Internet fraud is a type of cybercrime fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace. [1] It is differentiated from theft since, in this case, the victim voluntarily and knowingly provides the information, money or property to the perpetrator. [2] It is also distinguished by the way it involves temporally and spatially separated offenders. [3]
In the FBI's 2017 Internet Crime Report, the Internet Crime Complaint Center (IC3) received about 300,000 complaints. Victims lost over $1.4 billion in online fraud in 2017. [4] In a 2018 study by the Center for Strategic and International Studies (CSIS) and McAfee, cybercrime costs the global economy as much as $600 billion, which translates into 0.8% of global GDP. [5] Online fraud appears in many forms. It ranges from email spam to online scams. Internet fraud can occur even if partly based on the use of Internet services and is mostly or completely based on the use of the Internet.
The scammer poses as a charitable organization soliciting donations to help the victims of a natural disaster, terrorist attack (such as the 9/11 attacks), regional conflict, or epidemic. Hurricane Katrina and the 2004 tsunami were popular targets of scammers perpetrating charity scams; other more timeless scam charities purport to be raising money for cancer, AIDS or Ebola virus research, children's orphanages (the scammer pretends to work for the orphanage or a non-profit associated with it), or impersonates charities such as the Red Cross or United Way. In recent years, there have been cases of scams being done by the people who started the charity. [6]
A 2019 example of this was the head of the Long Island Charity, Wafa Abbound. Abbound was found guilty of stealing close to a million dollars. She was charged with bank fraud, money laundering, and embezzling. [7] There are many methods scammers will use. First, they will ask for donations, often linking to online news articles to strengthen their story of a funds drive. The scammer's victims are charitable people who believe they are helping a worthy cause and expect nothing in return. Once sent, the money is gone and the scammer often disappears, though many attempts to keep the scam going by asking for a series of payments. The victim may sometimes find themselves in legal trouble after deducting their supposed donations from their income taxes. United States tax law states that charitable donations are only deductible if made to a qualified non-profit organization. [8]
The scammer may tell the victim their donation is deductible and provide all necessary proof of donation, but the information provided by the scammer is fictional, and if audited, the victim faces stiff penalties as a result of the fraud. Though these scams have some of the highest success rates especially following a major disaster and are employed by scammers all over the world, the average loss per victim is less than other fraud schemes. This is because, unlike scams involving a largely expected payoff, the victim is far less likely to borrow money to donate or donate more than they can spare. [9]
A variation of Internet marketing fraud offers tickets to sought-after events such as concerts, shows, and sports events. The tickets are fake or are never delivered. The proliferation of online ticket agencies and the existence of experienced and dishonest ticket resellers has fueled this kind of fraud. Many such scams are run by British ticket touts, though they may base their operations in other countries. [10]
A prime example was the global 2008 Beijing Olympic Games ticket fraud run by US-registered "Xclusive Leisure and Hospitality", sold through a professionally designed website with the name "Beijing 2008 Ticketing". [11] On 4 August it was reported that more than A$50 million worth of fake tickets had been sold through the website. [12] On 6 August it was reported that the person behind the scam, which was wholly based outside China, was a British ticket tout, Terance Shepherd. [13]
As retailers and other businesses have growing concerns about what they can do about preventing the use of gift cards purchased with stolen credit card numbers, cybercriminals have more recently been focusing on taking advantage of fraudulent gift cards. [14] More specifically, malicious hackers have been trying to get their hands on information pertinent to gift cards that have been issued but not spent. Some of the methods for stealing gift card data include automated bots that launch brute force attacks on retailer systems which store them.
First, hackers will steal gift card data, check the existing balance through a retailer's online service, and then attempt to use those funds to purchase goods or to resell on a third party website. In cases where gift cards are resold, the attackers will take the remaining balance in cash, which can also be used as a method of money laundering. This harms the customer gift card experience, the retailer's brand perception, and can cost the retailer thousands in revenue. Another way gift card fraud is committed is by stealing a person's credit card information to purchase brand new gift cards.
People tend to disclose more personal information about themselves (e.g. birthday, e-mail, address, hometown and relationship status) in their social networking profiles. [15] This personally identifiable information could be used by fraudsters to steal users' identities, and posting this information on social media makes it a lot easier for fraudsters to take control of it.
The problem of authenticity in online reviews is a long-standing and stubborn one. In one famous incident back in 2004, Amazon's Canadian site accidentally revealed the true identities of thousands of its previously anonymous U.S. book reviewers. One insight the mistake revealed was that many authors were using fake names in order to give their own books favorable reviews. [16] Also, 72% say positive reviews lead them to trust a business more, while 88% say that in "the right circumstances", they trust online reviews as much as personal recommendations. [16]
While scammers are increasingly taking advantage of the power of social media to conduct criminal activity, astute risk managers and their insurance companies are also finding ways to leverage social media information as a tool to combat insurance fraud. [17] For example, an injured worker was out of work on a worker's compensation claim but could not resist playing a contact sport on a local semi-professional sports team. Through social media and internet searches, investigators discovered that the worker was listed on the team roster and was playing very well. [17]
A UK woman was scammed in a "romance fraud" online as per the local police. The woman in her 50s reportedly lost her inheritance worth £320,000 taken over from her parents who later disowned her following the loss. the perpetrator who impersonated as Tim, met the victim on a dating website in 2019 after she lost her husband. He first took £68,000 in the name of customs fees and then asked her to directly pay £200,000 to his translator to secure his contractors and store his equipment, totalling the money lost to £320,000. [18]
According to the FBI, on April 26, 2005 Tom Zeller Jr. wrote an article in The New York Times [19] regarding a surge in the quantity and quality of the forging of U.S. postal money orders, and its use to commit online fraud. Counterfeiters will conduct these scams through emails or chat rooms. If a person is trying to sell or give away an item of theirs, counterfeiters will make them believe that they are related to auction sites such as eBay. As of right now, there is no way to figure out how much money is being taken through these fake orders, the United States Postal Service believes that it is in the millions. The people who are targeted the most are those who are smaller retailers who operate through the internet or everyday people who sell or pay for items on the web. Owing to the lack of rules or warning signs about counterfeiters, more and more people will be affected.
Many companies like UPS and Federal Express have started to collaborate with the United States Postal Service to begin surveilling money postal orders. This way they can spot the real from the fake, however this is easier said then done, so they advocate users to be cautious when making a money postal orders. Arrests have taken place, between 2004 and 2005, 160 counterfeiters were arrested. Many of these arrested were caught in the process of cashing in the money they have stolen. [20] In the United States of America, the penalty for making or using counterfeit postal money orders is up to ten years in jail and/or a $25,000 fine. [21]
Call Forwarding Scam involves a fraudster tricking the victim into dialing a specific phone number, which then reroutes all incoming calls and text messages victim receives to the scammer's device. [22] Scammers in-turn intercepts bank messages and OTPs, while the victim remains unaware.
A fraudster uses the internet to advertise non-existent goods or services. Payment is sent remotely but the goods or services never arrive. The methods these scammers use are they will give these fake products very low prices, they will want to make payments through electronic funds transfers, and they will want to do it right away. Payments will not be conducted through PayPal or credit cards. These services are too secure and will cause issues for the scammers. All of these methods are also ways to figure out on whether or not these are actually scams. Another way to spot the scam is privacy and contact details, information about delivery, terms and conditions, etc, will not be presented. [23]
Scammers will operate from fake stores. They will broadcast the presence of these fake stores through social media. This is done primarily because there are a lot of people who use social media and the number keeps growing every day. These stores will not be up for a long period. The will only stay up for a couple of sales, then they will move on and close the site. Usually, a way to spot these fake stores is to look for online reviews, if they do not have any reviews, they are fake. [24]
An advance-fee scam is a form of fraud and is one of the most common types of confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster claims will be used to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim to pay or simply disappears.
A scam, or a confidence trick, is an attempt to defraud a person or group after first gaining their trust. Confidence tricks exploit victims using a combination of the victim's credulity, naïveté, compassion, vanity, confidence, irresponsibility, and greed. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators at the expense of their victims ".
A gift card, also known as a gift certificate in North America, or gift voucher or gift token in the UK, is a prepaid stored-value money card, usually issued by a retailer or bank, to be used as an alternative to cash for purchases within a particular store or related businesses. Gift cards are also given out by employers or organizations as rewards or gifts. They may also be distributed by retailers and marketers as part of a promotion strategy, to entice the recipient to come in or return to the store, and at times such cards are called cash cards. Gift cards are generally redeemable only for purchases at the relevant retail premises and cannot be cashed out, and in some situations may be subject to an expiry date or fees. American Express, MasterCard, and Visa offer generic gift cards which need not be redeemed at particular stores, and which are widely used for cashback marketing strategies. A feature of these cards is that they are generally anonymous and are disposed of when the stored value on a card is exhausted.
Email fraud is intentional deception for either personal gain or to damage another individual using email as the vehicle. Almost as soon as email became widely used, it began to be used as a means to defraud people, just as telephony and paper mail were used by previous generations.
A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification, phone call, or mailing explaining that "You have won!" a large sum of money in a lottery. The recipient of the message—the target of the scam—is usually told to keep the notice secret, "due to a mix-up in some of the names and numbers," and to contact a "claims agent." After contacting the agent, the target of the scam will be asked to pay "processing fees" or "transfer charges" so that the winnings can be distributed, but will never receive any lottery payment. Many email lottery scams use the names of legitimate lottery organizations or other legitimate corporations/companies, but this does not mean the legitimate organizations are in any way involved with the scams.
A romance scam is a confidence trick involving feigning romantic intentions towards a victim, gaining the victim's affection, and then using that goodwill to get the victim to send money to the scammer under false pretenses or to commit fraud against the victim. Fraudulent acts may involve access to the victim's money, bank accounts, credit cards, passports, Cash App, e-mail accounts, or national identification numbers; or forcing the victims to commit financial fraud on their behalf.
Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.
Telemarketing fraud is fraudulent selling conducted over the telephone. The term is also used for telephone fraud not involving selling.
Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet, including online merchants, financial institutions and consumers who make online purchases, must make sure to avoid or minimize the risk of falling prey to such scams.
Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.
The parcel mule scam, also known as the reshipping scam, involves scammers and unsuspecting victims handling goods to other countries. In some ways it is similar to the money mule scam. Scammers use fake advertising to hire mules. Items are bought with stolen cards, and since the goods are typically re-sold once shipped, this scam can be viewed as an indirect form of money laundering.
A bride scam is a form of romance scam - a confidence trick that aims to defraud potential grooms with the offer of a foreign bride. The basis of the confidence trick is to seek men from the western world who would like to marry a foreign woman and pretend to be willing to marry them. The woman (scammer) asks the man to send money, for example, for the purposes of purchasing an airline ticket or a visa they have no intention of buying. The relationship ends after requested money has been wired and received, sometimes after multiple transfers have been made.
A technical support scam, or tech support scam, is a type of scam in which a scammer claims to offer a legitimate technical support service. Victims contact scammers in a variety of ways, often through fake pop-ups resembling error messages or via fake "help lines" advertised on websites owned by the scammers. Technical support scammers use social engineering and a variety of confidence tricks to persuade their victim of the presence of problems on their computer or mobile device, such as a malware infection, when there are no issues with the victim's device. The scammer will then persuade the victim to pay to fix the fictitious "problems" that they claim to have found. Payment is made to the scammer via gift cards, which are hard to trace and have few consumer protections in place. Technical support scams have occurred as early as 2008. A 2017 study of technical support scams found that of the IPs that could be geolocated, 85% could be traced to locations in India, 7% to locations in the United States and 3% to locations in Costa Rica. Research into tech support scams suggests that millennials and those in generation Z have the highest exposure to such scams; however, senior citizens are more likely to fall for these scams and lose money to them. Technical support scams were named by Norton as the top phishing threat to consumers in October 2021; Microsoft found that 60% of consumers who took part in a survey had been exposed to a technical support scam within the previous twelve months. Responses to technical support scams include lawsuits brought against companies responsible for running fraudulent call centres and scam baiting.
Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.
An IRS impersonation scam is a class of telecommunications fraud and scam which targets American taxpayers by masquerading as Internal Revenue Service (IRS) collection officers. The scammers operate by placing disturbing official-sounding calls to unsuspecting citizens, threatening them with arrest and frozen assets if thousands of dollars are not paid immediately, usually via gift cards or money orders. According to the IRS, over 1,029,601 Americans have received threatening calls, and $29,100,604 has been reported lost to these call scams as of March 2016. The problem has been assigned to the Treasury Inspector General for Tax Administration. Studies highlight that most victims of these scams are aged 20-29 years old and women are more affected than men. One way to decrease the risks of an individual falling victim to IRS impersonation scams is through awareness programs.
A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.
Ghana has one of the highest rates of cybercrime in the world, ranking 7th in a 2008 Internet Crime Survey. The most popular form of cybercrime in Ghana is cyberfraud and is typically achieved via credit card fraud. However, recent decreases in universal credit card usage has seen the expansion of other cybercrimes such as blackmail and hacking. This growth in crime has warranted a government response, with policies specifically addressing the cyberspace being developed. This has necessitated various studies including a cyber security maturity study which was inaugurated by the Ministry of Communications and conducted by the Global Cyber Security Capacity Center (GCSCC) of the University of Oxford in collaboration with the World Bank.
An SSA impersonation scam, or SSA scam, is a class of telecommunications scam targeting citizens of the United States by impersonating Social Security Administration employees. SSA scams are typically initiated through pre-recorded messages, or robocalls, that use social engineering to make victims panic and ensure they follow instructions given to them. In 2018, over 35,000 instances of SSA scam robocalls were reported to the Better Business Bureau with over $10 million lost by victims. Approximately 47% of Americans were subject to an SSA scam robocall during a three-month period between mid- to late 2020, and 21% of seniors were subject to at least three robocalls during the same time period.
A package redirection scam is a form of e-commerce fraud, where a malicious actor manipulates a shipping label, to trick the mail carrier into delivering the package to the wrong address. This is usually done through product returns to make the merchant believe that they mishandled the return package, and thus provide a refund without the item being returned. It can also be done by the seller, generally by creating fraudulent online stores or creating fake listings on sites such as eBay or Mercari. This makes it very hard to perform a chargeback, as the tracking shows the item has been delivered. This is also known as an FTID scam, standing for Fake Tracking ID. When this scam is successful, the tracking number will show that the package has been delivered to the correct address, when the package was instead delivered to a different address. This package is generally empty or filled with garbage. However, this scam has mostly been “patched” via new technology provided by the various couriers globally. It is estimated the scam cost retailers £18,000,000,000 in lost revenue.