Internet fraud
Encyclopedia
Internet fraud refers to the use of Internet
services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme.
Internet fraud can occur in chat rooms, email, message boards or on websites.
As a result, merchants do not get paid for the sale. Merchants who accept credit cards may receive a chargeback
for the transaction and lose money as a result.
An example of a fraudulent purchase transaction:
, the quality of the counterfeit postal money orders is so good that ordinary consumers can easily be fooled. The counterfeit postal money orders are presented for payment at banks and other financial institutions.
On April 26, 2005, Tom Zeller Jr.
wrote an article in The New York Times
regarding a surge in the quantity and quality of the forging of U.S. postal money orders, and its use to commit online fraud. Small Internet retailers, classified advertisers and individuals contacted by defrauders online are victims of this fraudulent activity.
In the United States of America, the penalty for making or using counterfeit postal money orders is up to ten years in jail and/or a $25,000 fine.
to initiate the "shipping" process. The unwitting victim wires the funds, and subsequently discovers they have been scammed.
In another type of fraud, a fraudster contacts someone who has posted a vehicle for sale online, asking for the vehicle identification number
(VIN) in order to check the accident record of the vehicle. However, the crook actually uses the VIN to make fake documentation for a stolen car, in order to sell it.
Vehicles can also be used as part of a counterfeit cashier's check scam.
or rent.com
receive an e-mail response from a prospective renter from a foreign country, typically a student fresh out of secondary education (high school
in the U.S.). The first inquiry seems legitimate. The second usually comes with request for more information and an attachment from a fake company set up by the scam artist indicating that the "student" has won a part-time scholarship from the company. (The fraudster will often set up a fake website for the company, in order to make the attachment seem legitimate.) The scam comes with the third e-mail: a request for the victim's name and address so that the "company" can send a cashier's check
to cover the rent and the "student's" travel costs.
The victim is instructed to cash the check and wire the difference back to the student so that they can travel to the destination country. In the United States, banks consider cashier's checks to be "guaranteed funds" and will typically cash them instantly. However, unlike a certified check
, the bank that cashes a cashier's check can still take back the money from the depositor if the check is counterfeit or "bounces". Because of the lag between the cashing and clearing of the check, the victim does not realize that they have been had until their account is debited for the amount they wired to the fraudster, plus any fees for the bounced check.
). The victim takes the check to their bank, which makes the funds available immediately. Thinking the bank has cleared the check, the seller follows through on the transaction by wiring the balance to the buyer. Days later, the check bounces, and the victim is responsible for the amount they wired to the fraudster, plus any fees associated with the bounced check.
via bank wire transfer
. After ordering, the fraudster claims that paying via wire transfer is impractical, and instead sends a counterfeit check drawn on the account of a real, uninvolved organization as an alternate payment. After the check clears, the victim company ships the goods. When the uninvolved organization notices the fraudulent transaction against their account, they request a chargeback
, resulting in the victim losing both the money and the goods.
In some cases, thieves learn the address of a merchant's bank, and send counterfeit checks directly to the bank. They then claim a direct deposit
was made after the check is deposited by bank staff, hoping the victim will only notice the apparently available funds, and not the fact that it was a check deposit that the bank has not yet fully cleared.
In other cases, defrauders negotiate smaller transactions (e.g. ordering $2,000 to $10,000 worth of goods) with fraudulent checks written for more than the purchase amount, and instruct the merchant to refund "excess" amounts via Western Union
money transfer to an account in another country.
s with their victims to obtain personal details. After the victim accepts a marriage proposal from the scammer, items are bought online using credit card information stolen from other people and shipped to victims without their knowledge. The fraudster then claims the goods were sent to the wrong address, and asks the victim to apply pre-printed labels to the packages and re-ship them to fraudsters' real address. Once the victim re-ships the goods, the fraudster ceases all communication with the victim. Victims often discover that the shipping account for the pre-printed labels is in their name when the freight company bills them for the shipping costs.
by presenting themselves as a growing European company trying to establish a presence in the United States.
The fraudsters explain that they will buy goods in the United States that need to be re-shipped to a final destination in Europe
. The thieves then ship fraudulently-purchased goods to the victims, and the victims re-ship goods to the fraudsters. Sometimes, if the fraudsters send pre-printed shipping labels to the victims, they also include a counterfeit check as payment for the re-shipper's services. By the time the check bounces, the goods have already been re-shipped and the fraudsters stop all communication with their victims.
. The fraudsters present themselves as a growing Chinese company trying to establish a presence in the United States or Europe.
Once the victim company sends the quotation to the fraudster, they reply that they will have their U.S. agent or freight representative come to the company's location and pick up the merchandise, and the agent will ship the goods to the "customer". The fraudster then asks the company to add a plausible additional charge of US$700 to US$1,500 onto the total cost, and pay that amount to the "agent" when they arrive to collect the goods. The scammer also offers additional compensation to the company, for the extra trouble of paying their agent. The offered reasons for this arrangement might be "the freight company only accepts cash", or "the agent is unable to process credit cards". If the victim company responds that this is not possible, the fraudster will cut off communication.
There are typically many grammar and spelling mistakes in the communications:
or TradeMe
with very low prices and no reserve price, especially for typically high priced items like watches, computers, or high value collectibles. The fraudster accepts payment from the auction winner, but either never delivers the promised goods, or delivers an item that is less valuable than the one offered—for example, a counterfeit, refurbished, or used item.
Online retail schemes involve complete online stores that appear to be legitimate. As with the auction scheme, when a victim places an order through such a site, their funds are taken but no goods are sent, or inferior goods are sent.
In some cases, the stores or auctioneers were once legitimate, but eventually stopped shipping goods after accepting customer payments.
Sometimes fraudsters will use phishing
techniques to hijack a legitimate member accounts on an online auction site—typically an account with a strongly positive online reputation—and use it to set up a phony online store. In this case, the fraudster collects the money, while ruining the reputation of the conned eBay member. When victims complain that they have not received their goods, the legitimate account holder receives the blame.
A more subtle variation of online auction fraud occurs when a seller ships an item to an incorrect address that is within the buyer's ZIP code
using the United States Postal Service
's Delivery Confirmation service. This service does not require the recipient to sign for the package, but offers confirmation that the Postal Service delivered the package within the specified ZIP code. The item shipped is usually an empty envelope with no return address and no recipient name, just a street address different from that of the victim. The delivery of the envelope with the Delivery Confirmation barcode attached suffices for the Postal Service to record the delivery as confirmed. The fraudster can then claim the package has been delivered, and offer the Delivery Confirmation receipt as proof to support the claim.
auctions that allow the purchaser to personally collect the item from the seller, rather than having the item shipped, and where the seller accepts PayPal
as a means of payment.
The fraudster uses a fake address with a post office box
when making their bids, as PayPal
will allow such an unconfirmed address. Such transactions are not covered by PayPal's seller protection policy. The fraudster buys the item, pays for it via PayPal, and then collects the item from the victim. The fraudster then challenges the sale, claiming a refund from PayPal and stating that they did not receive the item. PayPal's policy is that it will reverse a purchase transaction unless the seller can provide a shipment tracking number as proof of delivery; PayPal will not accept video evidence, a signed document, or any form of proof other than a tracking number as valid proof of delivery.
This form of fraud can be avoided by only accepting cash from buyers who wish to collect goods in person.
The cardholder may later notice the charge on his statement and protest the charge, generating a chargeback
to the unsuspecting merchant.
The Merchant Risk Council reported that the "call tag" scam re-emerged during the 2005 holidays and several large merchants suffered losses.
In one such scheme, after paying a registration fee the victim will be sent advice on how to place ads, similar to the one that recruited him, in order to recruit others. This is a form of Ponzi scheme
.
Another work-at-home scam involves kits for small doodads such as CD cases to be assembled by the victim in their home. The victim pays a fee for the kit, but after assembling and returning the item, the scammer rejects it as substandard, refusing to reimburse the victim for the cost of the kit. Variations on this scam include work on directories, stuffing envelopes, doing medical billing or data entry, or reading book
s for money.
The scammer then asks the victim for their bank account numbers, allegedly to deposit donations into the victim's account so that the victim can redistribute them. As part of the "hiring process", the fraudster also asks for the victim's Social Security number
and date of birth.
With this information, the criminal monitors the victim's account balances. When a larger-than-normal amount appears in the bank account, such as a paycheck, the scammer drains the account.
Generally, the faked company website will locate the company in a different country from the scammer; this may be noticeable by inspecting the domain registration for the website, which may indicate the scammer's true country of origin. In addition, victims in Western countries are targeted using a Western-sounding pseudonym like "Timothy Scott", while the domain name tgilberthome.org is actually registered to a "Li Xiang".
A recent work at home scam comes from exploiting unemployed people. A job is offered to work at home, with the fraudster claiming to represent a real corporation. He sets up an instant messenger interview usually over yahoo. There he tells the person that they are hired, and will receive high pay and full benefits. They must purchase bookkeeping software to work there, for around six hundred dollars. This money must be paid via western union. Of course the fraudster keeps the money, and there is no real job. Victims have called the company afterwards, but the fraudster never actually worked for or represented the company.
The fraudsters then send fake checks or postal money orders, in the hopes that the victims will cash the fake money instruments and send money to the scammers before the fraud is discovered.
Because the fraudsters are often able to get the victim's personal information, including their Social Security number
or bank account number, these scams often become phishing
scams as well, leading to identity fraud.
Potential dating fraud indicators include:
, use a modem
to dial a local telephone number in order to connect to the Internet. Some web sites, typically containing adult content, trick consumers into paying to view content on their web site by convincing them to unwittingly make international telephone calls with their modem.
Often these sites claim to be free, and advertise that no credit card is needed to view the site. They prompt the user to download a "viewer" or "dialer" program to allow them to view the content. Once the program is downloaded, it disconnects the computer from the victim's usual Internet service provider and dials an international long-distance or premium-rate number, charging unexpectedly high rates to the victim's long-distance phone bill.
While one can usually request that their phone company block their line from making international calls in order to prevent this scam, there are loopholes that the scammers can exploit. In the United States and Canada, phone numbers are assigned Country Code "1" and a three-digit "area code" under the North American Numbering Plan
(NANP). However, Bermuda
and 16 Caribbean
countries are also part of the NANP, so a phone number that has the same appearance as a domestic number may actually be an expensive overseas call. Scammers can also use a "Carrier Access Code" to override the user's default choice of long-distance company; this works around the international-calling block that the customer placed with that company.
Where a credit card is involved, the perpetrators may also use the customer's credit card information to obtain cash or to make purchases of their own. A common example of this type of fraud would be pornographic websites that advertise free access, but require a credit card "for age verification purposes only". The scammers use the credit card information to make fraudulent charges.
Internet marketing and retail fraud involving health products may sell fake or worthless goods. These products might advertise a quick way to lose weight, a cure for a serious disease, or make other sensational claims.
Typical features of an Internet retail health fraud include:
Consumers find that once these types of scammers obtain their credit card information, fraudulent charge attempts will be made even after the card is cancelled. Credit and consumer protection laws in many countries hold the credit card company liable to refund their customers' money for goods or services purchased with the card that are not delivered. The credit card company then has to absorb the loss, but these costs are ultimately passed on to consumers in the form of higher interest rates and fees.
, has fueled this kind of fraud. Many such scams are run by British
ticket touts, though they may base their operations in other countries.
A prime example was the global Beijing Olympic Games ticket fraud run by US-registered Xclusive Leisure and Hospitality, sold through a professionally-designed website, www.beijingticketing.com, with the name "Beijing 2008 Ticketing". On 4 August it was reported that more than AU$50 million worth of fake tickets had been sold through the website. On 6 August it was reported that the person behind the scam, which was wholly based outside China, was a British ticket tout, Terance Shepherd.
, or SEO, fraud involves a supposed Internet marketing specialist presenting a prospective client with detailed graphs and charts indicating that the client's web site receives some number of "hits" per month. The specialist claims his services will increase web traffic, thus increasing the site's sales revenue. After payment, the scammer does not provide the proposed services.
occurs when websites that are affiliates of advertising networks that pay per view or per click use spyware
to force views or clicks to ads on their own websites. The affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google
's Adsense
pay high commissions that drive the generation of bogus clicks. With paid clicks costing as much as US$100 and an online advertising industry worth more than US$10 billion, this form of Internet fraud is on the increase.
. It is a form of social engineering
.
The term phishing was coined in the mid-1990s by black-hat computer hackers attempting to gain access to AOL
accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password to "verify your account" or to "confirm billing information". Once the victim gave their password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Fraudsters have widely used e-mail spam
messages posing as large banks like Citibank
, Bank of America
, or PayPal
in phishing attacks. These fraudsters copy the code and graphics from legitimate websites and use them on their own sites to create legitimate-looking scam web pages. These pages are so well done that most people cannot tell that they have navigated to a scam site.
Phishers will also add what appears to be a link to a legitimate site in an e-mail, but use specially-crafted HTML
source code that actually links to the scammer's fake site. Such links can be often revealed by using the "view source" feature in the e-mail application to look at the destination of the link, or by putting the mouse pointer over the link and looking at the URL then displayed in the
status bar of the web browser.
The small percentage of people that fall for such phishing scams, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
See also: Anti-phishing
s can be "spoofed", displaying a fake return address on outgoing email to hide the true origin of the message, therefore protecting it from being traced. The Sender Policy Framework
protocol helps to combat email spoofing.
redirects website traffic from a legitimate website to the hacker's fraudulent website by exploiting
vulnerabilities
in the Domain Name System
(DNS). By corrupting a computer's knowledge of how a site's domain name
maps to its IP address
, the attacker causes the victim's computer to communicate with the wrong server—a technique known as domain hijacking
.
By constructing a fake web site that looks like a legitimate site that might ask for the user's personal information, such as a copy of a bank
's website, the fraudster can "phish
", or steal by means of false pretenses, a victim's password
s, PIN
or bank account
number. The combination of domain hijacking with a phishing website constitutes farming.
Although many such sites use the Secure Sockets Layer (SSL) protocol to identify themselves cryptographically and prevent such fraud, SSL offers no protection if users ignore their web browsers' warnings about invalid SSL server
certificates
. Such warnings occur when a user connects to a server whose SSL certificate does not match the address of the server.
In 2004, a German
teenager hijacked the eBay
.de
domain.
In January 2005, the domain name of Panix
, a large New York ISP
, was hijacked to a site in Australia
.
Anti-pharming
technologies are available.
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme.
Internet fraud can occur in chat rooms, email, message boards or on websites.
Purchase frauds
Purchase fraud occurs when a criminal approaches a merchant and proposes a business transaction, and then uses fraudulent means to pay for it, such as a stolen or fake credit card.As a result, merchants do not get paid for the sale. Merchants who accept credit cards may receive a chargeback
Chargeback
A chargeback is the return of funds to a consumer, forcibly initiated by the consumer's issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer's bank account, line of credit, or credit card....
for the transaction and lose money as a result.
An example of a fraudulent purchase transaction:
Counterfeit postal money orders
According to the FBI and postal inspectors, there has been a significant surge in the use of counterfeit postal money orders since October 2004. More than 3,700 counterfeit postal money orders were intercepted by authorities between October and December 2004. According to the United States Postal ServiceUnited States Postal Service
The United States Postal Service is an independent agency of the United States government responsible for providing postal service in the United States...
, the quality of the counterfeit postal money orders is so good that ordinary consumers can easily be fooled. The counterfeit postal money orders are presented for payment at banks and other financial institutions.
On April 26, 2005, Tom Zeller Jr.
Tom Zeller Jr.
Tom Zeller, Jr. is an American reporter and writer at The New York Times. He joined the Times in 1998 as a news clerk on the graphics desk. In subsequent years he worked as an editor and writer in various sections of the paper, including the Week in Review and the Business section. In February...
wrote an article in The New York Times
The New York Times
The New York Times is an American daily newspaper founded and continuously published in New York City since 1851. The New York Times has won 106 Pulitzer Prizes, the most of any news organization...
regarding a surge in the quantity and quality of the forging of U.S. postal money orders, and its use to commit online fraud. Small Internet retailers, classified advertisers and individuals contacted by defrauders online are victims of this fraudulent activity.
In the United States of America, the penalty for making or using counterfeit postal money orders is up to ten years in jail and/or a $25,000 fine.
Online automotive fraud
A fraudster posts a nonexistent vehicle for sale to a website, typically a luxury or sports car, advertised for well below its market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors or Autoscout24. An interested buyer, hopeful for a bargain, emails the fraudster, who responds saying the car is still available but is located overseas. The scam artist then instructs the victim to send a deposit via wire transferWire transfer
Wire transfer or credit transfer is a method of electronic funds transfer from one person or institution to another. A wire transfer can be made from one bank account to another bank account or through a transfer of cash at a cash office...
to initiate the "shipping" process. The unwitting victim wires the funds, and subsequently discovers they have been scammed.
In another type of fraud, a fraudster contacts someone who has posted a vehicle for sale online, asking for the vehicle identification number
Vehicle identification number
A Vehicle Identification Number, commonly abbreviated to VIN, is a unique serial number used by the automotive industry to identify individual motor vehicles. VINs were first used in 1954...
(VIN) in order to check the accident record of the vehicle. However, the crook actually uses the VIN to make fake documentation for a stolen car, in order to sell it.
Vehicles can also be used as part of a counterfeit cashier's check scam.
Real estate
Landlords placing advertisements on CraigslistCraigslist
Craigslist is a centralized network of online communities featuring free online classified advertisements, with sections devoted to jobs, housing, personals, for sale, services, community, gigs, résumés, and discussion forums....
or rent.com
Rent.com
Rent.com is the largest apartment listing service on the Internet. It was acquired by eBay in 2005.-History:Rent.com was co-founded by Scott Ingraham and Allen Oakley Hunter Jr. in 1999 as . The company was the first pay-for-performance online rental site, a business model that outperformed...
receive an e-mail response from a prospective renter from a foreign country, typically a student fresh out of secondary education (high school
High school
High school is a term used in parts of the English speaking world to describe institutions which provide all or part of secondary education. The term is often incorporated into the name of such institutions....
in the U.S.). The first inquiry seems legitimate. The second usually comes with request for more information and an attachment from a fake company set up by the scam artist indicating that the "student" has won a part-time scholarship from the company. (The fraudster will often set up a fake website for the company, in order to make the attachment seem legitimate.) The scam comes with the third e-mail: a request for the victim's name and address so that the "company" can send a cashier's check
Cashier's check
A cashier's check is a check guaranteed by a bank. They are treated as guaranteed funds and are usually cleared the next day. It is the customer's right to request "next-day availability" when depositing a cashier's check in person...
to cover the rent and the "student's" travel costs.
The victim is instructed to cash the check and wire the difference back to the student so that they can travel to the destination country. In the United States, banks consider cashier's checks to be "guaranteed funds" and will typically cash them instantly. However, unlike a certified check
Certified check
A certified check or certified cheque is a form of check for which the bank verifies that sufficient funds exist in the account to cover the check, and so certifies, at the time the check is written. Those funds are then set aside in the bank's internal account until the check is cashed or returned...
, the bank that cashes a cashier's check can still take back the money from the depositor if the check is counterfeit or "bounces". Because of the lag between the cashing and clearing of the check, the victim does not realize that they have been had until their account is debited for the amount they wired to the fraudster, plus any fees for the bounced check.
Automotive
In this variation, a fraudster feigns interest in a vehicle for sale on the Internet. The "buyer" explains that he represents a client who is interested in the car, but due to an earlier sale that fell through, he has a cashier's check made out for thousands more than the asking price. The scammer requests that the victim cash the check and refund the balance via wire transfer. If the seller agrees to the transaction, the fraudstser sends the counterfeit cashier's check via express courier (typically from NigeriaNigeria
Nigeria , officially the Federal Republic of Nigeria, is a federal constitutional republic comprising 36 states and its Federal Capital Territory, Abuja. The country is located in West Africa and shares land borders with the Republic of Benin in the west, Chad and Cameroon in the east, and Niger in...
). The victim takes the check to their bank, which makes the funds available immediately. Thinking the bank has cleared the check, the seller follows through on the transaction by wiring the balance to the buyer. Days later, the check bounces, and the victim is responsible for the amount they wired to the fraudster, plus any fees associated with the bounced check.
Cash the check system
Defrauders negotiate large purchases with the victim (e.g. ordering $50,000 to $200,000 worth of goods) agreeing to an advance paymentAdvance payment
An advance payment, or simply an advance, is the part of a contractually due sum that is paid in advance for goods or services, while the balance included in the invoice will only follow the delivery. It is called a prepaid expense in accrual accounting.-See also:*Advance against royalties*Pay or...
via bank wire transfer
Wire transfer
Wire transfer or credit transfer is a method of electronic funds transfer from one person or institution to another. A wire transfer can be made from one bank account to another bank account or through a transfer of cash at a cash office...
. After ordering, the fraudster claims that paying via wire transfer is impractical, and instead sends a counterfeit check drawn on the account of a real, uninvolved organization as an alternate payment. After the check clears, the victim company ships the goods. When the uninvolved organization notices the fraudulent transaction against their account, they request a chargeback
Chargeback
A chargeback is the return of funds to a consumer, forcibly initiated by the consumer's issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer's bank account, line of credit, or credit card....
, resulting in the victim losing both the money and the goods.
In some cases, thieves learn the address of a merchant's bank, and send counterfeit checks directly to the bank. They then claim a direct deposit
Direct deposit
Direct deposit also known as Direct credit is a banking term used to refer to certain payment systems used to transfer money where a payment is initiated by the payer not the payee, namely:* In Europe, the giro system...
was made after the check is deposited by bank staff, hoping the victim will only notice the apparently available funds, and not the fact that it was a check deposit that the bank has not yet fully cleared.
In other cases, defrauders negotiate smaller transactions (e.g. ordering $2,000 to $10,000 worth of goods) with fraudulent checks written for more than the purchase amount, and instruct the merchant to refund "excess" amounts via Western Union
Western Union
The Western Union Company is a financial services and communications company based in the United States. Its North American headquarters is in Englewood, Colorado. Up until 2006, Western Union was the best-known U.S...
money transfer to an account in another country.
Re-shippers
Re-shipping scams trick individuals or small businesses into re-shipping goods to countries with weak legal systems. The goods are generally paid for with stolen or fake credit cards.African version
In African re-shipping scams, fraudsters recruit victims from Western countries via chat rooms and dating websites, developing long-distance relationshipLong-distance relationship
A long-distance relationship is typically an intimate relationship that takes place when the partners are separated by a considerable distance....
s with their victims to obtain personal details. After the victim accepts a marriage proposal from the scammer, items are bought online using credit card information stolen from other people and shipped to victims without their knowledge. The fraudster then claims the goods were sent to the wrong address, and asks the victim to apply pre-printed labels to the packages and re-ship them to fraudsters' real address. Once the victim re-ships the goods, the fraudster ceases all communication with the victim. Victims often discover that the shipping account for the pre-printed labels is in their name when the freight company bills them for the shipping costs.
Eastern European version
The Eastern European re-shipping scam is a variant of the Nigerian version in which fraudsters recruit victims through classified advertisingClassified advertising
Classified advertising is a form of advertising which is particularly common in newspapers, online and other periodicals which may be sold or distributed free of charge...
by presenting themselves as a growing European company trying to establish a presence in the United States.
The fraudsters explain that they will buy goods in the United States that need to be re-shipped to a final destination in Europe
Europe
Europe is, by convention, one of the world's seven continents. Comprising the westernmost peninsula of Eurasia, Europe is generally 'divided' from Asia to its east by the watershed divides of the Ural and Caucasus Mountains, the Ural River, the Caspian and Black Seas, and the waterways connecting...
. The thieves then ship fraudulently-purchased goods to the victims, and the victims re-ship goods to the fraudsters. Sometimes, if the fraudsters send pre-printed shipping labels to the victims, they also include a counterfeit check as payment for the re-shipper's services. By the time the check bounces, the goods have already been re-shipped and the fraudsters stop all communication with their victims.
Chinese version
The Chinese re-shipping scam is a variant of the Eastern European version, in which fraudsters recruit victims through spamE-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
. The fraudsters present themselves as a growing Chinese company trying to establish a presence in the United States or Europe.
Australian version
In the Australian re-shipping scam, a company in the United States is contacted by a potential customer, stating they would like to place an order with the company. Once the company responds, verifying that the desired products are in stock, the fraudster will then ask for a shipping quotation to Australia, and explain that they will be paying via credit card.Once the victim company sends the quotation to the fraudster, they reply that they will have their U.S. agent or freight representative come to the company's location and pick up the merchandise, and the agent will ship the goods to the "customer". The fraudster then asks the company to add a plausible additional charge of US$700 to US$1,500 onto the total cost, and pay that amount to the "agent" when they arrive to collect the goods. The scammer also offers additional compensation to the company, for the extra trouble of paying their agent. The offered reasons for this arrangement might be "the freight company only accepts cash", or "the agent is unable to process credit cards". If the victim company responds that this is not possible, the fraudster will cut off communication.
There are typically many grammar and spelling mistakes in the communications:
Online auction and retail schemes
In an online auction scheme, a fraudster starts an auction on a site such as eBayEBay
eBay Inc. is an American internet consumer-to-consumer corporation that manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide...
or TradeMe
TradeMe
Trade Me is the largest Internet-auction website operating in New Zealand. Managed by Trade Me Ltd the site was founded in 1999 by New Zealand entrepreneurSam Morgan who sold it to Fairfax in 2006 for NZ$700 million...
with very low prices and no reserve price, especially for typically high priced items like watches, computers, or high value collectibles. The fraudster accepts payment from the auction winner, but either never delivers the promised goods, or delivers an item that is less valuable than the one offered—for example, a counterfeit, refurbished, or used item.
Online retail schemes involve complete online stores that appear to be legitimate. As with the auction scheme, when a victim places an order through such a site, their funds are taken but no goods are sent, or inferior goods are sent.
In some cases, the stores or auctioneers were once legitimate, but eventually stopped shipping goods after accepting customer payments.
Sometimes fraudsters will use phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
techniques to hijack a legitimate member accounts on an online auction site—typically an account with a strongly positive online reputation—and use it to set up a phony online store. In this case, the fraudster collects the money, while ruining the reputation of the conned eBay member. When victims complain that they have not received their goods, the legitimate account holder receives the blame.
A more subtle variation of online auction fraud occurs when a seller ships an item to an incorrect address that is within the buyer's ZIP code
ZIP Code
ZIP codes are a system of postal codes used by the United States Postal Service since 1963. The term ZIP, an acronym for Zone Improvement Plan, is properly written in capital letters and was chosen to suggest that the mail travels more efficiently, and therefore more quickly, when senders use the...
using the United States Postal Service
United States Postal Service
The United States Postal Service is an independent agency of the United States government responsible for providing postal service in the United States...
's Delivery Confirmation service. This service does not require the recipient to sign for the package, but offers confirmation that the Postal Service delivered the package within the specified ZIP code. The item shipped is usually an empty envelope with no return address and no recipient name, just a street address different from that of the victim. The delivery of the envelope with the Delivery Confirmation barcode attached suffices for the Postal Service to record the delivery as confirmed. The fraudster can then claim the package has been delivered, and offer the Delivery Confirmation receipt as proof to support the claim.
PayPal Fraud
In a collection in person PayPal scheme, the scammer targets eBayEBay
eBay Inc. is an American internet consumer-to-consumer corporation that manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide...
auctions that allow the purchaser to personally collect the item from the seller, rather than having the item shipped, and where the seller accepts PayPal
PayPal
PayPal is an American-based global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders....
as a means of payment.
The fraudster uses a fake address with a post office box
Post Office box
A post-office box or Post Office box is a uniquely addressable lockable box located on the premises of a post office station....
when making their bids, as PayPal
PayPal
PayPal is an American-based global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders....
will allow such an unconfirmed address. Such transactions are not covered by PayPal's seller protection policy. The fraudster buys the item, pays for it via PayPal, and then collects the item from the victim. The fraudster then challenges the sale, claiming a refund from PayPal and stating that they did not receive the item. PayPal's policy is that it will reverse a purchase transaction unless the seller can provide a shipment tracking number as proof of delivery; PayPal will not accept video evidence, a signed document, or any form of proof other than a tracking number as valid proof of delivery.
This form of fraud can be avoided by only accepting cash from buyers who wish to collect goods in person.
Call tag scam
In a call tag scam, criminals use stolen credit card information to purchase goods online for shipment to the legitimate cardholder. When the item is shipped, the criminal receives tracking information via email. They then call the cardholder and falsely identify themselves as the merchant that shipped the goods, saying that the product was mistakenly shipped and asking permission to pick it up when it is delivered. The criminal then arranges the pickup, using a "call tag" with a different shipping company. The victim usually doesn't notice that a second shipping company is picking up the product, and the shipping company has no knowledge it is participating in a fraud scheme.The cardholder may later notice the charge on his statement and protest the charge, generating a chargeback
Chargeback
A chargeback is the return of funds to a consumer, forcibly initiated by the consumer's issuing bank. Specifically, it is the reversal of a prior outbound transfer of funds from a consumer's bank account, line of credit, or credit card....
to the unsuspecting merchant.
The Merchant Risk Council reported that the "call tag" scam re-emerged during the 2005 holidays and several large merchants suffered losses.
Business opportunity or "Work-at-Home" schemes
Con artists often use the Internet to advertise supposed business opportunities that allow individuals to earn thousands of dollars a month in "work-at-home" ventures. These schemes typically require the individuals to pay nominal to substantial sums for the "business plans" or other materials. The fraudsters then fail to deliver the promised materials, provide inadequate information to make a viable business, or provide information readily available for free or a substantially lower cost elsewhere.In one such scheme, after paying a registration fee the victim will be sent advice on how to place ads, similar to the one that recruited him, in order to recruit others. This is a form of Ponzi scheme
Ponzi scheme
A Ponzi scheme is a fraudulent investment operation that pays returns to its investors from their own money or the money paid by subsequent investors, rather than from any actual profit earned by the individual or organization running the operation...
.
Another work-at-home scam involves kits for small doodads such as CD cases to be assembled by the victim in their home. The victim pays a fee for the kit, but after assembling and returning the item, the scammer rejects it as substandard, refusing to reimburse the victim for the cost of the kit. Variations on this scam include work on directories, stuffing envelopes, doing medical billing or data entry, or reading book
Book
A book is a set or collection of written, printed, illustrated, or blank sheets, made of hot lava, paper, parchment, or other materials, usually fastened together to hinge at one side. A single sheet within a book is called a leaf or leaflet, and each side of a leaf is called a page...
s for money.
Work-at-home donation processing
An elaborate variation on this theme lures the victim with an e-mailed job offer from a fake company. The scammer may have constructed an elaborate website for the company, to make the offer appear legitimate. The job offer includes an unrealistically generous salary for part-time, unskilled labor. The main responsibility of this well-paying job is to be a middleman for "donations", supposedly intended for victims of a natural disaster.The scammer then asks the victim for their bank account numbers, allegedly to deposit donations into the victim's account so that the victim can redistribute them. As part of the "hiring process", the fraudster also asks for the victim's Social Security number
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
and date of birth.
With this information, the criminal monitors the victim's account balances. When a larger-than-normal amount appears in the bank account, such as a paycheck, the scammer drains the account.
Generally, the faked company website will locate the company in a different country from the scammer; this may be noticeable by inspecting the domain registration for the website, which may indicate the scammer's true country of origin. In addition, victims in Western countries are targeted using a Western-sounding pseudonym like "Timothy Scott", while the domain name tgilberthome.org is actually registered to a "Li Xiang".
A recent work at home scam comes from exploiting unemployed people. A job is offered to work at home, with the fraudster claiming to represent a real corporation. He sets up an instant messenger interview usually over yahoo. There he tells the person that they are hired, and will receive high pay and full benefits. They must purchase bookkeeping software to work there, for around six hundred dollars. This money must be paid via western union. Of course the fraudster keeps the money, and there is no real job. Victims have called the company afterwards, but the fraudster never actually worked for or represented the company.
Money transfer fraud
Money transfer fraud consists of an offer of employment transferring money to a foreign company, supposedly because it costs too much to do it through other methods. The prospective victim receives an email like these six examples:The fraudsters then send fake checks or postal money orders, in the hopes that the victims will cash the fake money instruments and send money to the scammers before the fraud is discovered.
Because the fraudsters are often able to get the victim's personal information, including their Social Security number
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
or bank account number, these scams often become phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
scams as well, leading to identity fraud.
Dating fraud
Online dating frauds are almost as old as Internet dating itself. Often referred to as a "sweetheart swindle", the con artist develops a relationship with their victim and convinces them to send money to the fraudster. The requests for money can be a one-time event, or repeated over an extended period of time. Most online dating services experience difficulties dealing with fraudsters and issue warnings to their users.Potential dating fraud indicators include:
- Victims receive "I love you" messages immediately
- Requests for money, or for the victim to cash a check or money order
- Claims to be a U.S. citizen who is abroad, well off, or a person of importance
- Claims to be a contractor needing help with a business deal
- Claims to need money for a parent's "operation in the hospital"
- The person will have an attractive photo posted on the website, but won't be willing to send any other photos.
International modem dialing
Customers of dial-up Internet service providers, such as AOLAOL
AOL Inc. is an American global Internet services and media company. AOL is headquartered at 770 Broadway in New York. Founded in 1983 as Control Video Corporation, it has franchised its services to companies in several nations around the world or set up international versions of its services...
, use a modem
Modem
A modem is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data...
to dial a local telephone number in order to connect to the Internet. Some web sites, typically containing adult content, trick consumers into paying to view content on their web site by convincing them to unwittingly make international telephone calls with their modem.
Often these sites claim to be free, and advertise that no credit card is needed to view the site. They prompt the user to download a "viewer" or "dialer" program to allow them to view the content. Once the program is downloaded, it disconnects the computer from the victim's usual Internet service provider and dials an international long-distance or premium-rate number, charging unexpectedly high rates to the victim's long-distance phone bill.
While one can usually request that their phone company block their line from making international calls in order to prevent this scam, there are loopholes that the scammers can exploit. In the United States and Canada, phone numbers are assigned Country Code "1" and a three-digit "area code" under the North American Numbering Plan
North American Numbering Plan
The North American Numbering Plan is an integrated telephone numbering plan administered by Neustar which encompasses 24 countries and territories, including the United States and its territories, Canada, Bermuda, and 16 nations of the Caribbean...
(NANP). However, Bermuda
Bermuda
Bermuda is a British overseas territory in the North Atlantic Ocean. Located off the east coast of the United States, its nearest landmass is Cape Hatteras, North Carolina, about to the west-northwest. It is about south of Halifax, Nova Scotia, Canada, and northeast of Miami, Florida...
and 16 Caribbean
Caribbean
The Caribbean is a crescent-shaped group of islands more than 2,000 miles long separating the Gulf of Mexico and the Caribbean Sea, to the west and south, from the Atlantic Ocean, to the east and north...
countries are also part of the NANP, so a phone number that has the same appearance as a domestic number may actually be an expensive overseas call. Scammers can also use a "Carrier Access Code" to override the user's default choice of long-distance company; this works around the international-calling block that the customer placed with that company.
Internet marketing and retail fraud
Internet marketing and retail fraud is a fast-growing area perpetrated by dishonest internet marketing and retail sites involving a variety of products and services. The victim is tricked, by a legitimate-looking site and effective marketing, into giving their credit card information and [card security code] (or sending funds by other means) in exchange for what they believe to be goods or services. The goods never arrive, turn out to be fake, or are products worth less than those advertised.Where a credit card is involved, the perpetrators may also use the customer's credit card information to obtain cash or to make purchases of their own. A common example of this type of fraud would be pornographic websites that advertise free access, but require a credit card "for age verification purposes only". The scammers use the credit card information to make fraudulent charges.
Internet marketing and retail fraud involving health products may sell fake or worthless goods. These products might advertise a quick way to lose weight, a cure for a serious disease, or make other sensational claims.
Typical features of an Internet retail health fraud include:
- grand promises, claiming they can "do it all"
- claims to be a "scientific breakthrough", featuring fake doctors or scientists making claims for the product; may include technical jargon that experts in the field will recognize as being used inappropriately
- features a long list of "personal testimonials", without sufficient information to verify them
Consumers find that once these types of scammers obtain their credit card information, fraudulent charge attempts will be made even after the card is cancelled. Credit and consumer protection laws in many countries hold the credit card company liable to refund their customers' money for goods or services purchased with the card that are not delivered. The credit card company then has to absorb the loss, but these costs are ultimately passed on to consumers in the form of higher interest rates and fees.
Internet ticket fraud
A variation of Internet marketing fraud offers tickets to sought-after events such as concerts, shows, and sports events. The tickets are fake, or are never delivered. The proliferation of online ticket agencies, and the existence of experienced and dishonest ticket resellersTicket resale
Ticket resale is the act of reselling tickets for admission to events. Tickets are bought from licensed sellers and are then sold for a price determined by the individual or company in possession of the tickets. Tickets sold through secondary sources may be sold for less or more than their face...
, has fueled this kind of fraud. Many such scams are run by British
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
ticket touts, though they may base their operations in other countries.
A prime example was the global Beijing Olympic Games ticket fraud run by US-registered Xclusive Leisure and Hospitality, sold through a professionally-designed website, www.beijingticketing.com, with the name "Beijing 2008 Ticketing". On 4 August it was reported that more than AU$50 million worth of fake tickets had been sold through the website. On 6 August it was reported that the person behind the scam, which was wholly based outside China, was a British ticket tout, Terance Shepherd.
SEO fraud
Search Engine OptimizationSearch engine optimization
Search engine optimization is the process of improving the visibility of a website or a web page in search engines via the "natural" or un-paid search results...
, or SEO, fraud involves a supposed Internet marketing specialist presenting a prospective client with detailed graphs and charts indicating that the client's web site receives some number of "hits" per month. The specialist claims his services will increase web traffic, thus increasing the site's sales revenue. After payment, the scammer does not provide the proposed services.
Click fraud
Click fraudClick fraud
Click fraud is a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target...
occurs when websites that are affiliates of advertising networks that pay per view or per click use spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
to force views or clicks to ads on their own websites. The affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
's Adsense
AdSense
Google AdSense which is a program run by Google Inc. allows publishers in the Google Network of content sites to automatically serve text, image, video, and rich media adverts that are targeted to site content and audience. These adverts are administered, sorted, and maintained by Google, and they...
pay high commissions that drive the generation of bogus clicks. With paid clicks costing as much as US$100 and an online advertising industry worth more than US$10 billion, this form of Internet fraud is on the increase.
Phishing
Phishing is the act of masquerading as a trustworthy person or business to fraudulently acquire sensitive information, such as passwords and credit card details, that a victim might think reasonable to share with such an entity. Phishing usually involves seemingly official electronic notifications or messages, such as e-mails or instant messagesInstant messaging
Instant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...
. It is a form of social engineering
Social engineering (security)
Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information...
.
The term phishing was coined in the mid-1990s by black-hat computer hackers attempting to gain access to AOL
AOL
AOL Inc. is an American global Internet services and media company. AOL is headquartered at 770 Broadway in New York. Founded in 1983 as Control Video Corporation, it has franchised its services to companies in several nations around the world or set up international versions of its services...
accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password to "verify your account" or to "confirm billing information". Once the victim gave their password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Fraudsters have widely used e-mail spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
messages posing as large banks like Citibank
Citibank
Citibank, a major international bank, is the consumer banking arm of financial services giant Citigroup. Citibank was founded in 1812 as the City Bank of New York, later First National City Bank of New York...
, Bank of America
Bank of America
Bank of America Corporation, an American multinational banking and financial services corporation, is the second largest bank holding company in the United States by assets, and the fourth largest bank in the U.S. by market capitalization. The bank is headquartered in Charlotte, North Carolina...
, or PayPal
PayPal
PayPal is an American-based global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders....
in phishing attacks. These fraudsters copy the code and graphics from legitimate websites and use them on their own sites to create legitimate-looking scam web pages. These pages are so well done that most people cannot tell that they have navigated to a scam site.
Phishers will also add what appears to be a link to a legitimate site in an e-mail, but use specially-crafted HTML
HTML
HyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
source code that actually links to the scammer's fake site. Such links can be often revealed by using the "view source" feature in the e-mail application to look at the destination of the link, or by putting the mouse pointer over the link and looking at the URL then displayed in the
status bar of the web browser.
The small percentage of people that fall for such phishing scams, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
See also: Anti-phishing
Examples of phishing attacks
Email "spoofing"
Sender data shown in emailEmail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
s can be "spoofed", displaying a fake return address on outgoing email to hide the true origin of the message, therefore protecting it from being traced. The Sender Policy Framework
Sender Policy Framework
Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...
protocol helps to combat email spoofing.
Pharming
Pharming occurs when a hackerHacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
redirects website traffic from a legitimate website to the hacker's fraudulent website by exploiting
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
vulnerabilities
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
in the Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS). By corrupting a computer's knowledge of how a site's domain name
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
maps to its IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
, the attacker causes the victim's computer to communicate with the wrong server—a technique known as domain hijacking
Domain hijacking
Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant....
.
By constructing a fake web site that looks like a legitimate site that might ask for the user's personal information, such as a copy of a bank
Bank
A bank is a financial institution that serves as a financial intermediary. The term "bank" may refer to one of several related types of entities:...
's website, the fraudster can "phish
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
", or steal by means of false pretenses, a victim's password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s, PIN
Personal identification number
A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system...
or bank account
Bank account
A Bank account is a financial account recording the financial transactions between the customer and the bank and the resulting financial position of the customer with the bank .-Account types:...
number. The combination of domain hijacking with a phishing website constitutes farming.
Although many such sites use the Secure Sockets Layer (SSL) protocol to identify themselves cryptographically and prevent such fraud, SSL offers no protection if users ignore their web browsers' warnings about invalid SSL server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
certificates
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...
. Such warnings occur when a user connects to a server whose SSL certificate does not match the address of the server.
In 2004, a German
Germany
Germany , officially the Federal Republic of Germany , is a federal parliamentary republic in Europe. The country consists of 16 states while the capital and largest city is Berlin. Germany covers an area of 357,021 km2 and has a largely temperate seasonal climate...
teenager hijacked the eBay
EBay
eBay Inc. is an American internet consumer-to-consumer corporation that manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide...
.de
.de
.de is the country code top-level domain for the Federal Republic of Germany. DENIC does not require specific second-level domains, as it is the case with the .uk domain range which require .co.uk domain for example.The name is based on the first two letters of the German name for Germany...
domain.
In January 2005, the domain name of Panix
Panix (ISP)
Panix is the third-oldest ISP in the world after NetCom and the World. Originally running on A/UX on an Apple Macintosh IIfx, Panix has gone through a number of transitions as the Internet has grown. It maintains a vibrant community of shell users and posters to its private panix.* USENET newsgroups...
, a large New York ISP
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
, was hijacked to a site in Australia
Australia
Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...
.
Anti-pharming
Anti-pharming
Anti-pharming techniques and technology are used to combat pharming.Traditional methods for combating pharming include: Server-side software, DNS protection, and web browser add-ins such as toolbars...
technologies are available.
Stock market manipulation schemes
Online stock market manipulation schemes, or investment schemes involve attempts to manipulate securities prices on the market for the personal profit of the scammer. According to the United States Securities and Exchange Commission, the two main methods used by these criminals are:
Pump-and-dump schemes
In a pump-and-dump scheme, false or fraudulent information designed to cause a dramatic price increase in thinly traded stocks or stocks of shell companies is disseminated in chat rooms, forums, internet boards, or via email (typically as spam). This is called the "pump". As soon as the price reaches the desired level criminals immediately sell off their holdings of those stocks (the "dump"), previously purchased at the "un-pumped" price, realizing substantial profits before the stock price falls back to its usual low level.
Any buyers of the stock who are unaware of the scheme become victims once the price falls. When they realize the fraud, it is too late to sell; they have lost a high percentage of their money. Even if the stock value does increase, the stocks may be difficult to sell if there are no interested buyers, leaving the victim holding the unsalable shares for far longer than they desire.
Short-selling or "scalping" schemes
A short-selling scheme is similar to the "pump-and-dump" scheme. The swindler disseminates false or fraudulent information through the same methods, but this time with the purpose of causing dramatic price decreases in a specific company's stock. Once the stock price falls to the desired level, the fraudster buys the stock (or optionsOption (finance)In finance, an option is a derivative financial instrument that specifies a contract between two parties for a future transaction on an asset at a reference price. The buyer of the option gains the right, but not the obligation, to engage in that transaction, while the seller incurs the...
on the stock), and then reverses the false information—or just waits for the effects of the fraudulent information to wear off with time, or be disproved by the company or the media. Once the stock goes back to its normal level, the criminal sells the stock or option at a profit.
Avoiding Internet investment scams
The Securities and Exchange Commission provides guidelines for avoiding Internet investment scams, summarized below:- The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort, or money. Anyone can reach tens of thousands of people by building an Internet web site, posting a message on an online bulletin board, entering a discussion in a live "chat" room, or sending mass e-mails.
- If you want to invest wisely and steer clear of frauds, you must get the facts.
- The types of investment fraud seen online mirror the frauds perpetrated over the phone or through the mail. Consider all offers with skepticism.
- Do not use your credit card number and card security codeCard security codeThe card security code , sometimes called Card Verification Data , Card Verification Value , Card Verification Value Code , Card Verification Code , Verification Code , or Card Code Verification are different terms for security features for credit or debit card...
number (sometimes referred to as a CVV number) to buy products from lesser-known online merchants. - For online auctions, you need to know how the auction works and how the company will act if a problem occurs. Keep in mind that the method of payment is critical for when you have to send a payment.
- Feedback from previous customers is another thing to consider.
- Watch out for unexpected costs such as shipping and handling.
See also
- Advance fee fraudAdvance fee fraudAn advance-fee fraud is a confidence trick in which the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain...
- Business logic abuseBusiness logic abuseBusiness logic abuse is the abuse of the legitimate business logic of a website or other function that allows interaction. Business logic abuse is usually perpetrated by bad actors to steal money, steal personally identifiable information, or exploit the system that supports the business logic in...
- Click fraudClick fraudClick fraud is a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target...
- Credit card fraudCredit card fraudCredit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also...
- Employment scamsEmployment scamsEmployment scams, also known as job scams, are a form of advance fee fraud scamming where certain unscrupulous persons posing as recruiters or employers offer attractive employment opportunities which require the job seeker to pay them money in advance, usually under the guise of work visas, travel...
- Forex scamForex scamForeign exchange fraud is any trading scheme used to defraud traders by convincing them that they can expect to gain a high profit by trading in the foreign exchange market. Currency trading "has become the fraud du jour" as of early 2008, according to Michael Dunn of the U.S...
- mail fraud
- Online pharmacyOnline pharmacyOnline pharmacies, Internet pharmacies, or Mail Order Pharmacies are pharmacies that operate over the Internet and send the orders to customers.Online or internet pharmacies might include:...
- PharmingPharmingPharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving...
- PhishingPhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
- Romance scamRomance scamA romance scam is a confidence trick involving feigned romantic intentions towards a victim, gaining their affection, and then using that goodwill to commit fraud...
- Wire fraudWire fraudMail and wire fraud is a federal crime in the United States. Together, 18 U.S.C. §§ 1341, 1343, and 1346 reach any fraudulent scheme or artifice to intentionally deprive another of property or honest services with a nexus to mail or wire communication....
- Web fraud detectionWeb fraud detectionWeb Fraud Detection defines technological solutions, meant to detect criminal activities carried out against websites and web applications over the World Wide Web. Traditionally, fraud detection solutions were essentially rule-based expert systems...
External links
- Article about Internet Fraud from the U.S. Department of Justice
- National Consumer's League Internet Fraud Page
- Advanced Fee Business Scams U.S. Department of State Article
- Internet Fraud: How to Avoid Internet Investment Scams from the US Securities and Exchange Commission
- FBI Overview of Internet Fraud
- Mobile.de's Security Advice for Car Buyers and Sellers
- Fraud in the Internet article by Computer Crime Research Center
- Credit Card Fraud Prevention Tips Top 10 Tips to Prevent Online Credit Card Fraud for Merchants
- The Internet Watchdog
- Archive of Internet Fraud Emails at Scamdex.com
- Free Online Fraud Detection API
- Fraudsters.com Website with stock investment fraudsters allerts and instructions how fraudsters work and where can you seek help if you are a victim
- Auction Scams and Scammers Online community to help buyers and sellers on internet auction sites and online marketplaces avoid scams and fraud. Also has a lot of useful information to help people avoid this