Internet fraud
|
The term Internet fraud refers to any type of fraud scheme that uses email, web sites, chat rooms or message boards to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions or to transmit the proceeds of fraud to financial institutions or to other connected with the scheme.
Internet fraud is committed in several ways. The FBI has people assigned to combat this type of fraud; according to their figures, U.S. companies' losses due to Internet fraud in 2003 surpassed US$500 million. In some cases, fictitious merchants post excellent prices for goods and never deliver. However, that type of fraud is minuscule compared to criminals using stolen credit card information to buy goods and services.
Contents |
Stolen credit cards
Most Internet fraud is done through the use of stolen credit card information, which is obtained in many ways; the simplest being copying information from retail sites (online or offline). There have been cases of hackers obtaining huge quantities of credit card information from companies' databases. There have been cases of employees of companies that deal with millions of customers, in which they were selling the credit card information to criminals.
Geographic origin of fraudulent orders
In some cases Internet fraud schemes originate domestically (in the U.S.). But a significant proportion of organized Internet fraud seems to come from Africa, particularly Nigeria and sometimes from Ghana and Egypt. Some originate in Eastern Europe and Southwest Asia. For some reason, many fraudulent orders seem to originate from Belgium, from Amsterdam in Holland, from Palestine and from Malmo in Sweden. Lately, some fraudulent orders seem to originate in China.
Popular products
Fraudsters seem to prefer small and valuable products, such as: watches, jewelry, laptops, digital cameras, and ink cartridges.
Get wire transfer info
Some fraudsters approach merchants asking them for large quotes. After they quickly accept the merchant's quote, they ask for wire transfer information to send payment. Immediately, they use online check issuing systems as Qchex (http://qchex.com) that require nothing but a working email, to produce checks that they use to pay other merchants or simply send associates to cash them[1] (http://www.msnbc.msn.com/id/7914159).
Cash the check system
In some cases, fraudsters approach merchants and ask for large orders: $50,000 to $200,000, and even agree to pay via wire transfer in advance. After negotiation (which usually doesn't take too long because they agree on whatever price they are quoted), they invent some excuse about the impossibility of sending a bank wire transfer, so they tell the merchant they will send a check that the merchant can deposit and wait for it to clear, before shipping. In that case, many merchants feel safe because they will have the funds before shipping. What the fraudsters do is counterfeit checks from a medium to large U.S. company that usually has enough funds to cover the size of check they intend to send, imitating very well the signatures. This is performed usually with common bookkeeping and word-processing applications. When asked why was it a company check from a company that is not their company, they state that it was a payment that the U.S. company owed them. Banks usually pay those checks. Only when the U.S. company notices that they did not issue the check and complains to the Bank, the Bank debits the account of the merchant. By then, the merchant has already shipped the goods.
In some cases, the fraudsters do not tell the merchants that they will not issue the wire. They agree to the wire but ask the merchant for their Bank's address. The Fraudsters send a check directly to the merchant's Bank with a note asking to deposit it to the merchant's account. Unsuspecting Bank Officers deposit the check, and then the fraudster contacts the merchant stating that they made a "direct deposit" into the merchant's account. Since the check is a good counterfeit, it is paid by the Bank (like explained in the paragraph above).
Re-shippers
In case of services, fraudsters just use the stolen credit card info to obtain them. However, most fraudsters prefer goods. The problem presented is how to ship and safely retrieve the goods without being caught. Somehow, they invented the "Re-Shippers"
Nigerian version
In the Nigerian version, the fraudsters have armies of people actively recruiting single women through chat & matchmaking sites. At some point, the fraudster promises to marry the lady and come to the U.S. in the near future. Using some excuse, the fraudster asks permission to her "future wife" to ship some goods he is going to buy before he comes to the U.S., to her house. As soon as the woman accepts, the fraudster uses several credit cards to buy at different Internet sites simultaneously. In many cases, the correct billing address of the cardholder is used, but they shipping address is the home of the unsuspecting "future wife". Around the time when the packages arrive, the fraudster invents an excuse for not coming to the U.S. and tells his bride that he urgently needs to pick up most or all the packages. Since the woman has not spent any money, she sees nothing wrong and agrees. The next day or a very short time after, she receives a Fedex or UPS package with pre-printed labels, that she has agreed to apply to the boxes that she already has at home. The next day, all boxes are picked up by UPS or Fedex and shipped to the fraudster's real address (in Nigeria or elsewhere). After that day, the unsuspecting victim stops receiving communications from the "future husband", because her usefulness is over. To make matters worse, in most cases the fraudsters were able to create accounts with UPS/Fedex, based on the woman's name and address. So, a week or two later, the woman receives a huge freight bill from the shipping company, which she is supposed to pay because the goods were shipped from her home. Unwillingly, the woman became the fraudster re-shipper and helped him with his criminal actions.
East European version
This is a variant of the Nigerian Version, in which fraudsters recruit people through job postings. The fraudsters present themselves as a growing European company trying to establish a presence in the U.S. and agree to pay whatever the job applicant is looking to make, and more. The fraudsters explain to the unsuspecting victim that they will buy certain goods in the U.S., which need to be re-shipped to a final destination in Europe. When everything is agreed, they start shipping goods to the re-shipper's house. The same is similar to the Nigerian Version. Sometimes, when the frausters send the labels to be applied to the boxes, they also include a fake check, as payment for the re-shipper's services. By the time the check bounces unpaid, the boxes have been picked up already and all communication between fraudster and re-shipper has stopped.
Online Dating Fraud
This is an option when people you met at online dating websites, chats or instant message clients get acquainted with you. These people usually live in other countries so you can see them only on photos sent to you by them. They appear to look like very pretty and sexy. After communicating with these girls/guys for some period you feel that you get close friends. Then you both want to see each other in real life. These people usually ask for some money to buy airplane tickets to come to you. You transfer some sums via Western Union and then these people just disappear. The Computer Crime Research Center (http://www.crime-research.org) receives a lot of claims saying people were tricked out some sums of money reaching even $5000. So trust your pals and keep your purses away.
Counterfeit Postal Money Orders
According to the FBI and postal inspectors, there has been a significant surge in the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMO's) were intercepted by authorities from October to December of 2004, and according to the USPS, the "quality" of the counterfeits is so good that ordinary consumers can easily be fooled.
On March 9, 2005, the FDIC issued an alert SA-23-2005[2] (http://www.fdic.gov/news/news/SpecialAlert/2005/sa2305.html) stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions.
On April 26, 2005, Tom Zeller Jr. wrote an article in the New York Times[3] (http://www.usps.com/postalinspectors/mofeatur.htm) regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her.
Who has received Counterfeit Postal Money Orders (CPMO's):
- Small Internet retailers.
- Classified advertisers.
- Individuals that have been contacted through email or chat rooms by fraudsters posing as prospective social interests or business partners, and convinced to help the fraudsters unkowingly.
Geographical origin:
- Mostly from Nigeria
- Ghana
- Eastern Europe
The penalty for making or using counterfeit postal money orders is up to ten years in jail and a US$25,000 fine.
Phishing
Phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.
The term was coined in the mid 1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Phising has been widely used by fraudsters using spam messages maskerading as large Banks (Citibank, Bank of America) or Paypal. Although most people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
Auction and Retail Schemes Online
Fraudsters launch auctions on ebay with a very low price and no reserve, mostly for high priced items like watches, computers or high value collectibles. They receive payment and never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used. Some fraudsters also create complete webstores that appear to be legitimate, but never deliver on the goods. In some cases, some stores or auctioneers are legitimate and from one day to the other, they stop shipping(after cashing customers' payments).
Stock market manipulation schemes
These are also called investment schemes online. Criminals use these to try to manipulate securities prices on the market, for their personal profit. According to enforcement officials of the Securities and Exchange Commission, the 2 main methods used by these criminals are:
Pump-and-dump schemes
False and/or fraudulent information is disseminated in chat rooms, forums, internet boards and via email(spamming), with the purpose of causing a dramatic price increase in thinly traded stocks or stocks of shell companies (the "pump"). As soon as the price reaches a certain level, criminals immediately sell off their holdings of those stocks (the "dump"), realizing substantial profits before the stock price falls back to its usual low level. Any buyers of the stock who are unaware of the fraud become victims once the price falls. When they realize the fraud, it is too late to sell. They lost a high percentage of their money.
Short-selling or "scalping" schemes
This scheme takes a similar approach to the "pump-and-dump" schem, by disseminating false or fraudulent information through chat rooms, forums, internet boards and via email (spamming), but this time with the purpose of causing dramatic price decreases in a specific company's stock. Once the stock reaches a certain low level, criminals buy the stock or options on the stock, and then reverse the false information or just wait for it to wear off with time or to be disproved by the company or the media. Once the stock goes back to its normal level, the criminal sells the stock or option and reaps the huge gain.
See also
External links
- Computer Crime Research Center (http://www.crime-research.org/)
- Internet Fraud Complaint Center (http://www.ifccfbi.gov/cf1.asp)
- Merchant Risk Council (https://www.merchantriskcouncil.org)
- National Consumer's League Internet Fraud Page (http://www.fraud.org/internet/intinfo.htm)
- Article about Internet Fraud from the U.S. Department of Justice (http://www.usdoj.gov/criminal/fraud/Internet.htm)