Big Brother Gone Bad: The Ugly Face of Online Fraud

We use the internet for a wide range of activities on a daily basis, from gathering information to buying a new pair of shoes. However, surfing the web and carrying out transactions comes with its risks, one of which is online fraud.

Online fraud goes by many names, including consumer cybercrime, internet fraud, online crime, and e-crime. No matter what it’s called, it causes considerable distress to everyone it affects, and it can even culminate in serious financial problems.

Chapter One: Online Fraud Stats

Online fraud is simply fraud carried out by criminals online. According to Merriam-Webster.com, fraud is a noun with three distinct meanings:

• Using false pretenses
• Pretending to be someone or something you’re not
• Creating a counterfeit item or service

Why Should You Care?

Cyber criminals have developed increasingly advanced techniques over the years. The 2013 Norton Cybercrime report delivers figures that demonstrate how cybercrime is affecting the security of internet users. For the report, 13,022 adults aged 18 to 64 were interviewed from all over the world between the months of July and August of 2013. The following statistics demonstrate the evolution of online fraud:

• Although the number of adults who have fallen victim to consumer cybercrime has decreased, the average cost per victim has gone up by 50 percent.
• Attacks are getting more sophisticated, with fraudsters using tactics like spear-phishing and programs like ransomware.
• 49 percent of consumers use their personal mobile devices for work and for play, leading to new security risks for mobile and e-commerce businesses.
• 48 percent of tablet and smartphone users don’t take the most basic security steps such as installing security software or using passwords.
• The direct cost of global online fraud in the United States is $113 billion.
• The average cost per victim is up more than 50 percent in the U.S., from $197 in 2012 to $298 in 2013.

Why Online Fraud Is So Prevalent

Would you ever knowingly leave your front door unlocked when going out for the day? The chances are that nothing will happen, but surely the risk is not worth taking.

This analogy describes how too many people approach internet security. They either assume that nothing will happen to them, or they are simply unaware of the risks.

Cybercrime is a constant threat, and just because it doesn’t represent a physical threat in the form of someone trying to break into your home, it can be just as damaging.

The security challenges for IT professionals, businesses, employees, and individuals have become greater, and many organizations are now taking their online security more seriously.

Cisco reported the following data comprised from two global studies in its 2013 Annual Security Report:

• The strongest concentration of online security threats don’t target gambling, pornography and pharmaceutical websites. Rather, the greatest threats come from legitimate sites used by many internet users, such as the major search engines, social media platforms and consumer retail sites.

• Advertisements are 182 times more likely to transport malicious content than pornography websites.

• The growth of Android malware has skyrocketed faster than any other form of malware on the web. This is an alarming trend because Android has the most users in the global mobile device market.

• Online shopping sites are 21 times more likely to pass malicious content to visitors than counterfeit software sites.

• Search engines are 27 times more prone to transferring malicious programs than fake software sites.

According to John N. Stewart, senior vice president and chief security officer of Global Government and Corporate Security for Cisco, “Today we live a blended work-personal life. The hackers know this. The security threats that we encounter online like embedded Web malware, while visiting popular destinations like search engines, retailers, social media sites and smartphone/tablet apps no longer threaten only the individual; they threaten our organizations by default."

Chapter Two: Recognizing Online Financial Fraud

The ever-changing face of technology makes fighting online fraud a significant challenge. Here is a breakdown of the many types of internet consumer fraud.

Online Auction and Store Fraud

Internet auctions and online stores are popular places to find a bargain, but they are also popular with online fraudsters. Here are the most common types of online auction and e-store crimes:

• Non-Delivery – This is when the seller puts an item up for sale, but they fail to deliver to item to the buyer. Additionally, if the consumer uses a credit card, the “seller” could potentially steal their information and even their identity.

• Misrepresentation – Misrepresentation occurs when the seller deliberately values an item incorrectly. This can involve listing false information about an item up for bid or posting pictures that are not of the actual item. Another common practice is to alter the picture to make the item seem like a superior product.

• The Triangulation or Mule Scam – This scam can happen when you buy something from an online auction like eBay or a store like Amazon.com. From the beginning to the end, everything seems normal.

You choose the item, pay for it and order shipment. The goods arrive, and all is well. Soon after, you are informed by the authorities that you have paid for your items using a stolen credit card, but you know this is not the case.

It turns out that the seller took your money and then used a stolen card to buy the goods.

The scammer may have marked the items as a “gift” to hide the invoice details. When ordering from Amazon, eBay, or any other site, always check the buyer’s ratings and reviews. If you can, buy directly from Amazon and not a vendor.

• Black Market and Counterfeit Goods – Most consumers have no idea about the amount of counterfeit products for sale on the internet. These include videos, CDs, copied software, and replicas of designer or brand-name merchandise. Customers often only find out that they have bought counterfeit products when the merchandise arrives without the normal warranty, instructions, and packaging.

• Shill Bidding –  Shill bidding happens in online auctions. The seller places bids on their own items in order to bring up the price. They may also hire other people to do the false bidding for them. They then pull out right before the bidding closes, falsely inflating the ending price of the auction item.

• Multiple Bidding –  Multiple bidding involves the buyer placing bids on an item in different amounts, some high, some low. This makes the price go up significantly, discouraging other buyers from bidding. The fraudster then waits until the final minutes of the auction, when they withdraw all their high bids and leave only the lowest ones.

• Escrow Services Fraud – Just like online fraud, the escrow fraud criminal persuades the victim to conduct business outside the auction site or item-listing platform. They do this by requesting the use of a third-party escrow service to handle the sale. The fraudster then creates a fake escrow website that looks like a real escrow service. When the victim signs up with the fake website and sends payment via the service, they end up with nothing. Another scenario involves the victim sending goods to the fraudster and waiting for a payment to arrive via the fake escrow site, which never turns up.

• The Counterfeit Payment Plot – This online fraud targets consumers through the use of counterfeit cashier’s checks and fake money orders. The scam involves the fraudster sending the seller a cashier check or money order for a greater value than the item being purchased. The seller is told to keep some of the money for themselves and to wire the rest back to the fraudster. Once the victim cashes the check, they send the fraudster the cash. The victim then withdraws the money before it clears and sends it to the fraudster, but later discovers that the check was bad and is forced to reimburse the bank. This fraud also occurs on social media sites, forums, or chat rooms. In this case, the fraudster will usually ask for help in cashing a large check that they cannot do themselves for various reasons, offering part of the money in exchange for assistance.

Chapter Three: Contests and Romance Fraud

Online Lottery, Contest and Sweepstakes Fraud

Have you ever received a sweepstakes or lottery promotion in your email account? If so, you are among thousands of Americans who receive them nearly every day. As tempting as they seem, it’s important to remember that if a contest asks you to pay before you play, or pay to receive your award, it is a fake. Here are some of the most common lottery, contest and sweepstakes swindles.

Prizes and Sweepstakes Scams

You may have received a sweepstakes or special prize promotion via email or during a visit to a website in the form of a pop-up or banner advertisement.  

Marketers legitimately use sweepstakes or prize promotions, but they never ask you to pay to enter. If they ask you to pay taxes or they charge you a hidden fee, it is most likely a scam because a legitimate sweepstakes will never charge you to enter.

Be wary if you receive a promotion congratulating you on winning a prize. If you are asked for a shipping or handling fee, or if you are told to buy something to receive your reward, it is is likely to be fraudulent.

Is It Legitimate?

To determine the legitimacy of an online sweepstakes or other prize promotion, you should ask yourself the following four key questions:

• What’s the Hook? Does the prize company request your credit card account information, bank account number, or even your social security number? No real prize company ever asks for this kind of information in order to confirm that you are the winner.

• Do You Have to Pay? You should never have to pay in order to play or collect your prize when the contest or sweepstakes is a legitimate one.

• Are You Contest Confused? Can you read and understand the rules and entry instructions for the promotion? Are they easy to find on the website or advertisement? If you don’t understand or can’t find the information you need to be eligible to enter and win, you should think again before you enter or accept your “winnings.”

• Are the Prizes Worth the Trouble? Check to be certain that the winnings are truly worth your time and effort. Do you really want to win the prize? If not, ask if there is a cash payout option.

Foreign Lotteries and the Law

Foreign lotteries are illegal in the United States. A federal statute prohibits the mailing and e-mailing of lottery tickets, advertisements, and payments to buy lottery tickets from another country. Here are some even better reasons to avoid them:

• Lottery fraudsters will congratulate you on your winnings and then charge you a fee when you go to collect your imaginary prize.

• Most foreign lottery “agents” will take your cash without even buying your tickets.

• You never want to provide your financial or personal information to a stranger online, even if they tell you that you have won a large prize.

Online Dating Fraud

Many people use online dating sites, but this is another area where fraud can take place. If you meet someone who seems too good to be true, you should ask yourself some questions first:

• Is this person coming on too strong and too fast?
• Did this person start showing a strong interest towards you in a very short space of time?
• Did they tell you they are working and/or residing in another country?
• Finally, the most crucial question: Did they complain about having difficulty cashing a check, perhaps even a paycheck?

If you answered “Yes” to any of these questions, you may be the intended mark of a cybercriminal.

Cybercriminals mastermind these scams by portraying themselves as solitary people looking for legitimate relationships. Here are some of the more common scenarios.

The Reshipping Racket

In this scam, residents of the United States are recruited for the sole purpose of accepting packages at their homes, which they then repackage and send to another country.

Cyber criminals will target their victims in internet chat rooms, dating sites, webinars, social media sites, and messaging programs. They will usually say that their country of origin does not allow direct business shipments and they will ask you if they can send the goods to you instead. It sounds legit, so you agree.

However, a steady stream of packages soon begins to arrive, and this continues for several weeks or even months. The only way to stop it is to contact your local law enforcement agency for help, when you learn that the perpetrator used a fake or stolen credit card to purchase the shipments.

Mail Order Bride Scams

This scheme is often aimed at people looking for romance and companionship. The perpetrator will post an advertisement supposedly from a woman looking for a relationship with a foreign man to escape the problems of her home country. When the victim responds, he is told that the woman wishes to move to his country but that she lacks the funds.

Out of the blue, a dating or matching agency contacts the man, saying it can help with all of the necessary paperwork. It also offers to coordinate the arrival of his bride for a nominal payment.

At the last minute, the victim receives a message from the agency explaining that there is a problem and it needs more money. After the victim sends the money, he never hears from the agency again.

Chapter Four: Exploiting Human Nature

Online fraudsters understand human nature and exploit it for their own gain. This often involves tricking vulnerable victims and making their problems even more critical. Here are some common scams aimed at people who are often in difficult circumstances:

Advanced Fee Scams

Many people become victims of advance fee loan scams when they are unable to get loans from traditional sources. In these scams a con artist offers a "guaranteed" loan as long as the victim pays a special fee in advance. 

The advanced fee fraudster will tell you they can secure a loan for you from a legitimate lending institution, such as a bank. In reality, they have no power to get a loan for you. Instead, they steal the fee and disappear.

Advance fee fraudsters often ask for a percentage of the gross loan amount for payment of their required fee. For example, if a 10 percent fee is requested, you would have to pay $1,000 to obtain a loan of $10,000, which could land you in serious financial difficulties.

Charities Fraud

Charities fraud occurs when a fraudster sets out to trick innocent donators. It is most prevalent during the holidays or after a tragedy or major disaster, and people may receive requests via the U.S. Postal Service, online, by telephone, by text, on social media, and even by solicitation on their front doorsteps.

Although there are many recognizable charities, it is always a good idea to check on the organization first by researching online, calling the charity’s main office, or calling the Better Business Bureau (BBB).

Never send cash donations or wire money. Don’t and over your credit card or bank information. If you are approached by a group in your local neighborhood, take their information and call the agency directly. If you pay by check or credit card online, make sure it is a secure site. You can tell that it’s safe if it includes “https” in the address and has a lock icon in the address bar.

Internet Pharmacy Fraud

According to the FDA, it is a violation of the Federal Food, Drug, and Cosmetic Act to provide prescription drugs without a valid prescription. However, many internet pharmacies don’t follow state licensing requirements and standards.

The main problem in relation to online pharmacy fraud is counterfeit, expired, or diluted medications. Although a website may ask you to fill out a form or even consult with a “specialist” for a fee, they may not ask for your medical records or follow up to make sure you are satisfied with your prescription. In addition, the “doctors” on these websites often have a questionable background.

The cost savings and convenience can tempt consumers, but remember to never submit your private information or pay a fee to order medications. Ask your doctor to recommend an online pharmacy or other venue to help you get the medicines you need.

Upon further analysis, many labs have found prescription medications from fake online pharmacies have little to no potency, or little evidence of any active ingredients.

Other Online Frauds

There are many other types of online scams to look out for, and some of these include:

• Job Scams – Never pay to get a job or pay a job agency to find you work. Always check on anyone that contacts you to hire you, and call the BBB as well.

• Investment Fraud – Always research the investment company. This includes Ponzi schemes. Go with a reputable company that has been around for a long time. Get recommendations for people who have actually used the service.

• Nigerian "4-1-9" Scams – Never send money to anyone who contacts you via email, and don’t reply to these emails. Send the email to your email-hosting provider so that they can investigate.

• Pyramid Schemes – Never accept a franchise or distributorship in exchange for marketing a service or product. Always call your state attorney general’s office and the BBB to check on a specific company or organization.

• Online Advertising Fraud – This includes malicious attacks, such as malware, browser hijacking, botnets, and viruses. Always use an antivirus program with malware protection.

Chapter Five: Younger and Older Internet Users

Although online fraud can be worrying and confusing, you can proactively protect yourself and your loved ones by taking a few simple measures. Be alert, be skeptical, always question whether something seems odd, and never trust anyone you don’t know. Here are some more specific tips to follow for internet users of all ages:

Protecting Kids Online

Online fraudsters often target children and teenagers, and this can lead to problems for the whole family, especially when other computers in the household are affected by malware and viruses as a result. Give your child some commonsense tactics that help them stay safe, such as:

• Trust No One – Explain to them that they can never be sure of a person’s real identity online. If they don’t know them – or even if they do, but can’t confirm it’s that person for sure – they should avoid texting, chatting, sharing information, or communicating with them in any other way.

• Lock Down Information – Talk to your children about personal information. Explain to them that they should never tell anyone what their real name, address, or phone number is. Discuss how online predators may ask questions to find a child’s location, such as asking them what school they attend, where they like to go shopping, or what their favorite restaurant is.

• Be There, Be Aware – Check on your child’s online activity and install password programs and protection. Limit where they can go online – your Internet Service Provider can assist you with this. Be available to answer questions, and don’t allow them to buy anything online.

• Defend Gear and Gadgets – You can set up protection on all of your child’s mobile gear, from their smartphone to their tablet. Look for instructions from the manufacturer as well as your provider. You can install security applications such as Lookout, and you can use many other safety programs and software to add an extra level of protection. Many phones have settings especially for child users, so look into this as well.

• Seize Teachable Moments – Keep the dialogue open. Use the subject of online fraud as an opportunity to teach your children what to watch out for, as well as what to avoid posting online.

You could also set up some ground rules for using the internet, highlighting the dangers that they should be alert to. This could involve advising them not to:

• click on advertising banners, social media ads, or anything in a pop-up window.
• respond to emails from a stranger or anyone they aren’t expecting communications from before checking with you first.
• download anything unless you approve it first.
• share any information with strangers on websites or social media.
• forward emails to a mass group, forum, social media site, or message board.
• order anything online without your knowledge.
• accept gifts, texts, pictures or anything else online without talking to you first.
• post photos of themselves online or via text message.

Gently remind your teen from time to time about the implications of being careless online. Point out how they could jeopardize the entire family, so it isn’t just about them. Sit them down and explain the important reasons behind why you have to set these guidelines, and be clear that they should always be able to come to you when they are unsure of anything.

Risks for Older Internet Users

Seniors are often at greater risk of become victims to online fraud. If you have an elderly friend or relative, you may want to talk to them about the risks of online fraud and let them know that they can always ask you if they are unsure about something.

• Explain to your elderly relative that they should not trust strangers online, especially those who are asking for their money or confidential information. Inform them about the most common scams out there, such as:
• Fake lottery and sweepstakes asking for upfront fees to enter or collect winnings.
• Government impostors posing as representatives from Medicare, Medicaid, or Social Security.
• Scams where someone poses as their grandchild in need of financial help.
• False offers for free or discounted medications or medical equipment.
• Credit card fraud and investment scams.

Advise them to invest in antivirus, anti-malware, and anti-spyware software, and teach them how to use it. Show them how to keep their virus protection and anti-spyware software running and up to date.

Teach them how to use and save their passwords, perhaps using an encrypted secure password generator like LastPass or Dashlane. These are simple to use and will give seniors an extra level of protection.

Helping from Afar

If you live a distance from your elderly parents or loved ones, there are still ways that you can help them.

• Ask a trusted friend of the family or next-door neighbor to look in on them occasionally.

• Set up online access to their credit card and bank accounts so you can observe their finances and look for any unusual activity. Check their credit reports at a free credit checker site like AnnualCreditReport.com to make sure no fake accounts have been opened in their names.

• You can get some toll-free help from the AARP Fraud Fighter Call Center at 800-646-2283. You may need to leave a message, but you can expect a reply within 48 hours. According to the AARP, they receive many calls from children of elderly parents who are concerned about possible fraud. Many senior parents are ashamed to confess to their children that a fraudster has victimized them, and the AARP is an invaluable resource in such cases.

Chapter Six: Online Fraud Risks for Businesses

Any business can be put at risk by online fraud. Not every business can have the same security measures in place as the big conglomerates, but there is still plenty you can do to prevent online fraud.

One of the most frequent scams for businesses involves credit card fraud. This is often because busy business owners don’t have the time or resources to monitor their credit card activity, or they mistakenly mix their personal accounts with their business accounts. Lack of security with the business computers and the network, as well as inadequate background checking of hires, also contribute to the risks.

Other tips for business owners and employees include:

• Secure and Protect All Assets – Add protection to all your credit cards and bank accounts because this is the most vulnerable area of fraud for any business of all sizes. Don’t give your credit cards or credit information to your employees or colleagues. Use a secure online bill payment system and store all confidential information in a securely locked place. Lock your company mailbox and only give the key to the most trusted employees.

• Don’t Mix Business with Pleasure – Separate your personal accounts from your business accounts. That way, if there is a breach of security, it won’t hit every account you own. It will also be much easier to track your business expenses and report deductions on your taxes this way.

• Lock Down Your Company IT Infrastructure – Purchase a firewall, as well as antivirus, malware, and spyware detection programs. Back up everything so you can continue operations even if you are under a major cyber-attack. Change passwords on a regular basis and protect them carefully. Avoid using the same password for all your accounts. Enforce password policies with clear rules for password complexity. Require frequent changes every two months.

• Dedicate One Computer Just for Banking –  Devoting one computer to all your online financial transactions and activity is the safest way to do business. It is much harder for cyber crooks to get access to all of your confidential information when you use one machine. Remember to use it exclusively for financial purposes and not for social media, surfing the web, or email. Avoid mobile banking, especially if you are using an unsecured Wi-Fi service.

• Close Points of Entry – Your employees are your biggest area of vulnerability, so make them your first line of defense by holding regular training sessions. Cover the latest security threats and provide updates on the latest swindles. Create policies that guide your workers on things like handling confidential company, personnel, and customer information and financial details.

• Basic Background Checks – Always conduct a basic pre-hire background check on your employees, especially those who will be dealing with high-priced merchandise, confidential company and customer data and financial information. The level you want to dig down into depends on exactly what information your new hire will have access to, so for specific information, go to the Small Business Administration (SBA) Guide to Employee Background Checks.

• Coverage is Crucial – Cybersource Corp, a company that provides payment processing and risk management services, reports that retailers’ revenue losses due to online fraud has gone up over the past two years, reaching $3.5 billion in 2012. Cover your damages by buying an insurance policy that includes any losses incurred from online fraud, and talk to your bank and credit card companies to find out what types of protection they offer.

Chapter Seven: Fighting Back

Although cyber crime is on the rise, there is a great deal of information and assistance available for anyone who is concerned about online fraud. Here are some valuable resources to help you avoid internet scams:

• National Fraud Information Center – Fraud.org is the brainchild of the National Consumers League (NCL), a nonprofit advocacy organization based in Washington, D.C. Its goal is to give consumers the information they need to avoid falling victim to telemarketing and online fraud.

• The National Cyber Security Alliance – Working with National Homeland Security, it provides tools for anyone, including families and businesses, who wants to use the internet safely.

• The Business Software Alliance – The BSA teaches parents and children about internet scams and safety. It offers safety games and puzzles for children to solve. It also talks about cyber ethics. The BSA protects intellectual property and works to open fair market trading through government relations, intellectual property enforcement, and educational activities around the world.

• GetNetWise – A public service and project of the Internet Education Foundation, GetNetWise gives parents the resources they need to teach both themselves and their children about staying safe online.

The FBI Steps Forward: The New Internet Crime Initiative

The FBI’s Internet Crime Complaint Center (IC3) recently teamed up with the state of Utah to start a pilot program targeting online crime. The focus of the program is to create a firm standard for sharing information and coordinating investigations between law enforcement organizations. The goal is to close the gap between the state and local law agencies and the FBI, opening up information and methodologies to deal with this new kind of criminal.

The Internet Crime Complaint Center has been in operation for over 14 years, providing resources for victims and the law regarding reporting, investigating, and prosecuting internet crimes. IC3 represents tough teamwork between the FBI and the National White Collar Crime Center to give victims of online fraud an accessible and simple reporting platform that alerts the authorities to suspected internet criminal violations.

The IC3 helps law enforcement by acting as a platform to gather internet-related complaints, to do the research related to them, and to generate analytical reports based on each for local, state, federal, tribal, and international law enforcement. It also assists all the state and federal regulatory agencies, helping them develop investigations based on the IC3 data. The IC3 also issues public service announcements to increase internet crime awareness.

The IC3 states that in 2012 alone, victims reported over $500 million in losses from crimes like computer intrusion, extortion scams, fraudulent auto sales, online dating schemes, malware and ransomware, as well as auction and charity fraud. Its new initiative, with the assistance of the Cyber and Criminal Investigative Divisions, combines law enforcement resources to go after cyber criminals systematically.

IC3 is going after cyber thieves using its own tools, including a complaints database and analytics. IC3 personnel are also producing action-based intelligence packages linked to specific geographical areas. These packages help point out major trends and identify individuals and criminal enterprises based on general complaints.

It can also connect various methods of operation back to the same organizations, pinpointing the many layers of current criminal activity. It also includes information from preliminary investigative research performed by the IC3 analysts, including basic web domain searches and criminal record checks.

Once it completes a package, it sends it to the local FBI cyber task force for further action, giving investigators details of any given case before they even conduct the first interview. Their cyber task forces are located in every field office of the FBI. They include FBI agents, other federal representatives, and state and local law enforcement who investigate a gamut of cyber threats, including internet crime.

For example, in the Utah pilot program, FBI agents team up with officers from the Utah Department of Public Safety State Bureau of Investigation, along with federal and local prosecutors and consumer protection bureaus. They make decisions together on whether to prosecute locally or federally, or if they can combine violations of local statutes in a federal prosecution to target entire criminal enterprises that operate across jurisdictional lines.

The more complaints IC3 receives from the public and law enforcement authorities, the more effectively law enforcement can identify and arrest those responsible for online fraud. If you believe you or someone you know has been a victim of internet crime, you can file a complaint with IC3.

Whether you are the victim or a third party, submit the following information to file a complaint:

• Name
• Mailing address
• Telephone number
• Name, address, telephone number.
• Web address of the individual or organization you think defrauded you.
• Specific details on how, why, and when you think you were defrauded.
• Any other relevant information you believe is necessary to support your complaint.

If you cannot find the details of the person, email server, or the offending site, try tracking down the hosting company they are using. Use the Cybernewsguide.com tool and simply enter the domain in the search field. Hosting companies usually act fast regarding potentially fraudulent activities on their servers. They can also provide a wealth of timely information and lead you in the right direction when it comes to seeking further details.

As state, federal, and local authorities continue to develop cybercrime laws, we can do our part too. As parents and caregivers, we can learn about online fraud and we can then teach the most vulnerable, our young people and our elderly, how to stay safe from cybercrime. Armed with some common sense tactics and information, it is easy to stay safe online.

The crooks may be here to stay, but at least we have ways to stop them cold. Don’t become someone’s victim online. Be careful, be smart, and communicate when something doesn’t seem right to you – and stay safe online.