Shostack + Friends Blog Archive


Sweden: An Interesting Demographic Case Study In Internet Fraud

saab-900(quietly, wistfully singing “Yesterday” by the Beatles)

From my favorite Swedish Infosec Blog, I don’t speak Swedish, so I couldn’t really read the fine article they linked to.  Do go read their blog post, I’ll wait here.

Back?  Great.  Here are my thoughts on those numbers:


The World Bank estimates the population of Sweden to be 9,220,986 – 2008

For Reference, London (2006 figures) was 7.5 million, New York City was 8.275 million in 2007

So the Swedish “market” for fraud was around 60,000 people out of a total population of 9,000,000 suffering an average  of  €1050-1100 each.  This line of thinking draws the inevitable comparison to what VC call The Chinese Soft Drink Argument (If we can just get each person from China to buy one drink, we’ll make a billion!), obviously, but I thought it was interesting to put this into context.

When I saw those numbers, I thought of a couple of other stats I’d like to have at hand:

Break down of types of “attacks” that resulted in fraud (was the attack primarily hacking, was their SE involved, was it phishing, etc.), estimated number of attack attempts, number of arrests, demographics around Internet banking and broadband penetration…

What other information do you think would be helpful to you as a practitioner?

obligatory Swedish Chef reference:

2 comments on "Sweden: An Interesting Demographic Case Study In Internet Fraud"

  • Adam says:

    If you don’t know how the data is gathered, how can you decide if it’s reasonable data?

  • Hi!

    Just want to give you some further numebers and a comment regarding data gathered.

    Sweden is a very organized country. The referenced organization, FI, stands for Finance Inspection, a governmental anthourity that is tasked to monitor all finance institutions in sweden. The figures are very reliable.

    They types of attacks are mostly skimming and attacks towards user authentication mechanism using trojans. Phising attemps do exist but mainly fails. There are no figures on the number of attacks each days but from the patterns I daily see I would suspect that at least two attacks per person each day (including phising)

    Number of arrests for this kinds of crime is rather low as it is mainly carried out from other contries.

    Broadband penetration is very high, more or less all grownups have acccess to broad band. The greater majority (80%) uses internet banking. Authentication mechanism are improving towards two factor authentication.

    The average scam is around 1 500 – 2 000€.

    Every week 300 000 credit cards is stolen all over europe.

Comments are closed.