Internet fraud

From ArticleWorld

The term Internet fraud refers to any type of fraud scheme that uses email, web sites, chat rooms or message boards to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions or to transmit the proceeds of fraud to financial institutions or to other connected with the scheme.

Internet fraud is committed in several ways. The FBI and police agencies worldwide have people assigned to combat this type of fraud; according to figures from the FBI, U.S. companies' losses due to Internet fraud in 2003 surpassed US$500 million. In some cases, fictitious merchants advertise goods for very low prices and never deliver. However, that type of fraud is minuscule compared to criminals using stolen credit card information to buy goods and services.

In some cases Internet fraud schemes originate in the U.S. and European countries, but a significant proportion seems to come from Africa, particularly Nigeria, and sometimes from Ghana and Egypt. Some originate in Eastern Europe, Southwest Asia and China. For some reason, many fraudulent orders seem to originate from Belgium, from Amsterdam in the Netherlands, from Palestine, and from Malmö in Sweden.

Most Internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either (online or offline). There have been many cases of hackers obtaining huge quantities of credit card information from companies' databases. There have been cases of employees of companies that deal with millions of customers in which they were selling the credit card information to criminals.

Despite the claims of the credit card industry and various merchants, using credit cards for online purchases can be insecure and carry a certain risk. Even so called "secure transactions" are not fully secure, since the information needs to be decrypted to plain text in order to process it. This is one of the points where credit card information is typically stolen.

Some fraudsters approach merchants asking them for large quotes. After they quickly accept the merchant's quote, they ask for wire transfer information to send payment. Immediately, they use online check issuing systems as Qchex that require nothing but a working email, to produce checks that they use to pay other merchants or simply send associates to cash them.The most straightforward type of purchase scam is a buyer in another country approaching many merchants through spamming them and directly asking them if they can ship to them using credit cards to pay.

According to the FBI and postal inspectors, there has been a significant surge in the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMO's) were intercepted by authorities from October to December of 2004, and according to the USPS, the "quality" of the counterfeits is so good that ordinary consumers can easily be fooled.

On April 26, 2005, Tom Zeller Jr. wrote an article in the New York Times[3] regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her.

A fraudster posts a vehicle for sale on an online site, generally for luxury or sports cars advertised for thousands less than market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors and re-posted elsewhere. An interested buyer, hopeful for a bargain, emails the seller, who responds saying the car is still available but is located overseas. He then instructs the buyer to send a deposit via wire transfer to initiate the "shipping" process. The unwitting buyer wires the funds, and doesn't discover until days or weeks later that they were scammed.

• If you are selling a vehicle, never accept a certified check for more than the amount and agree to wire the difference. Even if you insist on doing this, wait a good 10 days before you wire a dime - otherwise, you are very likely to lose it all. • If you are buying a vehicle, remember that if the deal you are looking at sounds too good to be true, on the Internet anyway, it nearly always is.

In some cases, fraudsters approach merchants and ask for large orders: $50,000 to $200,000, and even agree to pay via wire transfer in advance. After negotiation (which usually doesn't take too long because they agree on whatever price they are quoted), they invent some excuse about the impossibility of sending a bank wire transfer, so they tell the merchant they will send a check that the merchant can deposit and wait for it to clear, before shipping. In that case, many merchants feel safe because they will have the funds before shipping. What the fraudsters do is counterfeit checks from a medium to large U.S. company that usually has enough funds to cover the size of check they intend to send, imitating the signatures very well. This is performed usually with common bookkeeping and word-processing applications. When asked why was it a company check from a company that is not their company, they state that it was a payment that the U.S. company owed them. Banks usually pay those checks. Only when the U.S. company notices that they did not issue the check and complains to the Bank, the Bank debits the account of the merchant. By then, the merchant has already shipped the goods.

In some cases, the fraudsters do not tell the merchants that they will not issue the wire. They agree to the wire but ask the merchant for their Bank's address. The fraudsters send a check directly to the merchant's Bank with a note asking to deposit it to the merchant's account. Unsuspecting Bank Officers deposit the check, and then the fraudster contacts the merchant stating that they made a "direct deposit" into the merchant's account. Since the check is a good counterfeit, it is paid by the Bank.

The latest scam to hit the headlines is the multi-million dollar Clickfraud which occurs when advertising network affiliates force paid views or clicks to ads on their own websites via Spyware, the affiliate is then paid a commission on the cost-per-click that was artificially generated.

Many consumers connect to the Internet using a modem calling a local telephone number. Some web sites, normally containing adult content, use international dialing to trick consumers into paying to view content on their web site. Once the program is downloaded it disconnects the computer from the Internet and proceeds to dial an international long distance or premium rate number, charging anything up to $7 or $8 per minute.

Phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.

Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.

Fraudsters launch auctions on eBay or TradeMe with a very low price and no reserve, mostly for high priced items like watches, computers or high value collectibles. They receive payment and never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used.

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes.

Significant and supplemental to partnering with law enforcement and regulatory agencies, it will remain a priority objective of the IC3 to establish effective alliances with industry. Such alliances will enable the IC3 to leverage both intelligence and subject matter expert resources, pivotal in identifying and in crafting an aggressive, proactive approach to combating cyber crime.