Various Types of Internet Frauds and preventative measures

Perhaps the most prominent form of cybercrime is identity theft, in which criminals use the Internet to steal personal information from other users. Two of the most common ways this is done is through phishing and pharming.

This includes login information, such as usernames and passwords, phone numbers, addresses, credit card numbers, bank account numbers, and other information criminals can use to "steal" another person's identity

Knowledge Series.This page will have short artciles on various topic related to forensic.Below is the list of artcile on this page.

Fraud Types. On this page, we you will get idea, what are different types of Frauds done using internet.

Below is the list of frauds covered below.

Credit Card Fraud
Spam
Identity Theft
Nigerian Letter or "419"
Phishing/Spoofing
Internet Extortion
Investment Fraud
Lotteries
Auction Fraud
Third Party Receiver of Funds
Debt Elimination
Employment/Business Opportunities
Ponzi/Pyramid
Reshipping

Credit Card Fraud

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft.

The unauthorized use of a credit/debit card, or card number, to fraudulently obtain money or property is considered credit card fraud. Credit/debit card numbers can be stolen from unsecured websites, or can be obtained in an identity theft scheme.

Ensure a site is secure and reputable before providing your credit card number online.
Don't trust a site just because it claims to be secure.
If purchasing merchandise, ensure it is from a reputable source.
Promptly reconcile credit card statements to avoid unauthorized charges.
Do your research to ensure legitimacy of the individual or company.
Beware of providing credit card information when requested through unsolicited emails

Spam

Spam is the abuse of electronic messaging systems (including most broadcast mediums, digital delivery systems) to send unsolicited bulk messages indiscriminately.While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, Online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, and file sharing network spam.

Pressure to make e-mail spam illegal has been successful in some jurisdictions, but less so in others. Spammers take advantage of this fact, and frequently outsource parts of their operations to countries where spamming will not get them into legal trouble.Increasingly, e-mail spam today is sent via "zombie networks", networks of virus- or worm-infected personal computers in homes and offices around the globe; many modern worms install a backdoor which allows the spammer access to the computer and use it for malicious purposes. This complicates attempts to control the spread of spam, as in many cases the spam doesn't even originate from the spammer.

With improved technology and world-wide Internet access, spam, or unsolicited bulk email, is now a widely used medium for committing traditional white collar crimes including financial institution fraud, credit card fraud, and identity theft, among others. It is usually considered unsolicited because the recipients have not opted to receive the email. Generally, this bulk email refers to multiple identical messages sent simultaneously.

Spam can also act as the vehicle for accessing computers and servers without authorization and transmitting viruses and botnets. The subjects masterminding this Spam often provide hosting services and sell open proxy information, credit card information, and email lists illegally.

Don't open spam. Delete it unread.
Never respond to spam as this will confirm to the sender that it is a "live" email address.
Have a primary and secondary email address - one for people you know and one for all other purposes.
Avoid giving out your email address unless you know how it will be used.
Never purchase anything advertised through an unsolicited email.

Skimming

Card account information is stored in a number of formats. Account numbers are often embossed or imprinted on the card, and a magnetic stripe on the back contains the data in machine readable format. Fields can vary, but the most common include:

Name of card holder
Account number
Expiration date
Verification/CVV code

Carding

Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a small monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the card issuer's attention. A website known to be susceptible to carding is known as a cardable website.

In the past, carders used computer programs called "generators" to produce a sequence of credit card numbers, and then test them to see which were valid accounts. Another variation would be to take false card numbers to a location that does not immediately process card numbers, such as a trade show or special event. However, this process is no longer viable due to widespread requirement by internet credit card processing systems for additional data such as the billing address, the 3 to 4 digit Card Security Code and/or the card's expiry date, as well as the more prevalent use of wireless card scanners that can process transactions right away.Nowadays, carding is more typically used to verify credit card data obtained directly from the victims by skimming or phishing.

A set of credit card details that has been verified in this way is known in fraud circles as a phish. A carder will typically sell data files of the phish to other individuals who will carry out the actual fraud. Market price for a phish ranges from US$1.00 to US$50.00 depending on the type of card, freshness of the data and credit status of the victim.

Identity Theft

Identity theft is a crime used to refer to fraud that involves someone pretending to be someone else in order to steal money or get other benefits. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when he or she is held responsible for the perpetrator's actions. In many countries specific laws make it a crime to use another person's identity for personal gain.

Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. Typically, the victim is led to believe they are divulging sensitive personal information to a legitimate business, sometimes as a response to an email solicitation to update billing or membership information, or as an application to a fraudulent Internet job posting

Ensure websites are secure prior to submitting your credit card number.
Do your homework to ensure the business or website is legitimate.
Attempt to obtain a physical address, rather than a P.O. box or maildrop.
Never throw away credit card or bank statements in usable form.
Be aware of missed bills which could indicate your account has been taken over.
Be cautious of scams requiring you to provide your personal information.
Never give your credit card number over the phone unless you make the call.
Monitor your credit statements monthly for any fraudulent activity.
Report unauthorized transactions to your bank or credit card company as soon as possible.
Review a copy of your credit report at least once a year.

Techniques for obtaining personal information

In most cases, a criminal needs to obtain personally identifiable information or documents about an individual in order to impersonate them. They may do this by:

Stealing mail or rummaging through rubbish containing personal information (dumpster diving)
Retrieving information from redundant equipment, like computer servers that have been disposed of carelessly, e.g. at public dump sites, given away without proper sanitizing etc.
Researching about the victim in government registers, internet search engines, or public records search services.
Stealing payment or identification cards, either by pickpocketing or surreptitiously by skimming through a compromised card reader
Remotely reading information from an RFID chip on a smart card, RFID-enabled credit card, or passport
Eavesdropping on public transactions to obtain personal data (shoulder surfing)
Stealing personal information from computers and computer databases (Trojan horses, hacking and Zero day attacks)
Data breach that results in the public (i.e. posted on the internet) or easily-obtainable (i.e. printed on a mailing label) display of sensitive information such as a Social Security number or credit card number.
Advertising bogus job offers (either full-time or work from home based) to which the victims will reply with their full name, address, curriculum vitae, telephone numbers, and banking details
Infiltration of organizations that store large amounts of personal information
Impersonating a trusted company/institution/organization in an electronic communication to promote revealing of personal information (phishing)
Obtaining castings of fingers for falsifying fingerprint identification.
Browsing social network (MySpace, Facebook, Bebo etc) sites, online for personal details that have been posted by users
Changing your address thereby diverting billing statements to another location to either get current legitimate account info or to delay discovery of fraudulent accounts.
Using false pretenses to trick a business (usually through a customer service representative) into disclosing customer information (pretexting)

India-Under the Information Technology Act 2000 Chapter IX Sec 43 (b)
� If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.

Medical identity theft

Medical identity theft occurs when someone uses a person's name and sometimes other parts of their identity -- such as insurance information -- without the person's knowledge or consent to obtain medical services or goods, or uses the person�s identity information to make false claims for medical services or goods. Medical identity theft frequently results in erroneous entries being put into existing medical records, and can involve the creation of fictitious medical records in the victim�s name

Nigerian Letter or "419"

Named for the violation of Section 419 of the Nigerian Criminal Code, the 419 scam combines the threat of impersonation fraud with a variation of an advance fee scheme in which a letter, email, or fax is received by the potential victim. The communication from individuals representing themselves as Nigerian or foreign government officials offers the recipient the "opportunity" to share in a percentage of millions of dollars, soliciting for help in placing large sums of money in overseas bank accounts. Payment of taxes, bribes to government officials, and legal fees are often described in great detail with the promise that all expenses will be reimbursed as soon as the funds are out of the country. The recipient is encouraged to send information to the author, such as blank letterhead stationary, bank name and account numbers, and other identifying information using a facsimile number provided in the letter. The scheme relies on convincing a willing victim to send money to the author of the letter in several installments of increasing amounts for a variety of reasons.

If the "opportunity" appears too good to be true, it probably is.
Do not reply to emails asking for personal banking information.
Be wary of individuals representing themselves as foreign government officials.
Be cautious when dealing with individuals outside of your own country.
Beware when asked to assist in placing large sums of money in overseas bank accounts.
Do not believe the promise of large sums of money for your cooperation.
Guard your account information carefully.
Be cautious when additional fees are requested to further the transaction.

Phishing/Spoofing

Phishing and spoofing are somewhat synonymous in that they refer to forged or faked electronic documents. Spoofing generally refers to the dissemination of email which is forged to appear as though it was sent by someone other than the actual source.

Phishing, often utilized in conjunction with a spoofed email, is the act of sending an email falsely claiming to be an established legitimate business in an attempt to dupe the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website.

The website, however, is not genuine and was set up only as an attempt to steal the user's information.

Be suspicious of any unsolicited email requesting personal information.
Avoid filling out forms in email messages that ask for personal information.
Always compare the link in the email to the link that you are actually directed to.
Log on to the official website, instead of "linking" to it from an unsolicited email.
Contact the actual business that supposedly sent the email to verify if the email is genuine.

Internet Extortion

Internet extortion involves hacking into and controlling various industry databases, promising to release control back to the company if funds are received, or the subjects are given web administrator jobs.

Similarly, the subject will threaten to compromise information about consumers in the industry database unless funds are received.

Security needs to be multi-layered so that numerous obstacles will be in the way of the intruder.
Ensure security is installed at every possible entry point.
Identify all machines connected to the Internet and assess the defense that's engaged.
Identify whether your servers are utilizing any ports that have been known to represent insecurities.
Ensure you are utilizing the most up-to-date patches for your software.

Investment Fraud

If the "opportunity" appears too good to be true, it probably is.
Beware of promises to make fast profits.
Do not invest in anything unless you understand the deal.
Don't assume a company is legitimate based on "appearance" of the website.
Be leery when responding to invesment offers received through unsolicited email.
Be wary of investments that offer high returns at little or no risk.
Independently verify the terms of any investment that you intend to make.
Research the parties involved and the nature of the investment.
Be cautious when dealing with individuals outside of your own country.
Contact the Better Business Bureau to determine the legitimacy of the company

Lotteries

If the lottery winnings appear too good to be true, they probably are.
Be cautious when dealing with individuals outside of your own country.
Be leery if you do not remember entering a lottery or contest.
Be cautious if you receive a telephone call stating you are the winner in a lottery.
Beware of lotteries that charge a fee prior to delivery of your prize.
Be wary of demands to send additional money to be eligible for future winnings.
It is a violation of federal law to play a foreign lottery via mail or phone.

Auction Fraud

Before you bid, contact the seller with any questions you have.
Review the seller's feedback.
Be cautious when dealing with individuals outside of your own country.
Ensure you understand refund, return, and warranty policies.
Determine the shipping charges before you buy.
Be wary if the seller only accepts wire transfers or cash.
If an escrow service is used, ensure it is legitimate.
Consider insuring your item.
Be cautious of unsolicited offers.

Third Party Receiver of Funds

Do not agree to accept and wire payments for auctions that you did not post.
Be leery if the individual states that his country makes receiving these type of funds difficult.
Be cautious when the job posting claims "no experience necessary".
Be cautious when dealing with individuals outside of your own country.

Debt Elimination

Know who you are doing business with � do your research.
Obtain the name, address, and telephone number of the individual or company.
Research the individual or company to ensure they are authentic.
Contact the Better Business Bureau to determine the legitimacy of the company.
Be cautious when dealing with individuals outside of your own country.
Ensure you understand all terms and conditions of any agreement.
Be wary of businesses that operate from P.O. boxes or maildrops.
Ask for names of other customers of the individual or company and contact them.
If it sounds too good to be true, it probably is.

Employment/Business Opportunities

Be wary of inflated claims of product effectiveness.
Be cautious of exaggerated claims of possible earnings or profits.
Beware when money is required up front for instructions or products.
Be leery when the job posting claims "no experience necessary".
Do not give your social security number when first interacting with your prospective employer.
Be cautious when dealing with individuals outside of your own country.
Be wary when replying to unsolicited emails for work-at-home employment.
Research the company to ensure they are authentic.
Contact the Better Business Bureau to determine the legitimacy of the company.

Ponzi/Pyramid

Ponzi or pyramid schemes are investment scams in which investors are promised abnormally high profits on their investments. No investment is actually made. Early investors are paid returns with the investment money received from the later investors. The system usually collapses. The later investors do not receive dividends and lose their initial investment.

If the "opportunity" appears too good to be true, it probably is.
Beware of promises to make fast profits.
Exercise diligence in selecting investments.
Be vigilant in researching with whom you choose to invest.
Make sure you fully understand the investment prior to investing.
Be wary when you are required to bring in subsequent investors.
Independently verify the legitimacy of any investment.
Beware of references given by the promoter.

Reshipping

"Reshippers" are being recruited in various ways but the most prevalent are through employment offers and conversing, and later befriending, unsuspecting victims through Chat Rooms.

Unknown subjects post help-wanted advertisements at popular Internet job search sites and respondents quickly reply to the online advertisement. As part of the application process, the prospective employee is required to complete an employment application, wherein he/she divulges sensitive personal information, such as their date of birth and social security number which, unbeknownst to the victim employee, will be used to obtain credit in his/her name.

The applicant is informed he/she has been hired and will be responsible for forwarding, or "reshipping", merchandise purchased in his country to the company's overseas home office. The packages quickly begin to arrive and, as instructed, the employee dutifully forwards the packages to their overseas destination. Unbeknownst to the "reshipper," the recently received merchandise was purchased with fraudulent credit cards.

The second means of recruitment involves the victim conversing with the unknown individual in various Chat Rooms. After establishing this new online "friendship" or "love" relationship, the unknown subject explains for various legal reasons his/her country will not allow direct business shipments into his/her country from the vitim county. He/she then asks for permission to send recently purchased items to the victim's address for subsequent shipment abroad for which the unknown subject explains he/she will cover all shipping expenses.

After the victim agrees, the packages start to arrive at great speed. This fraudulent scheme lasts several weeks until the "reshipper" is contacted. The victimized merchants explain to the "reshipper" the recent shipments were purchased with fraudulent credit cards. Shortly thereafter, the strings of attachment are untangled and the boyfriend/girlfriend realizes their Cyber relationship was nothing more than an Internet scam to help facilitate the transfer of goods purchased online by fraudulent means.

Be cautious if you are asked to ship packages to an "overseas home office."
Be cautious when dealing with individuals outside of your own country.
Be leery if the individual states that his country will not allow direct business shipments from the United States.
Be wary if the "ship to" address is yours but the name on the package is not.
Never provide your personal information to strangers in a chatroom.
Don't accept packages that you didn't order.
If you receive packages that you didn't order, either refuse them upon delivery or contact the company where the package is from.

The above have been collected from various sources. I am working hard to collect relevant data from various sources on internet. Visit www.ic3.gov for more detail information for US Citizens.