doesn′t display, does not change the number, offenders in the implementation of calls, text message scams tend to change number to carry out fraudulent activities.

That said, if the phone to change the number, usually criminals to some group of users to relay calls through the operator ports, using operator switches vulnerability to change the caller ID on the phone. Nor does it preclude operators in collusion with them to make a mess, if change number of messages received, often using the base station sends.

"For operators in the network side can be found where the problem is, mainly to see the carriers are willing to look. In the usual business, the company requires strict, but some local carriers to complete index, business development, checking up. "These people moving company said.

In May 2014, Shenzhen people who received the modified software, after doing a fake customer service phone, believed he had been deceived 440,000 yuan. Shenzhen mobile companies charge a caller fee to the victims, is unable to provide accurate information on the grounds, take them to court, claims all losses. In 2015, Shenzhen mobile court decisions assume responsibility for 20%, 88,000 yuan of compensation. Case is the first victims sued the operators of telephone fraud tort case in Shenzhen.

In 2015, the Ministry issued Decree 25th, starting from September 1 of that year, a comprehensive national implementation of telephony users real-name registration system. The results obtained since the implementation of the policy is not clear, could not play the role of effective in curbing the fraud phone calls, fraud messages.

Guangdong is one of the hardest hit by domestic Telecom fraud, telephone users real name is not ideal. Recently, the Guangzhou Branch of China Mobile released "tough talk", according to relevant regulations of the State, do not register will be forced to shut down, and within 90 days from the date of suspension of telecommunication services is not a replacement, will be forced to cancel.

This reporter has learned, there are still a lot of selling telephone cards in order to drum up business in the communications shop, does not require the implementation of real-name system, but by the owner using other people′s identity cards to register well in advance, was also sold in bulk online registered phone card.

Prepaid mobile phone difficult to implement another obstacle of virtual operators. China Mobile, China Unicom, the big three carriers have contracts for the right to use part of a communication network virtual operators, according to Ministry statistics, at present there are 42 pilot companies were virtual operators, the virtual operation has reached 20.5 million users, accounting for 1.5% of the total number of mobile users.

Due to the three operators occupy a dominant position in the domestic telecommunications market, part of the virtual operator for the expansion of the user, the real-name system useless, virtual operators have thus become a gathering place of the black card, which on the 170th was notorious.

Bank loophole

If the operator is responsible for the establishment of a clean communications environment, then the Bank′s responsibility is to establish a channel to monitor financial flows. But in fact, the Bank channels difficult to implement effective monitoring of capital flows.

According to police statistics, 22.2 billion yuan in 2015 the country flow from victims ′ accounts to account fraud criminals. Due to the real-time payment only takes a few minutes, money to the account, fraud gangs money immediately "female flower" beat-like and arrangements person responsible for cash withdrawal, cash, or by money laundering, buying goods in the form of "white washing".

These criminal police detachment of police told reporters that the transfer mechanism is now an instant account, when victims discover that he was cheated, the money has been taken, banks hard to track each account. However, in his view, as long as the control of bank cards, can curb Telecom fraud.

The police said real-name system implementation in place of bank card are also very serious, have the hands of a large number of bank card fraud criminal elements, are buying through the black market after a number of banks, to strive for more accounts, often set the performance of the opening number, led to opening the low threshold, the spread of card issuers, also disguised criminals with a steady stream of cards source.

Late last year, the China Banking Regulatory Commission issued regulations, with effect from January 1, 2016, the same customer in the same commercial bank open a debit card shall not exceed 4, if more than 4 debit card customers, banks should take the initiative to contact the customer verification, found himself interposed person, should discontinue the service.

177th of the Chinese criminal law provides that the illegal possession of credit card, larger quantities, sell, purchase, offer of a credit card or by obtaining false identification cards, and can be convicted of crime of impairing credit card administration. But no legal restrictions on the sale of my bank card conduct, resulting in a large number of professional people trafficking in the bank card.

More than that, the public accounts are frauds, to a large extent facilitate criminal gangs commit Telecom fraud. The police stated that, the proliferation of public accounts has a relationship with business registration reform, on March 1, 2013, introduce a new business registration system in Shenzhen City, in order to simplify and lower costs, are no longer required to file to register the paid-up capital of the company, will no longer charge for capital verification certificate and registration fee.

Thereafter, the applicant companies than ever before to simplify a lot of procedures for registration, can be handled online, while saving costs and no longer required the company must be located in a commercial building or located in a residential area, and registration of an address can be repeated.

Above police think, business thing reform system although established has "who approval, and who regulatory" and industry regulatory phase combined of new business thing subject registration approval regulatory system, but on business places implementation itself declared system, without submitted site proved material, in daily of regulatory in the, market regulatory sector only to to business thing subject mailing letters of way, to verified business places address whether real exists, in verified registered company authenticity aspects exists with major security vulnerability.

Soon this reform brings changes, newly registered companies multiplied. These companies are legitimate companies, opened to the public in a bank account is not a problem.

Commercial register system reform pilot first in Shenzhen, Guangdong Province, Zhuhai, and cities across the country. Meanwhile, a large number of false registration information for public accounts become fraud ring when committing "money bags", victims often believe that formal registration of the company in the trade and Industry Bureau has filed, and greatly reduced mental preparedness.

A Bank has indicated to the police in Shenzhen, with a legal entity registered at the same address 79 companies and to the public account for the 79. At that time, the outlet manager accounts are open to swear falsely, later police investigation found that the company is the owner of a service company in Shenzhen requires its employees to use their identity cards to register, aim is resale profit.

It can be seen that public accounts "private revolution" vulnerabilities exist. At present, in accordance with the rules of simplified "private revolution" relevant regulations, transfers from public accounts to private accounts, no more than 50,000 yuan each; if there is more than, only required payment purposes indicated in column, but "private revolution" many times, the cumulative amount.

From the angle of incidence, criminals take advantage of this vulnerability, using single below 50,000, multiple transfers, via online bank transfer will be the high level of fraud money instant split-up. 35.05 million Yuan by fraud cases in a State-owned enterprise in Shenzhen, criminals use "private revolution" loopholes in every 50,000 yuan, transfer will be cheated money, March.

"A lot of public accounts correspond to the company, the police do not see any real information, and some even finally found by a farmer who, because declarer stole the farmer′s identity information to report to the public accounts and finally came. "These police told reporters.

Written on the back

At present, the court case has not yet been found to be telecommunications fraud victims sued the Bank won the case. Sixth article of the code of commercial banks, commercial banks should protect the legitimate rights and interests of the depositors are not affected by any unit and individual violations.

Rao Gaoming believes that Telecom fraud cases belonging to the third person causing loss of customers, banks should assume control of security duties, but have no obligation to actively detect bad lending. If the Bank has fulfilled its obligation and there is no negligence or fault, the Bank does not assume legal responsibility.

"However, banks need to comply with safeguards obligations, that is, to a certain extent reminded, as drew attention at all ATM machine fraud, and when a customer made a call for a freeze or the loss of operations in a timely manner. "Rao Gaoming said.

(Requires the respondent, this Luo Can, Ang Lee, Liu Fang is not his real name)

电信诈骗：利益链条与装睡的“守夜人” - 电信诈骗,个人信息,网络犯罪 - IT资讯

深圳市居民罗灿最近被一天多达20通推销业务的电话困扰。罗灿告诉记者，父亲用他的身份证信息注册了一家公司，并未告诉其他人。至于消息是如何被商家得知，罗灿也说不清，他能肯定的是：自己在房屋中介租房子，或在某商家办理会员卡时的信息已泄露，并被别人利用。

类似的电信诈骗案件发生，源头大多在于受害者个人信息被泄露。

被摆上“货架”的个人信息

“诈骗团伙想了解的个人信息，几乎都可以在网上买到。”一位接近公安系统的人士告诉记者，目前，个人信息泄露问题非常严重，而且很多信息都已被明码标价，就像摆在“货架”上的商品一样，供客户选购。

记者登陆淘宝、京东、亚马逊等购物网站，对个人信息相关的关键字进行检索，发现很多都已根据相关法律法规和政策无法显示。不过，记者登录腾讯QQ，通过添加好友进行搜索，发现有大量出售个人信息、身份证、银行卡的QQ群以及QQ号。

这些QQ群和QQ号，很多都以“黑客”自称，并在个性签名一栏标注“诚信”等字样。记者随即加了多个标注可以出售个人信息的QQ，并以买家的身份询问，对方均表示可以提供准确、全面的一、二手个人信息。

一位卖家声称，房产证方面的信息有两种卖法，一种是“散拿100元2000条”，还可以打包，“500元包一个城市，3个城市一起买可以给个折后价1000元”，信息中包括身份证、住址、手机号码、房产证颁发日期等。

另一个卖家表示，有在校学生以及其家长的个人信息出售，小学、初中的学生信息0.2元/条，包括学生所在学校名称、班级、家长电话号码等。此外，地区企业管理层信息、官员个人信息甚至支付宝等第三方支付平台的账号密码信息也均有出售。

此外，记者还发现，有不法商家出售银行卡和中国公民身份证，而且可以整套出售。卖家将实物银行卡、捆绑的手机卡、二代身份证原件、银行回单、网银U盾打包出售，不同银行的套卡售价也不同。其中，工商银行的相对贵一些，1300元一套，交行、建行、兴业和中信等银行1000元一套。

卖家一再承诺所出售的信息准确。当问及这些信息从何处来时，卖家均回复“无可奉告”。上述接近公安系统的人士告诉记者，这些公民信息泄露的源头是掌握公民个人信息资源的银行、民航、国土资源、电信运营商、医院等企事业单位，其中也可能包括公安系统。

“信息泄露已形成了一条地下灰色产业链，有人出售，也有人收购。”上述接近公安系统的人士称，警方办理某案子缴获到一些个人信息资料，其中就有某银行VIP客户的账户信息，包括银行卡号、客户名字、身份证号码、电话、存款余额以及最后一次操作记录。犯罪分子利用这些信息进行电信诈骗，很容易就击破人们的心理防线，实施精准诈骗。

黑白运营商

犯罪团伙在实施电信诈骗时，几乎都是从电话、短信诈骗开始的。前期收集受害者信息等准备工作也是冲着这一步而去。运营商作为通讯提供者，其监管职责颇受质疑。

不少人认为，自电信诈骗在中国蔓延以来，从“冒充公检法”、“猜猜我是谁”、“我是你领导”、“机票航班信息变更”，到伪基站群发诈骗短信，再到目前快速增长的短信、诈骗电话与手机病毒相结合的形式，运营商都未能在其中发挥出应有的监管作用。

大部分电话、短信诈骗案件中都有一个共同特征，诈骗犯罪分子通过改号软件、伪基站等工具篡改号码，导致受害者的手机显示公检法机关、银行、运营商和亲朋好友的电话号码，大大降低受害人的警惕性，加上诈骗犯罪分子提前收集好受害人信息，提高了电信诈骗的成功率。

这也是全国人大代表陈伟才“死磕”6年之久的问题。2016年的全国两会上，陈伟才指出，用户已经支付来电显示费用，按《中华人民共和国电信管理条例》第五条要求：电信业务经营者应当为电信用户提供迅速、准确、安全、方便和价格合理的电信服务。但为何现实中却提供了虚假号码导致用户被骗？

中国移动某分公司一名高层人士告诉记者，运营商有推出号码隐藏的业务，可以在呼叫对方号码时让对方手机不显示自己的号码，但这只是不显示，不会更改号码，违法分子在实施电话、短信诈骗时往往会更改号码去开展诈骗活动。

该名人士称，如果接到更改号码的电话，通常是不法分子通过运营商向一些集团用户提供中继通话端口，利用运营商交换机的漏洞来更改通话的主叫号码。也不排除运营商与他们勾结犯乱，若收到更改号码的短信，常是利用伪基站发送。

“对运营商来说，在网络侧都是可以去查到问题所在的，主要看运营商愿不愿意查。在平时业务开展中，公司要求要严把关，但有些地方的运营商为了完成指标、发展业务，把关严不起来。”上述移动公司的人士说。

2014年5月，深圳一市民接到经过改号软件做假的银行客服电话后，信以为真被骗44万元。受害者以深圳移动公司收取来电显示费，却不能提供准确的信息为由，将其告上法庭，索赔全部损失。2015年，法院判决深圳移动承担20%的责任，赔偿8.8万元。此案是深圳首例电话诈骗受害人状告运营商侵权案。

2015年，国家工信部发布25号令，要求从当年的9月1日起，全国全面实行电话用户实名登记制度。但这个政策实施以来取得的效果并不明显，没能起到有效限制诈骗电话、诈骗短信的作用。

广东是国内电信诈骗的重灾区之一，电话用户实名制的情况也不理想。近日，中国移动广州分公司放出“狠话”称，根据国家相关规定，再不实名登记将强制停机，且自暂停电信服务之日起90日内仍未补办的，将强制销户。

记者了解到，目前仍有不少通讯店在出售电话卡时为了招揽生意，并不要求落实实名制，而是由店主用别人的身份证事先登记好，网上还有人批量出售已登记好的手机卡。

手机实名制难实施的另一个阻力来自虚拟运营商。移动、联通、电信三大运营商把部分通讯网络使用权承包给了虚拟运营商，据工信部统计，目前全国共有42家企业获得虚拟运营商的试点，虚拟运营用户已达2050万，占全国移动用户总数的1.5%。

由于三大运营商在国内通讯市场占据绝对优势地位，部分虚拟运营商为扩充用户，实名制形同虚设，虚拟运营商也因此成为黑卡的聚集地，其中170号段已臭名远扬。

银行的漏洞

如果说运营商的职责是建立一个洁净的通讯环境，那么银行的职责则是建立一个利于监测的资金流动通道。但事实上，银行的资金流动通道难以实施有效监测。

据公安部门统计，2015年全国有222亿元从受害者账户流向诈骗犯罪分子的账户。由于实时支付只需要几分钟时间，钱一到账，诈骗犯罪团伙立刻将钱如“天女撒花”般打散并安排专人负责取现、套现，或通过洗钱、购买商品等形式“洗白”。

上述刑警支队的民警告诉记者，现在的转账机制都是即时到账，当受害者发觉被骗后，钱已被取现，银行难以做到对每笔帐进行追踪。不过，他认为，只要管住银行卡，就能遏制电信诈骗。

该民警表示，银行卡实名制落实不到位的问题也相当严重，诈骗犯罪分子手上拥有大量银行卡，都是通过黑市购买的，此前不少银行为了争取更多的开户数，往往定下开卡数量的业绩考核，导致开卡门槛低、发卡泛滥，也变相让犯罪分子有了源源不断的卡源。

去年年底，银监会发文规定，自2016年1月1日起，同一客户在同一商业银行开立借记卡不得超过4张，若超过4张借记卡的客户，银行要主动与客户联系核查，发现非本人意愿办理的，应中止服务。

中国《刑法》第一百七十七条规定，非法持有他人信用卡，数量较大，出售、购买、为他人提供伪造的信用卡或者以虚假的身份证明骗领的信用卡的，可以判妨害信用卡管理罪。但并没有对出售本人银行卡的行为做出法律限制，因此出现了大量专业开卡人贩卖自己的银行卡现象。

不止于此，对公账户也出现弄虚作假的情况，在很大程度上方便犯罪团伙实施电信诈骗。上述民警指出，对公账户的泛滥与商事登记制度改革有着关系，2013年3月1日，深圳市推行新的商事登记制度，为了程序简化、成本降低，不再要求申报人登记公司的实收资本，也不再收取验资证明文件和注册登记费。

此后，申报人注册公司时比以前简化了很多手续，可以在网上办理，同时节省了成本，不再规定公司必须设在商业楼，也可以设在住宅区，而且一个地址可以重复登记。

上述民警认为，商事改革制度虽然建立了“谁审批、谁监管”和行业监管相结合的新型商事主体登记审批监管制度，但对经营场所实施自行申报制度，无需提交场地证明材料，在日常的监管中，市场监管部门仅以向商事主体邮寄信函的方式，来核实经营场所地址是否真实存在，在核实注册公司真实性方面存在着重大安全漏洞。

很快这个改革带来了变化，新注册的公司成倍增长。这些公司都是合法公司，在银行开设对公账户不成问题。

商事登记制度改革最早在广东深圳、珠海试点，并逐渐在全国城市推广。与此同时，大量登记信息不实的对公账户成为了诈骗团伙作案时的“钱袋子”，受害者往往认为，正规注册的公司在工商局有备案，于是防备心理大减。

深圳某银行曾向警方反映，同一个法人在同一地址注册了79家公司，并申请79个对公账号。当时，营业点经理开户都开到心里发虚，后来警方调查发现，该公司是深圳一家秘书服务公司的老板要求其员工用自己的身份证去注册的，目的是转卖获利。

由此可见对公账户“公转私”存在的漏洞。目前，根据中国人民银行简化“公转私”的相关办法规定，从对公账户转账至对私账户，每笔不能超过5万元；如有超过，也仅需要在付款用途栏注明事由；但“公转私”次数不限，累计金额不限。

从发案情况看，犯罪分子利用该规定的漏洞，采用单笔低于5万、分多笔转账的方式，通过网银转账将高额的诈骗赃款瞬间分散转移。深圳某国有企业被诈骗3505万元案件，犯罪分子正是利用“公转私”存在漏洞，以每笔5万元、分多笔转账的方式将被骗资金转走。

“很多对公账户对应的公司，警方查不到任何真实的信息，有的甚至最后查到一位农民身上，因为申报人盗用了这个农民的身份信息去申报公司和对公账户，最终不了了之。”上述民警告诉记者。

写在后面

目前，法院公布的案例中暂未发现有电信诈骗受害者状告银行获得胜诉的案例。《商业银行法》第六条规定，商业银行应当保障存款人的合法权益不受任何单位和个人的侵犯。

饶高明认为，电信诈骗案件属于第三人侵权造成客户损失的情况，银行应当承担安全保障义务，但没有义务主动检测不良转贷的情况。若银行履行了告知义务，且没有任何疏忽或过错，那么银行不需要承担法律责任。

“不过，银行需要履行安全保障义务，即进行一定程度上的提醒，如在各个ATM机上提醒注意诈骗，当客户报案要求冻结或者挂失时及时操作。”饶高明说。

（应被访对象要求，文中的罗灿、李安、刘芳均为化名）