Internet fraud refers to all forms of fraud that are facilitated by the use of the internet and includes all transactions and solicitations involving some form of intentional deception for personal gain or to cause damage. There are many different forms of fraud, but some of the common internet fraud strategies and scams are outlined below:
Note: For details on the best ways to avoid online fraud, please visit this page.
Phishers generally send out millions of e-mail messages, which contain a message that appears to originate from a legitimate source (i.e. a well known company such as ebay or facebook) with the aim of the e-mail being to convince the potential victim to provide their personal details. Some e-mails will even direct readers to an external bogus website, being made to look authentic. Like the email, the website will encourage the victim to provide their confidential information – bank account details, identifying details, social security numbers, passwords etc – which can then be used by the perpetrator to commit a variety of subsequent fraudulent acts. While it is impossible to record the success rate of these e-mails it is commonly believed that a successful phishing scheme can receive about a 1 – 10 per cent response rate.
More complicated phishing campaigns may even include some form of harmful malware in the email itself, or on the bogus website – which can directly extract the information it needs from the victim’s computer, without requiring the victim to provide the confidential information themselves.
Pharmers also rely on bogus websites as a source to steal confidential information; however these websites are much more difficult to detect as they usually do not require a potential victim to click on a link provided in a ‘bait’ e-mail. Pharmers effectively hijack a website by redirecting users to an imitation website even when the user has entered the correct web address of the website they are seeking. This can be achieved either through changing the host file on a victim’s computer, or by exploiting vulnerabilities in the DNS server software – DNS servers are the computers responsible for converting websites from their letter-based domain names (www. etc.) to their identifiable machine-understandable digits (188.8.131.52). The user may then be tricked into thinking the imitation site to be the actual correct site and to enter his personal details, which are subsequently harvested by the perpetrator.
An ‘advance fee schemes’ modality generally occurs when a victim purchases an item online from the perpetrator, who asks for a cash advance or transfer and never sends the item (which most likely did not exist in the first place).
Similar to advance fee schemes, perpetrators of internet retail fraud schemes aim to dupe users (sometimes with the use of legitimate looking websites) into purchasing items or services with their credit card details. The items never exist, and the perpetrator may use the credit card details to purchase other items, or sell the details onto someone else.
Perpetrators use online dating websites to develop a relationship with potential victims, who then are requested to transfer money for a variety of fake reasons.
This common fraud may contain elements of phishing, identity theft as well as an advance fee scheme. Generally, an internet user will receive an e-mail offering a ‘rare opportunity’ to share in a percentage of millions of dollars that the e-mail sender is having trouble transferring out of Nigeria. The scheme aims at convincing a willing victim to provide personal information (eg. bank details and identifying information) as well as a financial installment to cover the expenses for the transfer of the money from the country. Of course, the ‘millions of dollars’ do not exist; the e-mail sender keeps the sent money and uses the personal information to commit a variety of other frauds (mainly with the purpose of draining the victim’s credit and debit accounts). While the scheme may seem laughable to some, it causes millions of dollars in damages annually.
Perpetrators will advertise a supposed employment opportunity that will allow individuals to earn large amounts of money through varying work-at-home ventures. They generally set up very genuine looking websites to trick potential victims on the legitimacy of the operation. If a victim expresses interest, the perpetrator will instruct them that before receiving employment, the victim must first transfer funds for ‘registration purposes’ or to receive online business packs or other materials. Once transfered, the victim receives nothing in return.