Internet Fraud is committed in several ways. The FBI and police agencies
worldwide have people assigned to combat this type of fraud ; according to
figures from the FBI, U.S. companies' losses due to Internet Fraud in 2003
surpassed US$ 500 million. In some cases, fictitious merchants advertise goods
for very low prices and never deliver. However, that type of fraud is minuscule
compared to criminals using stolen credit card information to buy goods and
services.
The Internet serves as an excellent tool for investors, allowing them to easily
and inexpensively research investment opportunities. But the Internet is also
an excellent tool for fraudsters. That's why you should always think twice
before you invest your money in any opportunity you learn about through the
Internet.
Geographic origin
In some cases Internet Fraud schemes originate in the U.S. and European
countries, but a significant proportion seems to come from Africa, particularly
Nigeria , and sometimes from Ghana and Egypt . Some originate in Eastern Europe
, Southwest Asia and China . For some reason, many fraudulent orders seem to
originate from Belgium , from Amsterdam in the Netherlands , from Norway , from
Palestine , and from Malmö in Sweden .
Geographic Targets
Europe and the US are the leading targets of this type of fraud.
Popular products
Fraudsters seem to prefer small and valuable products, such as: watches ,
jewelry , laptops , digital cameras , and camcorders . However, fraud in hosted
marketplaces such as Ebay covers a broad range of products from cellular phones
to desktop computers. The craft has continually evolved in sophistication. In
some instances, a picture of the product is sent in place of the actual
product. Other times, products are outright never sent after the bill is
charged to credit card accounts. Victims are left to deal with credit card
companies for chargebacks.
Romance Scam
This is one of the fastest growing areas of internet fraud whereby fraudsters
use romance to extract money from victims who are anxious to meet up with their
'spouse'. In a romance scam virtually all the methods enlisted elsewhere on
this page are used to extract cash from their victims, thus making it a very
deadly weapon in the wrong hands.
Identity theft schemes
Stolen credit cards
Most Internet fraud is done through the use of stolen credit card information
which is obtained in many ways, the simplest being copying information from
retailers, either online or offline . There have been many cases of hackers
obtaining huge quantities of credit card information from companies' databases
. There have been cases of employees of companies that deal with millions of
customers in which they were selling the credit card information to criminals.
Despite the claims of the credit card industry and various merchants, using
credit cards for online purchases can be insecure and carry a certain risk.
Even so called "secure transactions" are not fully secure, since the
information needs to be decrypted to plain text in order to process it. This is
one of the points where credit card information is typically stolen.
Get wire transfer info
Some fraudsters approach merchants asking them for large quotes. After they
quickly accept the merchant's quote, they ask for wire transfer information to
send payment. Immediately, they use online check issuing systems as Qchex that
require nothing but a working email, to produce checks that they use to pay
other merchants or simply send associates to cash them.
Purchase scams
Direct solicitations
The most straightforward type of purchase scam is a buyer in another country
approaching many merchants through spamming them and directly asking them if
they can ship to them using credit cards to pay.
An example of such email is as follows:
From: XXXXXX XXXXXX [XXXXXXX@hotmail.com] Sent: Saturday, October 01, 2005 11:35
AM Subject: International order enquiry
Goodday Sales, This is XXXXXX XXXXXXX and I will like to place an order
for some products in your store, But before I proceed with listing my
requirements, I will like to know if you accept credit card and can ship
internationally to Lagos, Nigeria. Could you get back to me with your website
so as to forward you the list of my requirements as soon as possible. Regards,
XXXXXX XXXXXX, XXXXXXXX Inc. 9999 XXXXX street, Mushin, Lagos 23401, Nigeria
Telephone: 234-1-99999999, Fax: 234-1-9999999, Email: XXXXXXXXX@hotmail.com
Most likely, a few weeks or months after the merchant ships and charges the
Nigerian credit card, he/she will be hit with a chargeback from the credit card
processor and lose all the money..
Counterfeit Postal Money Orders
According to the FBI and postal inspectors, there has been a significant surge
in the use of Counterfeit Postal Money Orders since October 2004. More than
3,700 counterfeit postal money orders (CPMO's) were intercepted by authorities
from October to December of 2004, and according to the USPS, the "quality" of
the counterfeits is so good that ordinary consumers can easily be fooled.
On March 9, 2005, the FDIC issued an alert SA-23-2005 [2] stating that it had
learned that counterfeit U.S. Postal Money Orders had been presented for
payment at financial institutions.
On April 26, 2005, Tom Zeller Jr. wrote an article in the New York Times [3]
regarding a surge in the quantity and quality of the forging of U.S. Postal
Money Orders, and its use to commit online fraud. The article shows a picture
of a man that had been corresponding with a woman in Nigeria through a dating
site, and received several fake postal money orders after the woman asked him
to buy a computer and mail it to her.
Who has received Counterfeit Postal Money Orders (CPMOs):
-
Small Internet retailers.
-
Classified advertisers.
-
Individuals that have been contacted through email or chat rooms by fraudsters
posing as prospective social interests or business partners, and convinced to
help the fraudsters unknowingly.
Geographical origin:
-
Mostly from Nigeria
-
Ghana
-
Eastern Europe
The penalty for making or using counterfeit postal money orders is up to ten
years in jail and a US$25,000 fine.
Online Automotive Fraud
There are two basic schemes in online automotive fraud:
-
A fraudster posts a vehicle for sale on an online site, generally for luxury or
sports cars advertised for thousands less than market value. The details of the
vehicle, including photos and description, are typically lifted from sites such
as eBay Motors and re-posted elsewhere. An interested buyer, hopeful for a
bargain, emails the seller, who responds saying the car is still available but
is located overseas. He then instructs the buyer to send a deposit via wire
transfer to initiate the "shipping" process. The unwitting buyer wires the
funds, and doesn't discover until days or weeks later that they were scammed.
-
A fraudster feigns interest in an actual vehicle for sale on the Internet. The
"buyer" explains that a client of his is interested in the car, but due to an
earlier sale that fell through has a certified check for thousands more than
the asking price and requests the seller to send the balance via wire transfer.
If the seller agrees to the transaction, the buyer sends the certified check
via express courier (typically from Nigeria ). The seller takes the check to
their bank, which makes the funds available immediately. Thinking the bank has
cleared the check, the seller follows through on the transaction by wiring the
balance to the buyer. Days later, the check bounces and the seller realizes
they have been scammed. But the money has long since been picked up and is not
recoverable.
Another type of fraud is that you offer to sell a car and the "buyer" writes
you, without even entering into any discussion about the car, asking for the
VIN (vehicle identification number). He says he needs the VIN to check whether
the car has been in an accident. Don't give it to him until he shows up for a
test drive and you record his name and driver's license information. VIN
cloning is a problem: thieves steal another person's car and then make fake
papers to indicate that it has the VIN of your car - they then sell the stolen
car to an unsuspecting person.
Cash the check system
In some cases, fraudsters approach merchants and ask for large orders: $50,000
to $200,000, and even agree to pay via wire transfer in advance. After
negotiation (which usually doesn't take too long because they agree on whatever
price they are quoted), they invent some excuse about the impossibility of
sending a bank wire transfer , so they tell the merchant they will send a check
that the merchant can deposit and wait for it to clear, before shipping. In
that case, many merchants feel safe because they will have the funds before
shipping. What the fraudsters do is counterfeit checks fro a medium to large
U.S. company that usually has enough funds to cover the size of check they
intend to send, imitating the signatures very well. This is performed usually
with common bookkeeping and word-processing applications. When asked why was it
a company check from a company that is not their company, they state that it
was a payment that the U.S. company owed them. Banks usually pay those checks.
Only when the U.S. company notices that they did not issue the check and
complains to the Bank, the Bank debits the account of the merchant. By then,
the merchant has already shipped the goods.
In some cases, the fraudsters do not tell the merchants that they will not issue
the wire. They agree to the wire but ask the merchant for their Bank's address.
The fraudsters send a check directly to the merchant's Bank with a note asking
to deposit it to the merchant's account. Unsuspecting Bank Officers deposit the
check, and then the fraudster contacts the merchant stating that they made a "
direct deposit " into the merchant's account. Since the check is a good
counterfeit , it is paid by the Bank (as explained in the paragraph above).
Re-shippers
In the case of services, fraudsters just use stolen credit card info to purchase
them. However, most fraudsters prefer goods, but the problem is how to ship and
safely retrieve the goods without being caught. So they have invented the "
Re-Shippers "
Nigerian version
In the Nigerian version, the fraudsters have armies of people actively
recruiting single women from western countries through chat & matchmaking
sites. At some point, the fraudster promises to marry the lady and come to
their home country in the near future. Using some excuse the fraudster asks
permission of his "future wife" to ship some goods he is going to buy before he
comes. As soon as the woman accepts the fraudster uses several credit cards to
buy at different Internet sites simultaneously. In many cases the correct
billing address of the cardholder is used, but the shipping address is the home
of the unsuspecting "future wife". Around the time when the packages arrive,
the fraudster invents an excuse for not coming and tells his "bride" that he
urgently needs to pick up most or all the packages. Since the woman has not
spent any money, she sees nothing wrong and agrees. Soon after, she receives a
Fedex or UPS package with pre-printed labels that she has agreed to apply to
the boxes that she already has at home. The next day, all boxes are picked up
by UPS or Fedex and shipped to the fraudster's real address (in Nigeria or
elsewhere). After that day the unsuspecting victim stops receiving
communications from the "future husband" because her usefulness is over. To
make matters worse, in most cases the fraudsters were able to create accounts
with UPS / Fedex , based on the woman's name and address. So, a week or two
later, the woman receives a huge freight bill from the shipping company which
she is supposed to pay because the goods were shipped from her home.
Unwillingly, the woman became the fraudster re-shipper and helped him with his
criminal actions.
East European version
This is a variant of the Nigerian Version, in which fraudsters recruit people
through job postings . The fraudsters present themselves as a growing European
company trying to establish a presence in the U.S. and agree to pay whatever
the job applicant is looking to make, and more. The fraudsters explain to the
unsuspecting victim that they will buy certain goods in the U.S. which need to
be re-shipped to a final destination in Europe . When everything is agreed they
start shipping goods to the re-shipper's house. The rest is similar to the
Nigerian Version. Sometimes, when the fraudsters send the labels to be applied
to the boxes, they also include a fake check, as payment for the re-shipper's
services. By the time the check bounces unpaid, the b xes have been picked up
already and all communication between fraudster and re-shipper has stopped.
Chinese version
This is a variant of the East European Version, in which fraudsters recruit
people through spam . The fraudsters present themselves as a growing Chinese
company trying to establish a presence in the U.S. or Europe and agree to pay
an agent whatever the unsuspecting victim is looking to make, and more. Here is
an example of a recruiting email:
Dear Sir/Madam, I am Mr. XXX XXX, managining XXXXXXXXXXX Corp. We are a company
who deal on mechanical equipment, hardware and minerals, electrical products,
Medical & Chemicals, light industrial products and office equipment, and
export into the Canada/America and Europe. We are searching for representatives
who can help us establish a medium of getting to our costumers in the
Canada/America and Europe as well as making payments through you to us. Please
if you are interested in transacting business with us we will be glad. Please
contact us for more information. Subject to your satisfaction you will be given
the opportunity to negotiate your mode of which we will pay for your services
as our representative in Canada/America and Europe. Please if you are
interested forward to us your phone number/fax and your full contact addresses.
Thanks in advance. Mr. XXX XXX. Managing Director"
Call tag scam
The Merchant Risk Council reported that the " call tag " scam re-emerged over
the 2005 holidays and several large merchants suffered losses. Under the
scheme, criminals use stolen credit card information to purchase goods online
for shipment to the legitimate cardholder. When the item is shipped and the
criminal receives tracking information via email, he/she calls the cardholder
and falsely identifies himself as the merchant that shipped the goods, saying
that the product was mistakenly shipped and asking permission to pick it up
upon receipt. The criminal then arranges the pickup issuing a "call tag" with a
shipping company different that the one the original merchant used. The
cardholder normally doesn't notice that there is a second shipping company
picking up the product, which in turn has no knowledge it is participating in a
fraud scheme. The cardholder then notices a charge in his card and generates a
chargeback to the unsuspecting merchant.
Business Opportunity/"Work-at-Home" Schemes
Fraudulent schemes often use the Internet to advertise purported business
opportunities that will allow individuals to earn thousands of dollars a month
in "work-at-home" ventures. These schemes typically require the individuals to
pay anywhere from $35 to several hundred dollars or more, but fail to deliver
the materials or information that would be needed to make the work-at-home
opportunity a potentially viable business.
Often, after paying a registration fee, the applicant will be sent advice on how
to place ads similar to the one that recruited him in order to recruit others,
which is effectively a pyramid scheme.
Other types of work at home scams include home assembly kits . The applicant
pays a fee for the kit, but after assembling and returning the item, it's
rejected as sub-standard , meaning the applicant is out of pocket for the
materials. Similar scams include home-working directories , medical billing ,
data entry at home or reading books for money.
Online Dating Fraud
Also called romance scam , this is an option when people you met on an online
dating website, chat, or instant messaging get acquainted with you. These
people usually live in other countries so you can see them only in photos. They
appear to look very pretty and sexy. After communicating with these girls/guys
for some period you feel that you have become close friends. Then you both want
to see each other in real life. These people usually ask for som money to buy
airplane tickets to come to you. You transfer money via Western Union and then
these people just disappear. The Computer
Crime Research Center receives a lot of claims saying people were
tricked out of as much as $5000.
Mari El is one location where a number of dating scams are said to originate;
like other forms of Internet fraud, many dating scams also appear to originate
in Nigeria .
Phishing
Main article: Phishing
"Phishing" is the act of attempting to fraudulently acquire sensitive
information, such as passwords and credit card details, by masquerading as a
trustworthy person or business with a real need for such information in a
seemingly official electronic notification or message (most often an email, or
an instant message). It is a form of social engineering attack.
The term was coined in the mid 1990s by crackers attempting to steal AOL
accounts. An attacker would pose as an AOL staff member and send an instant
message to a potential victim. The message would ask the victim to reveal his
or her password, for instance to "verify your account" or to "confirm billing
information". Once the victim gave over the password, the attacker could access
the victim's account and use it for criminal purposes, such as spamming.
Phishing has been widely used by fraudsters using spam messages masquerading as
large Banks ( Citibank , Bank of America ) or PayPal . These fraudsters can
copy the code and graphics from legitimate websites and use them on their own
sites to create a legitimate-looking scam web pages. They can also link to the
graphics on the legitimate sites to use on their own scam site. These pages are
so well done that most people cannot tell that they have navigated to a scam
site. Fraudsters will also put the text of a link to a legitimate site in an
e-mail but use the source code to links to own fake site. This can be revealed
by using the "view source" feature in the e-mail application to look at the
destination of the link or putting the cursor over the link and looking at the
code in the status bar of the browser. Although many people don't fall for it,
the small percentage of people that do fall for it, multiplied by the sheer
numbers of spam messages sent, presents the fraudster with a substantial
incentive to keep doing it.
Anti-phishing technologies are now available.
Pharming
Main article: Pharming
Pharming is the exploitation of a vulnerability in the DNS
server software that allows a hacker to acquire the domain name for a site ,
and to redirect that website's traffic to another web site. DNS servers are the
machines responsible for resolving internet names into their real addresses -
the "signposts" of the internet .
If the web site receiving the traffic is a fake web site, such as a copy of a
bank 's website, it can be used to " phish " or steal a computer user's
passwords , PIN or account number. Note that this is only possible when the
original site was not SSL protected, or when the user is ignoring warnings
about invalid server certificates .
For example, in January 2005 , the Domain Name for a large New York ISP , Panix
, was hijacked to a site in Australia . In 2004 a German teenager hijacked the
eBay .de Domain Name.
Secure e-mail provider Hushmail was also caught by this attack on 24th of April
2005 when the attacker rang up the domain registrar and gained enough
information to redirect users to a defaced webpage.
Anti-pharming technologies are now available.
Auction and Retail Schemes Online
Fraudsters launch auctions on eBay or TradeMe with very low prices and no
reservations especially for high priced items like watches, computers or high
value collectibles. They received payment but never delivers, or delivers an
item that is less va uable than the one offered, such as counterfeit,
refurbished or used. Some fraudsters also create complete webstores that appear
to be legitimate, but they never deliver the goods. In some cases, some stores
or auctioneers are legitimate but eventually they stopped shipping after
cashing the customers' payments.
Sometimes fraudsters will combine phishing to hijacking legitimate member
accounts on eBay, typically with very high numbers of positive feedback, and
then set up a phony online store. They received payment usually via check,
money-order, cash or wire transfer but never deliver the goods; then they leave
the poor, unknowing eBay member to sort out the mess. In this case the
fraudster collects the money while ruining the reputation of the conned eBay
member and leaving a large number of people without the goods they thought they
purchased.
Stock market manipulation schemes
These are also called investment schemes online. Criminals use these to try to
manipulate securities prices on the market, for their personal profit.
According to enforcement officials of the Securities and Exchange Commission,
the 2 main methods used by these criminals are:
Pump-and-dump schemes
False and/or fraudulent information is disseminated in chat rooms, forums,
internet boards and via email (spamming), with the purpose of causing a
dramatic price increase in thinly traded stocks or stocks of shell companies
(the "pump"). As soon as the price reaches a certain level, criminals
immediately sell off their holdings of those stocks (the "dump"), realizing
substantial profits before the stock price falls back to its usual low level.
Any buyers of the stock who are unaware of the fraud become victims once the
price falls. When they realize the fraud, it is too late to sell. They lost a
high percentage of their money. Even if the stock value does increase, the
stocks may be hard to sell because of lack of interested buyers, leaving the
shareholder with the shares for a far longer term than desired.
Short-selling or "scalping" schemes
This scheme takes a similar approach to the "pump-and-dump" scheme, by
disseminating false or fraudulent information through chat rooms, forums,
internet boards and via email (spamming), but this time with the purpose of
causing dramatic price decreases in a specific company's stock. Once the stock
reaches a certain low level, criminals buy the stock or options on the stock,
and then reverse the false information or just wait for it to wear off with
time or to be disproved by the company or the media. Once the stock goes back
to its normal level, the criminal sells the stock or option and reaps the huge
gain.
Scam Scams
Scam Scams is not a real scam, but a scam emulator. The project was started by
YouStockIt.com in April 2006 as a proactive approach towards scam
education.
The premise of "Scam Scams" is that the best way to raise awareness of internet
fraud is to set family and friends up by sending them Scam Scams. If the user
attempts to sign up for the service, they are then redirected to a page where
the scam process that they almost fell for is explained.
Avoiding Internet Investment Scams
The US Security Exchange Commission have enumerated guideline on how to avoid
internet investment scams. The summary are as follows:
-
The Internet allows individuals or companies to communicate with a large
audience without spending a lot of time, effort, or money. Anyone can reach
tens of thousands of people by building an Internet web site, posting a message
on an online bulletin board, entering a discussion in a live "chat" room, or
sending mass e-mails.
-
If you want to invest wisely and steer clear of frauds, you must get the facts.
-
The types of investment fraud een online mirror the frauds perpetrated over the
phone or through the mail. Consider all offers with skepticism.
External links
Retrieved from "
http://en.wikipedia.org/wiki/Internet_fraud"