Internet fraud

From Free net encyclopedia

The term Internet fraud refers to any type of fraud scheme that uses email, web sites, chat rooms or message boards to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions or to transmit the proceeds of fraud to financial institutions or to other connected with the scheme.

Contents 1 Overview 1.1 Geographic origin 1.2 Popular products 2 Identity theft schemes 2.1 Stolen credit cards 2.2 Get wire transfer info 3 Purchase scams 3.1 Direct solicitations 3.2 Counterfeit Postal Money Orders 3.3 Online Automotive Fraud 3.4 Cash the check system 3.5 Re-shippers 3.5.1 Nigerian version 3.5.2 East European version 3.5.3 Chinese version 3.6 Call tag scam 4 Website scams 5 Click Fraud 6 International Modem Dialing 7 Online Dating Fraud 8 Phishing 9 Pharming 10 Auction and Retail Schemes Online 11 Stock market manipulation schemes 11.1 Pump-and-dump schemes 11.2 Short-selling or "scalping" schemes 11.3 Scam Scams 12 See also 13 External links

Overview

Internet fraud is committed in several ways. The FBI and police agencies worldwide have people assigned to combat this type of fraud; according to figures from the FBI, U.S. companies' losses due to Internet fraud in 2003 surpassed US$500 million. In some cases, fictitious merchants advertise goods for very low prices and never deliver. However, that type of fraud is minuscule compared to criminals using stolen credit card information to buy goods and services.

Geographic origin

In some cases Internet fraud schemes originate in the U.S. and European countries, but a significant proportion seems to come from Africa, particularly Nigeria, and sometimes from Ghana and Egypt. Some originate in Eastern Europe, Southwest Asia and China. For some reason, many fraudulent orders seem to originate from Belgium, from Amsterdam in the Netherlands, from Palestine, and from Malmö in Sweden.

Popular products

Fraudsters seem to prefer small and valuable products, such as: watches, jewelry, laptops, digital cameras, and camcorders.

Identity theft schemes

Stolen credit cards

Most Internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either (online or offline). There have been many cases of hackers obtaining huge quantities of credit card information from companies' databases. There have been cases of employees of companies that deal with millions of customers in which they were selling the credit card information to criminals.

Despite the claims of the credit card industry and various merchants, using credit cards for online purchases can be insecure and carry a certain risk. Even so called "secure transactions" are not fully secure, since the information needs to be decrypted to plain text in order to process it. This is one of the points where credit card information is typically stolen.

Get wire transfer info

Some fraudsters approach merchants asking them for large quotes. After they quickly accept the merchant's quote, they ask for wire transfer information to send payment. Immediately, they use online check issuing systems as Qchex that require nothing but a working email, to produce checks that they use to pay other merchants or simply send associates to cash them[1].

Purchase scams

Direct solicitations

The most straightforward type of purchase scam is a buyer in another country approaching many merchants through spamming them and directly asking them if they can ship to them using credit cards to pay.

An example of such email is as follows:

From: XXXXXX XXXXXX [XXXXXXX@hotmail.com] Sent: Saturday, October 01, 2005 11:35 AM Subject: International order enquiry

Goodday Sales, This is XXXXXX XXXXXXX and I will like to place an order for some products in your store, But before I proceed with listing my requirements, I will like to know if you accept credit card and can ship internationally to Lagos, Nigeria. Could you get back to me with your website so as to forward you the list of my requirements as soon as possible. Regards, XXXXXX XXXXXX, XXXXXXXX Inc. 9999 XXXXX street, Mushin, Lagos 23401, Nigeria Telephone: 234-1-99999999, Fax: 234-1-9999999, Email: XXXXXXXXX@hotmail.com

Most likely, a few weeks or months after the merchant ships and charges the Nigerian credit card, he/she will be hit with a chargeback from the credit card processor and lose all the money.

Counterfeit Postal Money Orders

According to the FBI and postal inspectors, there has been a significant surge in the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMO's) were intercepted by authorities from October to December of 2004, and according to the USPS, the "quality" of the counterfeits is so good that ordinary consumers can easily be fooled.

On March 9, 2005, the FDIC issued an alert SA-23-2005[2] stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions.

On April 26, 2005, Tom Zeller Jr. wrote an article in the New York Times[3] regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her.

Who has received Counterfeit Postal Money Orders (CPMOs):

• Small Internet retailers.
• Classified advertisers.
• Individuals that have been contacted through email or chat rooms by fraudsters posing as prospective social interests or business partners, and convinced to help the fraudsters unknowingly.

Geographical origin:

• Mostly from Nigeria
• Ghana
• Eastern Europe

The penalty for making or using counterfeit postal money orders is up to ten years in jail and a US$25,000 fine.

Online Automotive Fraud

There are two basic schemes in online automotive fraud:

1. A fraudster posts a vehicle for sale on an online site, generally for luxury or sports cars advertised for thousands less than market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors and re-posted elsewhere. An interested buyer, hopeful for a bargain, emails the seller, who responds saying the car is still available but is located overseas. He then instructs the buyer to send a deposit via wire transfer to initiate the "shipping" process. The unwitting buyer wires the funds, and doesn't discover until days or weeks later that they were scammed.
2. A fraudster feigns interest in an actual vehicle for sale on the Internet. The "buyer" explains that a client of his is interested in the car, but due to an earlier sale that fell through has a certified check for thousands more than the asking price and requests the seller to send the balance via wire transfer. If the seller agrees to the transaction, the buyer sends the certified check via express courier (typically from Nigeria). The seller takes the check to their bank, which makes the funds available immediately. Thinking the bank has cleared the check, the seller follows through on the transaction by wiring the balance to the buyer. Days later, the check bounces and the seller realizes they have been scammed. But the money has long since been picked up and is not recoverable.

How to protect yourself:

• If you are selling a vehicle, never accept a certified check for more than the amount and agree to wire the difference. Even if you insist on doing this, wait a good 10 days before you wire a dime - otherwise, you are very likely to lose it all.
• If you are buying a vehicle, remember that if the deal you are looking at sounds too good to be true, on the Internet anyway, it nearly always is.

Cash the check system

In some cases, fraudsters approach merchants and ask for large orders: $50,000 to $200,000, and even agree to pay via wire transfer in advance. After negotiation (which usually doesn't take too long because they agree on whatever price they are quoted), they invent some excuse about the impossibility of sending a bank wire transfer, so they tell the merchant they will send a check that the merchant can deposit and wait for it to clear, before shipping. In that case, many merchants feel safe because they will have the funds before shipping. What the fraudsters do is counterfeit checks from a medium to large U.S. company that usually has enough funds to cover the size of check they intend to send, imitating the signatures very well. This is performed usually with common bookkeeping and word-processing applications. When asked why was it a company check from a company that is not their company, they state that it was a payment that the U.S. company owed them. Banks usually pay those checks. Only when the U.S. company notices that they did not issue the check and complains to the Bank, the Bank debits the account of the merchant. By then, the merchant has already shipped the goods.

In some cases, the fraudsters do not tell the merchants that they will not issue the wire. They agree to the wire but ask the merchant for their Bank's address. The fraudsters send a check directly to the merchant's Bank with a note asking to deposit it to the merchant's account. Unsuspecting Bank Officers deposit the check, and then the fraudster contacts the merchant stating that they made a "direct deposit" into the merchant's account. Since the check is a good counterfeit, it is paid by the Bank (as explained in the paragraph above).

Re-shippers

In the case of services, fraudsters just use stolen credit card info to purchase them. However, most fraudsters prefer goods, but the problem is how to ship and safely retrieve the goods without being caught. So they have invented the "Re-Shippers"

Nigerian version

In the Nigerian version, the fraudsters have armies of people actively recruiting single women from western countries through chat & matchmaking sites. At some point, the fraudster promises to marry the lady and come to the her home country in the near future. Using some excuse the fraudster asks permission of his "future wife" to ship some goods he is going to buy before he comes. As soon as the woman accepts the fraudster uses several credit cards to buy at different Internet sites simultaneously. In many cases the correct billing address of the cardholder is used, but the shipping address is the home of the unsuspecting "future wife". Around the time when the packages arrive, the fraudster invents an excuse for not coming and tells his "bride" that he urgently needs to pick up most or all the packages. Since the woman has not spent any money, she sees nothing wrong and agrees. Soon after, she receives a Fedex or UPS package with pre-printed labels that she has agreed to apply to the boxes that she already has at home. The next day, all boxes are picked up by UPS or Fedex and shipped to the fraudster's real address (in Nigeria or elsewhere). After that day the unsuspecting victim stops receiving communications from the "future husband" because her usefulness is over. To make matters worse, in most cases the fraudsters were able to create accounts with UPS/Fedex, based on the woman's name and address. So, a week or two later, the woman receives a huge freight bill from the shipping company which she is supposed to pay because the goods were shipped from her home. Unwillingly, the woman became the fraudster re-shipper and helped him with his criminal actions.

East European version

This is a variant of the Nigerian Version, in which fraudsters recruit people through job postings. The fraudsters present themselves as a growing European company trying to establish a presence in the U.S. and agree to pay whatever the job applicant is looking to make, and more. The fraudsters explain to the unsuspecting victim that they will buy certain goods in the U.S. which need to be re-shipped to a final destination in Europe. When everything is agreed they start shipping goods to the re-shipper's house. The rest is similar to the Nigerian Version. Sometimes, when the fraudsters send the labels to be applied to the boxes, they also include a fake check, as payment for the re-shipper's services. By the time the check bounces unpaid, the boxes have been picked up already and all communication between fraudster and re-shipper has stopped.

Chinese version

This is a variant of the East European Version, in which fraudsters recruit people through spam. The fraudsters present themselves as a growing Chinese company trying to establish a presence in the U.S. or Europe and agree to pay an agent whatever the unsuspecting victim is looking to make, and more. Here is an example of a recruiting email:

Dear Sir/Madam, I am Mr. XXX XXX, managining XXXXXXXXXXX Corp. We are a company who deal on mechanical equipment, hardware and minerals, electrical products, Medical & Chemicals, light industrial products and office equipment, and export into the Canada/America and Europe. We are searching for representatives who can help us establish a medium of getting to our costumers in the Canada/America and Europe as well as making payments through you to us. Please if you are interested in transacting business with us we will be glad. Please contact us for more information. Subject to your satisfaction you will be given the opportunity to negotiate your mode of which we will pay for your services as our representative in Canada/America and Europe. Please if you are interested forward to us your phone number/fax and your full contact addresses. Thanks in advance. Mr. XXX XXX. Managing Director"

Call tag scam

The Merchant Risk Council reported that the "call tag" scam re-emerged over the 2005 holidays and several large merchants suffered losses. Under the scheme, criminals use stolen credit card information to purchase goods online for shipment to the legitimate cardholder. When the item is shipped and the criminal receives tracking information via email, he/she calls the cardholder and falsely identifies himself as the merchant that shipped the goods, saying that the product was mistakenly shipped and asking permission to pick it up upon receipt. The criminal then arranges the pickup issuing a "call tag" with a shipping company different that the one the original merchant used. The cardholder normally doesn't notice that there is a second shipping company picking up the product, which in turn has no knowledge it is participating in a fraud scheme. The cardholder then notices a charge in his card and generates a chargeback to the unsuspecting merchant.

Website scams

Click Fraud

The latest scam to hit the headlines is the multi-million dollar Clickfraud which occurs when advertising network affiliates force paid views or clicks to ads on their own websites via Spyware, the affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google's Adsense capability pay high commissions that drive the generation of bogus clicks. With paid clicks costing as much as $100 and an online advertising industry worth $10 Billion+ it is clear why this form of Internet fraud is on the increase.

International Modem Dialing

Many consumers connect to the Internet using a modem calling a local telephone number. Some web sites, normally containing adult content, use international dialing to trick consumers into paying to view content on their web site. Often these sites purport to be ‘free' and advertise that ‘no credit card is needed.' They then prompt the user to download a ‘viewer' or dialer' to allow them to view the content. Once the program is downloaded it disconnects the computer from the Internet and proceeds to dial an international long distance or premium rate number, charging anything up to $7 or $8 per minute. An international block is recommended to prevent this, but in the U.S. and Canada, calls to the Caribbean (except Haiti) can be dialed with a "1" and a three-digit area code, so such numbers, as well as "10-10 dial-round" phone company prefixes, can circumvent an international block.

Online Dating Fraud

This is an option when people you met on an online dating website, chat, or instant messaging get acquainted with you. These people usually live in other countries so you can see them only in photos. They appear to look like very pretty and sexy. After communicating with these girls/guys for some period you feel that have become close friends. Then you both want to see each other in real life. These people usually ask for some money to buy airplane tickets to come to you. You transfer money via Western Union and then these people just disappear. The Computer Crime Research Center receives a lot of claims saying people were tricked out of as much as $5000.

Crime in Mari El is where a number of dating scams are said to originate.

Phishing

Phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.

The term was coined in the mid 1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.

Phishing has been widely used by fraudsters using spam messages masquerading as large Banks (Citibank, Bank of America) or Paypal. These fraudsters can copy the code and graphics from legitimate websites and use them on their own sites to create a legitimate-looking scam web pages. They can also link to the graphics on the legitimate sites to use on their own scam site. These pages are so well done that most people cannot tell that they have navigated to a scam site. Fraudsters will also put the text of a link to a legitimate site in an e-mail but use the source code to links to own fake site. This can be revealed by using the "view source" feature in the e-mail application to look at the destination of the link or putting the cursor over the link and looking at the code in the status bar of the browser. Although many people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.

Anti-phishing technologies are now available.

Pharming

Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.

If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN number or account number. Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server certificates.

For example, in January 2005, the Domain Name for a large New York ISP, Panix, was hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay.de Domain Name.

Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage.

Anti-pharming technologies are now available.

Auction and Retail Schemes Online

Fraudsters launch auctions on eBay or TradeMe with a very low price and no reserve, mostly for high priced items like watches, computers or high value collectibles. They receive payment and never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used. Some fraudsters also create complete webstores that appear to be legitimate, but never deliver on the goods. In some cases, some stores or auctioneers are legitimate and from one day to the other, they stop shipping(after cashing customers' payments).

Stock market manipulation schemes

These are also called investment schemes online. Criminals use these to try to manipulate securities prices on the market, for their personal profit. According to enforcement officials of the Securities and Exchange Commission, the 2 main methods used by these criminals are:

Pump-and-dump schemes

False and/or fraudulent information is disseminated in chat rooms, forums, internet boards and via email (spamming), with the purpose of causing a dramatic price increase in thinly traded stocks or stocks of shell companies (the "pump"). As soon as the price reaches a certain level, criminals immediately sell off their holdings of those stocks (the "dump"), realizing substantial profits before the stock price falls back to its usual low level. Any buyers of the stock who are unaware of the fraud become victims once the price falls. When they realize the fraud, it is too late to sell. They lost a high percentage of their money.

Short-selling or "scalping" schemes

This scheme takes a similar approach to the "pump-and-dump" scheme, by disseminating false or fraudulent information through chat rooms, forums, internet boards and via email (spamming), but this time with the purpose of causing dramatic price decreases in a specific company's stock. Once the stock reaches a certain low level, criminals buy the stock or options on the stock, and then reverse the false information or just wait for it to wear off with time or to be disproved by the company or the media. Once the stock goes back to its normal level, the criminal sells the stock or option and reaps the huge gain.

Scam Scams

---

Is not a real scam but a scam emulator. The project was started by YouStockIt.com in April 2006 as a proactive approach towards scam education.

The premise of "Scam Scams" is that the best way to raise awareness of Internet Fraud is to set family and friends up by sending them Scam Scams. If the user attempts to sign up for the service they are then redirected to a page where the scam process that they almost fell for is explained.

See also

• Advance fee fraud
• Clickfraud
• Credit card fraud
• Forex scams
• Job Scams
• Pharming
• Phishing
• Wire fraud

External links

• Auction Fraud Database
• Computer Crime Research Center
• Article about Internet Fraud from the U.S. Department of Justice
• Internet Fraud Complaint Center
• Merchant Risk Council
• National Consumer's League Internet Fraud Page
• U.S. Department of State Article about Advanced Fee Business Scams.
• 7th On Your Side: The Wonderful World Of Web Scams on The 7th Level]
• The YouStockIt Scam Scams Projectde:Internetbetrug

nl:Internetfraude