Internet Fraud - Varieties Of Online Fraud

VARIETIES OF ONLINE FRAUD

Internet scams come in a wide range of guises. The most common online fraud concerns the compromise of shoppers' personal financial information when it is released to complete a sale on the Internet. Even well known retailers seem prone to security breaches and hacking. A variety of sensitive personal information is revealed in such transactions, including a person's name, address, e-mail account, phone and social security numbers, passwords, and credit card data.

Online auction sites present prime breeding grounds for online fraud. The FTC reported that Internet fraud complaints rose from a mere 100 in 1997 to about 11,000 in 2000. The most common auction-related problem was that buyers failed to receive the items that they had paid for. The courts generally have refused to hold auction sites liable for any fraudulent activities perpetrated by sellers who use their sites. Potential customers are left to investigate the reliability of vendors through independent avenues. Some sites will post the names of fraudulent buyers who have been caught in scams designed to artificially inflate the highest price bid or in other ways fix the outcome of a sale. Auction site eBay draws roughly 16 million users each month. Nearly 87 percent of all online fraud cases in 2000 were believed to involve online auctions, with an average victim losing $600 per order. In addition to auctions, stock scams also are popular, especially the so-called "pump and dump" schemes in which con artists posing as investment experts fraudulently promote stocks via the Internet and then quickly sell their shares of those stocks in order to realize large profits.

Fraud perpetrators frequently utilize computer viruses, such as Trojan horse programs that arrive as e-mail attachments or JPEG images that, once opened, can steal passwords or grant hackers access to a user's PC. Dialer programs—applications that can terminate an ISP and dial another telephone number—also are involved. They often are presented as porn site downloads. Another online scam involves dot-coms whose sites closely mimic those of respected online companies. Web con artists use such sites to collect credit card information from inattentive online shoppers.

Identity theft constitutes a particular subset of online fraud. Hackers break into poorly protected servers, set up clone sites that resemble legitimate sites, and then use them to gather personal information. With merely a name, thieves can access Web directories or dossier services to acquire addresses and phone numbers.

Though most notorious online scams were perpetrated by teenagers in highly publicized cases of stock fraud, authorities actually are far more concerned about the international online fraud rings that have cropped up. The Gartner Group predicted that the most vigorous growth in online fraud in the early 2000s would involve petty larcenies committed by individuals operating from economically depressed countries, particularly Russia. The FBI indicates that stolen credit card data frequently is sold to Eastern European organized crime operations.

Among recent innovations in cyber fraud is domain name extortion, in which individuals receive faxes from phony domain name monitoring firms indicating that a third party is trying to register a dot-net version of a dot-com domain name that the individual owns. Then the firm offers to register the dot-net name for that individual, upon payment of a fee for the service. The U.S. Securities & Exchange Commission also launched an investigation of online frauds that attempt to sell investments in nonexistent nations, including New Utopia, the Kingdom of EnenKio, and the Dominion of Melchizedek.

Wireless subscription fraud also is emerging, since Internet security systems can't easily be transferred to a wireless environment. Merchants involved in fraudulent transactions conducted over the wireless Net that are completed with stolen credit card numbers are liable for the cost of the item, while wireless carriers are exempt from responsibility. In a wired environment, security is maintained by SSL protocol, digital certificates, and user name/password verification; in wireless environments, SSL is translated to wireless transparent LAIN service. This translation permits information transferred from a wireless device to become decrypted, at which point credit card numbers and passwords can be stolen.

At the end of 2000, consumer protection agencies identified a "top 10" list of "dot-cons" as part of a multi-national effort to combat Internet fraud. The list was compiled from complaints lodged at Consumer Sentinel, a consumer fraud database. The list included, in decreasing order of prevalence: Internet auction fraud; Internet access services that lure consumers into unknowingly entering long-term access contracts; credit card fraud; offers of free access to porn sites when a viewer or dialer is downloaded; "Web cramming," or offers of a free 30-day trial use of a custom-designed Web site, which is later invoiced even if the recipient does not agree to continue use of the site; and finally, traditional "real world" scams transported to the Internet, such as pyramid schemes, vacation frauds, get-rich-quick offers, and miracle healthcare products.