Last updated: February 9, 2019
Online Fraud: How To Avoid Internet Scams
Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more
The internet plays a huge part in many people's lives these days, but rather like when you go to the movies and watch a Hollywood blockbuster film, everything you see on screen is not always as it might seem.
In the same way that filmmakers use sophisticated tricks and effects to get us to believe what we are seeing is real, there are plenty of websites out there which are using a wide range of online tricks and promises to get you to part with your cash or valuable information, for devious and fraudulent reasons.
Increasingly, digital extortion is becoming a bigger threat than online fraud. Just like thugs on the street, online criminals have a number of ways they can wrench money out of you.
Thankfully, the vast majority of people and websites are not criminals. But there are enough criminals that you need to take action to keep yourself safe. Read on to learn how.
Online fraud and scams operate under many different disguises and go by many names, including consumer cybercrime, internet fraud, online crime, and e-crime. No matter what it's called, it causes considerable distress to everyone it affects, and it can even culminate in serious financial problems, as some victims have discovered.
Most Common Internet Scams
The internet is constantly evolving and this means that the fraudsters and cybercriminals who are trying to scam you, are also continually trying to come up with new ideas and schemes to get you to part with your money or your personal data, which they will then use or sell to others for personal gain.
Despite the fact that we now connect with each other via social media networks and can therefore quickly warn others about scams or dodgy websites that we have discovered, it is sometimes a bit embarrassing to admit that we have been conned, which means that the scams can continue to search out victims online if they are not reported and stopped.
Here is a top 10 of internet and email scams, which amazingly, continue to snare new victims every day somewhere in the world, despite the fact that many of us are probably aware of their existence.
Some of these scams and frauds are covered in more detail in other sections of the guide.
The Nigerian Scam
Many of us will have had an email from a Nigerian person claiming to be royalty or very wealthy and in need of assistance to help them get their inheritance out of the country so that they can make a substantial donation to a good church or some other worthy cause.
Sadly, so many people still fall for the desperate and believable stories and send money to cover non-existent expenses like "legal fees", to help them complete the transaction, as the fraudster will claim they don't have any money until the inheritance is released.
There are numerous variations of this fraud and it is a scam that can be traced back to the 1920s, before the internet even existed. The chances of a genuinely wealthy Nigerian finding your email, despite the fact that they don't know you, and truthfully needing your help for a genuine cause, are slim to non-existent, so don't give the scammers anything, no matter how convincing the story is.
Guaranteed Acceptance for a Credit Card or Loan
You may get an email or find a website that offers you guaranteed acceptance for a credit card or loan. This scam is quite believable because some credit card companies and finance providers do charge a fee for their service, but a legitimate card company will only apply the annual fee after you have received your credit card and it is applied to the balance.
Sometimes the offers are very tempting, saying that you have been pre-approved for a loan up to $500,000 for example, and all you have to do is pay an up-front fee to gain access to this credit facility.
Unfortunately, when the victim pays the fee, this the last they will hear from the scammer and they certainly won't be getting a pre-approved credit card through the mail anytime soon.
The opportunity to win a life-changing sum of money is very tempting and the reason why so many of us play the lottery on a regular basis.
Scammers will prey on your dreams and send out an email saying that you have won a lottery prize, but you have to pay a processing pay so that they can send the money to you.
Think about it, how can you win a lottery that you didn't even enter into? As with many of these offers, if it seems too good to be true, it is. Don't fall for the lottery scam.
All scams are bad news if you are a victim, but phishing can quickly create a real nightmare scenario that you should try to avoid at all costs.
Phishing is probably the most common internet and email scam that is around and is basically digital theft of your personal information. The scammers try to convince you to part with valuable data like passwords, dates of birth and credit card details, in order to "verify your identity" as part of a transaction or to prevent fraud, which ironically is what they are actually committing themselves.
If you are online and want to be sure that a site is genuine before you give any personal details, check that the website address has an https:// prefix. Phishing fake sites will just start with the usual http:// and that missing "s" could be a warning sign that could end up costing you hundreds or even thousands of dollars, when your information falls into the wrong hands.
This scam often involves an expensive item like a car, where the scammer offers to pay you more than you are selling it for, supposedly because they want the item shipped overseas.
They send you what appears to be real money order which you then deposit into your bank and in return, they ask you to release the vehicle and the cash for the difference, which they supposedly covered with the money order.
Unfortunately, this scam is often very convincing because it involves real money orders that have in fact been stolen and therefore do look as genuine as they are, but the big issue is that the money order is obviously not authorized, which you then discover when your bank calls to tell you that the payment has been declined, leaving you without a vehicle and with less cash than you had before the transaction.
Scammers will search genuine employment sites online where you may have posted your resume, in the hope of finding their next victim.
You may then receive an "offer of employment", normally for an overseas company. One typical scam of this type involves being recruited as a "financial representative" to handle payments for them from US customers, due to the fact that they have problems accepting them directly as a result of their location.
Your reward is a juicy commission on each transaction and you provide them with your bank account details to receive the commission payments. What actually happens, is the scammers sometimes steal money from your account and also take the opportunity to steal your identity and commit further fraud, so beware of phony career opportunities.
There are many truly worthy causes that you may wish to donate to but sadly, scammers have very few morals when it comes to taking advantage of your charitable nature.
Disasters and worldwide events often involve an international effort to raise much-needed funds, but scammers set up fake websites to collect donations that are never going to a good cause.
If you are unsure, always call the charity directly or check their website. If you are asked for a donation via your email, be careful to ensure that it is not simply a phishing attempt.
Travel scams are often at their highest rate during the summer months, and the offer of a week in an exotic location for free is certainly very tempting if it is genuine.
There are variations of this scam around but generally you may be offered some part of the holiday for "free", such as the travel, only to find that you have signed up for a very expensive hotel deal that does not make the travel costs "free" at all, when you add it all up.
Chain letters and get rich quick schemes have been around for years and the only difference now is that the scammers will contact you by email rather than snail mail.
Not only will you be parted with your money when you sign up, you should also be aware that you could actually be charged with fraud if you choose to participate, so don't be tempted, especially as you are not likely to be anywhere near the top of the pyramid anyway.
Make Money at Home Using your Computer
There are of course genuine opportunities out there to make some extra bucks working at home, but there are also plenty of scammers wanting to take advantage.
One such scam works on asking you for money in return for details on how to generate some regular income. In return for providing your PayPal account details to receive the payments, you install a program that runs multiple ad windows, which generates per-click revenue for the spammers rather than for you.
Trying to get rid of these programs on your computer can be very difficult, so check out any money making opportunity carefully, before you choose to get involved.
Online Scam and Fraud Stats
Online scams are basically a type of fraud that is carried out by criminals online. According to Merriam-Webster.com, fraud is a noun with three distinct meanings:
- Using false pretenses
- Pretending to be someone or something you're not
- Creating a counterfeit item or service
Why Should You Care?
Cybercriminals have developed increasingly advanced techniques over the years. The 2013 Norton Cybercrime report delivers figures that demonstrate how cybercrime is affecting the security of internet users. For the report, 13,022 adults aged 18 to 64 were interviewed from all over the world between the months of July and August of 2013. The following statistics demonstrate the evolution of online fraud:
- Although the number of adults who have fallen victim to consumer cybercrime has decreased, the average cost per victim has gone up by 50 percent.
- Attacks are getting more sophisticated, with fraudsters using tactics like spear-phishing and programs like ransomware.
- 49 percent of consumers use their personal mobile devices for work and for play, leading to new security risks for mobile and e-commerce businesses.
- 48 percent of tablet and smartphone users don't take the most basic security steps such as installing security software or using passwords.
- The direct cost of global online fraud in the United States is $113 billion.
- The average cost per victim is up more than 50 percent in the U.S., from $197 in 2012 to $298 in 2013.
Why Online Fraud Is So Prevalent
Would you ever knowingly leave your front door unlocked when going out for the day? The chances are that nothing will happen, but surely the risk is not worth taking.
This analogy describes how too many people approach internet security. They either assume that nothing will happen to them, or they are simply unaware of the risks.
Cybercrime is a constant threat, and just because it doesn't represent a physical threat in the form of someone trying to break into your home, it can be just as damaging.
The security challenges for IT professionals, businesses, employees, and individuals have become greater, and many organizations are now taking their online security more seriously.
Cisco reported the following data comprised from two global studies in its 2013 Annual Security Report (acquired July 30, 2013):
- The strongest concentration of online security threats don't target gambling, pornography, and pharmaceutical websites. Rather, the greatest threats come from legitimate sites used by many internet users, such as the major search engines, social media platforms and consumer retail sites.
- Advertisements are 182 times more likely to transport malicious content than pornography websites.
- The growth of Android malware has skyrocketed faster than any other form of malware on the web. This is an alarming trend because Android has the most users in the global mobile device market.
- Online shopping sites are 21 times more likely to pass malicious content to visitors than counterfeit software sites.
- Search engines are 27 times more prone to transferring malicious programs than fake software sites.
According to John N. Stewart, senior vice president and chief security officer of Global Government and Corporate Security for Cisco, "Today we live a blended work-personal life. The hackers know this. The security threats that we encounter online like embedded Web malware while visiting popular destinations like search engines, retailers, social media sites and smartphone/tablet apps no longer threaten only the individual; they threaten our organizations by default."
Recognizing Online Financial Fraud
The ever-changing face of technology makes fighting online fraud a significant challenge. Here is a breakdown of the many types of internet consumer fraud.
Online Auction and Store Fraud
Internet auctions and online stores are popular places to find a bargain, but they are also popular with online fraudsters. Here are the most common types of online auction and e-store crimes:
- Non-Delivery — This is when the seller puts an item up for sale, but they fail to deliver to item to the buyer. Additionally, if the consumer uses a credit card, the "seller" could potentially steal their information and even their identity.
- Misrepresentation — Misrepresentation occurs when the seller deliberately values an item incorrectly. This can involve listing false information about an item up for bid or posting pictures that are not of the actual item. Another common practice is to alter the picture to make the item seem like a superior product.
- The Triangulation or Mule Scam — This scam can happen when you buy something from an online auction like eBay or a store like Amazon.com. From the beginning to the end, everything seems normal.
You choose the item, pay for it and order shipment. The goods arrive, and all is well. Soon after, you are informed by the authorities that you have paid for your items using a stolen credit card, but you know this is not the case.
It turns out that the seller took your money and then used a stolen card to buy the goods.
The scammer may have marked the items as a "gift" to hide the invoice details. When ordering from Amazon, eBay, or any other site, always check the buyer's ratings and reviews. If you can, buy directly from Amazon and not a vendor.
- Black Market and Counterfeit Goods — Most consumers have no idea about the amount of counterfeit products for sale on the internet. These include videos, CDs, copied software, and replicas of designer or brand-name merchandise. Customers often only find out that they have bought counterfeit products when the merchandise arrives without the normal warranty, instructions, and packaging.
- Shill Bidding — Shill bidding happens in online auctions. The seller places bids on their own items in order to bring up the price. They may also hire other people to do the false bidding for them. They then pull out right before the bidding closes, falsely inflating the ending price of the auction item.
- Multiple Bidding — Multiple bidding involves the buyer placing bids on an item in different amounts, some high, some low. This makes the price go up significantly, discouraging other buyers from bidding. The fraudster then waits until the final minutes of the auction, when they withdraw all their high bids and leave only the lowest ones.
- Escrow Services Fraud — Just like online fraud, the escrow fraud criminal persuades the victim to conduct business outside the auction site or item-listing platform. They do this by requesting the use of a third-party escrow service to handle the sale. The fraudster then creates a fake escrow website that looks like a real escrow service. When the victim signs up with the fake website and sends payment via the service, they end up with nothing. Another scenario involves the victim sending goods to the fraudster and waiting for a payment to arrive via the fake escrow site, which never turns up.
- The Counterfeit Payment Plot — This online fraud targets consumers through the use of counterfeit cashier's checks and fake money orders. The scam involves the fraudster sending the seller a cashier check or money order for a greater value than the item being purchased. The seller is told to keep some of the money for themselves and to wire the rest back to the fraudster. Once the victim cashes the check, they send the fraudster the cash. The victim then withdraws the money before it clears and sends it to the fraudster, but later discovers that the check was bad and is forced to reimburse the bank. This fraud also occurs on social media sites, forums, or chat rooms. In this case, the fraudster will usually ask for help in cashing a large check that they cannot do themselves for various reasons, offering part of the money in exchange for assistance.
Contests and Romance Fraud
Online Lottery, Contest and Sweepstakes Fraud
Have you ever received a sweepstakes or lottery promotion in your email account? If so, you are among thousands of Americans who receive them nearly every day. As tempting as they seem, it's important to remember that if a contest asks you to pay before you play, or pay to receive your award, it is a fake. Here are some of the most common lottery, contest and sweepstakes swindles.
Prizes and Sweepstakes Scams
You may have received a sweepstakes or special prize promotion via email or during a visit to a website in the form of a pop-up or banner advertisement.
Marketers legitimately use sweepstakes or prize promotions, but they never ask you to pay to enter. If they ask you to pay taxes or they charge you a hidden fee, it is most likely a scam because a legitimate sweepstakes will never charge you to enter.
Be wary if you receive a promotion congratulating you on winning a prize. If you are asked for a shipping or handling fee, or if you are told to buy something to receive your reward, it is likely to be fraudulent.
Is It Legitimate?
To determine the legitimacy of an online sweepstakes or other prize promotion, you should ask yourself the following four key questions:
- What's the Hook? Does the prize company request your credit card account information, bank account number, or even your social security number? No real prize company ever asks for this kind of information in order to confirm that you are the winner.
- Do You Have to Pay? You should never have to pay in order to play or collect your prize when the contest or sweepstakes is a legitimate one.
- Are You Contest Confused? Can you read and understand the rules and entry instructions for the promotion? Are they easy to find on the website or advertisement? If you don't understand or can't find the information you need to be eligible to enter and win, you should think again before you enter or accept your "winnings."
- Are the Prizes Worth the Trouble? Check to be certain that the winnings are truly worth your time and effort. Do you really want to win the prize? If not, ask if there is a cash payout option.
Foreign Lotteries and the Law
Foreign lotteries are illegal in the United States. A federal statute prohibits the mailing and e-mailing of lottery tickets, advertisements, and payments to buy lottery tickets from another country. Here are some even better reasons to avoid them:
- Lottery fraudsters will congratulate you on your winnings and then charge you a fee when you go to collect your imaginary prize.
- Most foreign lottery "agents" will take your cash without even buying your tickets.
- You never want to provide your financial or personal information to a stranger online, even if they tell you that you have won a large prize.
Online Dating Fraud
Many people use online dating sites, but this is another area where fraud can take place. If you meet someone who seems too good to be true, you should ask yourself some questions first:
- Is this person coming on too strong and too fast?
- Did this person start showing a strong interest towards you in a very short space of time?
- Did they tell you they are working and/or residing in another country?
- Finally, the most crucial question: Did they complain about having difficulty cashing a check, perhaps even a paycheck?
If you answered "Yes" to any of these questions, you may be the intended mark of a cybercriminal.
Cybercriminals mastermind these scams by portraying themselves as solitary people looking for legitimate relationships. Here are some of the more common scenarios.
The Reshipping Racket
In this scam, residents of the United States are recruited for the sole purpose of accepting packages at their homes, which they then repackage and send to another country.
Cybercriminals will target their victims in internet chat rooms, dating sites, webinars, social media sites, and messaging programs. They will usually say that their country of origin does not allow direct business shipments and they will ask you if they can send the goods to you instead. It sounds legit, so you agree.
However, a steady stream of packages soon begins to arrive, and this continues for several weeks or even months. The only way to stop it is to contact your local law enforcement agency for help when you learn that the perpetrator used a fake or stolen credit card to purchase the shipments.
Mail Order Bride Scams
This scheme is often aimed at people looking for romance and companionship. The perpetrator will post an advertisement supposedly from a woman looking for a relationship with a foreign man to escape the problems of her home country. When the victim responds, he is told that the woman wishes to move to his country but that she lacks the funds.
Out of the blue, a dating or matching agency contacts the man, saying it can help with all of the necessary paperwork. It also offers to coordinate the arrival of his bride for a nominal payment.
At the last minute, the victim receives a message from the agency explaining that there is a problem and it needs more money. After the victim sends the money, he never hears from the agency again.
Exploiting Human Nature
Online fraudsters understand human nature and exploit it for their own gain. This often involves tricking vulnerable victims and making their problems even more critical. Here are some common scams aimed at people who are often in difficult circumstances:
Advanced Fee Scams
Many people become victims of advance fee loan scams when they are unable to get loans from traditional sources. In these scams, a con artist offers a "guaranteed" loan as long as the victim pays a special fee in advance.
The advanced fee fraudster will tell you they can secure a loan for you from a legitimate lending institution, such as a bank. In reality, they have no power to get a loan for you. Instead, they steal the fee and disappear.
Advance fee fraudsters often ask for a percentage of the gross loan amount for payment of their required fee. For example, if a 10 percent fee is requested, you would have to pay $1,000 to obtain a loan of $10,000, which could land you in serious financial difficulties.
Charities fraud occurs when a fraudster sets out to trick innocent donators. It is most prevalent during the holidays or after a tragedy or major disaster, and people may receive requests via the U.S. Postal Service, online, by telephone, by text, on social media, and even by solicitation on their front doorsteps.
Although there are many recognizable charities, it is always a good idea to check on the organization first by researching online, calling the charity's main office, or calling the Better Business Bureau (BBB).
Never send cash donations or wire money. Don't and over your credit card or bank information. If you are approached by a group in your local neighborhood, take their information and call the agency directly. If you pay by check or credit card online, make sure it is a secure site. You can tell that it's safe if it includes "https" in the address and has a lock icon in the address bar.
Internet Pharmacy Fraud
According to the FDA, it is a violation of the Federal Food, Drug, and Cosmetic Act to provide prescription drugs without a valid prescription. However, many internet pharmacies don't follow state licensing requirements and standards.
The main problem in relation to online pharmacy fraud is counterfeit, expired, or diluted medications. Although a website may ask you to fill out a form or even consult with a "specialist" for a fee, they may not ask for your medical records or follow up to make sure you are satisfied with your prescription. In addition, the "doctors" on these websites often have a questionable background.
The cost savings and convenience can tempt consumers, but remember to never submit your private information or pay a fee to order medications. Ask your doctor to recommend an online pharmacy or other venue to help you get the medicines you need.
Upon further analysis, many labs have found prescription medications from fake online pharmacies have little to no potency, or little evidence of any active ingredients.
Other Online Frauds
There are many other types of online scams to look out for, and some of these include:
- Job Scams — Never pay to get a job or pay a job agency to find you work. Always check on anyone that contacts you to hire you, and call the BBB as well.
- Investment Fraud — Always research the investment company. This includes Ponzi schemes. Go with a reputable company that has been around for a long time. Get recommendations for people who have actually used the service.
- Nigerian "4-1-9" Scams — Never send money to anyone who contacts you via email, and don't reply to these emails. Send the email to your email-hosting provider so that they can investigate.
- Pyramid Schemes — Never accept a franchise or distributorship in exchange for marketing a service or product. Always call your state attorney general's office and the BBB to check on a specific company or organization.
- Online Advertising Fraud — This includes malicious attacks, such as malware, browser hijacking, botnets, and viruses. Always use an antivirus program with malware protection.
Younger and Older Internet Users
Although online fraud and scams can be worrying and confusing, you can proactively protect yourself and your loved ones by taking a few simple measures. Be alert, be skeptical, always question whether something seems odd, and never trust anyone you don't know. Here are some more specific tips to follow for internet users of all ages:
Protecting Kids Online
Online fraudsters often target children and teenagers, and this can lead to problems for the whole family, especially when other computers in the household are affected by malware and viruses as a result. Give your child some commonsense tactics that help them stay safe, such as:
- Trust No One — Explain to them that they can never be sure of a person's real identity online. If they don't know them — or even if they do, but can't confirm it's that person for sure — they should avoid texting, chatting, sharing information, or communicating with them in any other way.
- Lock Down Information — Talk to your children about personal information. Explain to them that they should never tell anyone what their real name, address, or phone number is. Discuss how online predators may ask questions to find a child's location, such as asking them what school they attend, where they like to go shopping, or what their favorite restaurant is.
- Be There, Be Aware — Check on your child's online activity and install password programs and protection. Limit where they can go online — your Internet Service Provider can assist you with this. Be available to answer questions, and don't allow them to buy anything online.
- Defend Gear and Gadgets — You can set up protection on all of your child's mobile gear, from their smartphone to their tablet. Look for instructions from the manufacturer as well as your provider. You can install security applications such as Lookout, and you can use many other safety programs and software to add an extra level of protection. Many phones have settings especially for child users, so look into this as well.
- Seize Teachable Moments — Keep the dialogue open. Use the subject of online fraud as an opportunity to teach your children what to watch out for, as well as what to avoid posting online.
You could also set up some ground rules for using the internet, highlighting the dangers that they should be alert to. This could involve advising them not to:
- click on advertising banners, social media ads, or anything in a pop-up window.
- respond to emails from a stranger or anyone they aren't expecting communications from before checking with you first.
- download anything unless you approve it first.
- share any information with strangers on websites or social media.
- forward emails to a mass group, forum, social media site, or message board.
- order anything online without your knowledge.
- accept gifts, texts, pictures or anything else online without talking to you first.
- post photos of themselves online or via text message.
Gently remind your teen from time to time about the implications of being careless online. Point out how they could jeopardize the entire family, so it isn't just about them. Sit them down and explain the important reasons behind why you have to set these guidelines, and be clear that they should always be able to come to you when they are unsure of anything.
Risks for Older Internet Users
Seniors are often at greater risk of becoming victims of online fraud. If you have an elderly friend or relative, you may want to talk to them about the risks of online fraud and let them know that they can always ask you if they are unsure about something.
- Explain to your elderly relative that they should not trust strangers online, especially those who are asking for their money or confidential information. Inform them about the most common scams out there, such as:
- Fake lottery and sweepstakes asking for upfront fees to enter or collect winnings.
- Government impostors posing as representatives from Medicare, Medicaid, or Social Security.
- Scams where someone poses as their grandchild in need of financial help.
- False offers for free or discounted medications or medical equipment.
- Credit card fraud and investment scams.
Advise them to invest in antivirus, anti-malware, and anti-spyware software, and teach them how to use it. Show them how to keep their virus protection and anti-spyware software running and up to date.
Teach them how to use and save their passwords, perhaps using an encrypted secure password generator like LastPass or Dashlane
. These are simple to use and will give seniors an extra level of protection.
Helping from Afar
If you live a distance from your elderly parents or loved ones, there are still ways that you can help them.
- Ask a trusted friend of the family or next-door neighbor to look in on them occasionally.
- Set up online access to their credit card and bank accounts so you can observe their finances and look for any unusual activity. Check their credit reports at a free credit checker site like AnnualCreditReport.com to make sure no fake accounts have been opened in their names.
- You can get some toll-free help from the AARP Fraud Fighter Call Center at 800-646-2283. You may need to leave a message, but you can expect a reply within 48 hours. According to the AARP, they receive many calls from children of elderly parents who are concerned about possible fraud. Many senior parents are ashamed to confess to their children that a fraudster has victimized them, and the AARP is an invaluable resource in such cases.
Online Fraud Risks for Businesses
Any business can be put at risk by online fraud. Not every business can have the same security measures in place as the big conglomerates, but there is still plenty you can do to prevent online fraud.
One of the most frequent scams for businesses involves credit card fraud. This is often because busy business owners don't have the time or resources to monitor their credit card activity, or they mistakenly mix their personal accounts with their business accounts. Lack of security with the business computers and the network, as well as inadequate background checking of hires, also contribute to the risks.
Other tips for business owners and employees include:
- Secure and Protect All Assets — Add protection to all your credit cards and bank accounts because this is the most vulnerable area of fraud for any business of all sizes. Don't give your credit cards or credit information to your employees or colleagues. Use a secure online bill payment system and store all confidential information in a securely locked place. Lock your company mailbox and only give the key to the most trusted employees.
- Don't Mix Business with Pleasure - Separate your personal accounts from your business accounts. That way, if there is a breach of security, it won't hit every account you own. It will also be much easier to track your business expenses and report deductions on your taxes this way.
- Lock Down Your Company IT Infrastructure — Purchase a firewall, as well as antivirus, malware, and spyware detection programs. Back up everything so you can continue operations even if you are under a major cyber-attack. Change passwords on a regular basis and protect them carefully. Avoid using the same password for all your accounts. Enforce password policies with clear rules for password complexity. Require frequent changes every two months.
- Dedicate One Computer Just for Banking — Devoting one computer to all your online financial transactions and activity is the safest way to do business. It is much harder for cyber crooks to get access to all of your confidential information when you use one machine. Remember to use it exclusively for financial purposes and not for social media, surfing the web, or email. Avoid mobile banking, especially if you are using an unsecured Wi-Fi service.
- Close Points of Entry — Your employees are your biggest area of vulnerability, so make them your first line of defense by holding regular training sessions. Cover the latest security threats and provide updates on the latest swindles. Create policies that guide your workers on things like handling confidential company, personnel, and customer information and financial details.
- Basic Background Checks — Always conduct a basic pre-hire background check on your employees, especially those who will be dealing with high-priced merchandise, confidential company and customer data and financial information. The level you want to dig down into depends on exactly what information your new hire will have access to, so for specific information, go to the Small Business Administration (SBA).
- Coverage is Crucial — Cybersource Corp, a company that provides payment processing and risk management services, reports that retailers' revenue losses due to online fraud has gone up over the past two years, reaching $3.5 billion in 2012. Cover your damages by buying an insurance policy that includes any losses incurred from online fraud, and talk to your bank and credit card companies to find out what types of protection they offer.
Although cybercrime is on the rise and scams are always waiting to entrap you, there is a great deal of information and assistance available for anyone who is concerned about online fraud. Here are some valuable resources to help you avoid internet scams:
- National Fraud Information Center — Fraud.org is the brainchild of the National Consumers League (NCL), a nonprofit advocacy organization based in Washington, D.C. Its goal is to give consumers the information they need to avoid falling victim to telemarketing and online fraud.
- The National Cyber Security Alliance — Working with National Homeland Security, it provides tools for anyone, including families and businesses, who wants to use the internet safely.
- The Business Software Alliance — The BSA teaches parents and children about internet scams and safety. It offers safety games and puzzles for children to solve. It also talks about cyber ethics. The BSA protects intellectual property and works to open fair market trading through government relations, intellectual property enforcement, and educational activities around the world.
- GetNetWise — A public service and project of the Internet Education Foundation, GetNetWise gives parents the resources they need to teach both themselves and their children about staying safe online.
The FBI Steps Forward: The New Internet Crime Initiative
The FBI's Internet Crime Complaint Center (IC3) recently teamed up with the state of Utah to start a pilot program targeting online crime. The focus of the program is to create a firm standard for sharing information and coordinating investigations between law enforcement organizations. The goal is to close the gap between the state and local law agencies and the FBI, opening up information and methodologies to deal with this new kind of criminal.
The Internet Crime Complaint Center has been in operation for over 14 years, providing resources for victims and the law regarding reporting, investigating, and prosecuting internet crimes. IC3 represents tough teamwork between the FBI and the National White Collar Crime Center to give victims of online fraud an accessible and simple reporting platform that alerts the authorities to suspected internet criminal violations.
The IC3 helps law enforcement by acting as a platform to gather internet-related complaints, to do the research related to them, and to generate analytical reports based on each for local, state, federal, tribal, and international law enforcement. It also assists all the state and federal regulatory agencies, helping them develop investigations based on the IC3 data. The IC3 also issues public service announcements to increase internet crime awareness.
The IC3 states that in 2012 alone, victims reported over $500 million in losses from crimes like computer intrusion, extortion scams, fraudulent auto sales, online dating schemes, malware and ransomware, as well as auction and charity fraud. Its new initiative, with the assistance of the Cyber and Criminal Investigative Divisions, combines law enforcement resources to go after cybercriminals systematically.
IC3 is going after cyber thieves using its own tools, including a complaints database and analytics. IC3 personnel are also producing action-based intelligence packages linked to specific geographical areas. These packages help point out major trends and identify individuals and criminal enterprises based on general complaints.
It can also connect various methods of operation back to the same organizations, pinpointing the many layers of current criminal activity. It also includes information from preliminary investigative research performed by the IC3 analysts, including basic web domain searches and criminal record checks.
Once it completes a package, it sends it to the local FBI cyber task force for further action, giving investigators details of any given case before they even conduct the first interview. Their cyber task forces are located in every field office of the FBI. They include FBI agents, other federal representatives, and state and local law enforcement who investigate a gamut of cyber threats, including internet crime.
For example, in the Utah pilot program, FBI agents team up with officers from the Utah Department of Public Safety State Bureau of Investigation, along with federal and local prosecutors and consumer protection bureaus. They make decisions together on whether to prosecute locally or federally, or if they can combine violations of local statutes in a federal prosecution to target entire criminal enterprises that operate across jurisdictional lines.
The more complaints IC3 receives from the public and law enforcement authorities, the more effectively law enforcement can identify and arrest those responsible for online fraud. If you believe you or someone you know has been a victim of internet crime, you can file a complaint with IC3
Whether you are the victim or a third party, submit the following information to file a complaint:
- Mailing address
- Telephone number
- Name, address, telephone number.
- Web address of the individual or organization you think defrauded you.
- Specific details on how, why, and when you think you were defrauded.
- Any other relevant information you believe is necessary to support your complaint.
If you cannot find the details of the person, email server, or the offending site, try tracking down the hosting company they are using. Use the Whoishostingthis.com tool and simply enter the domain in the search field. Hosting companies usually act fast regarding potentially fraudulent activities on their servers. They can also provide a wealth of timely information and lead you in the right direction when it comes to seeking further details.
As state, federal, and local authorities continue to develop cybercrime laws, we can do our part too. As parents and caregivers, we can learn about online fraud and we can then teach the most vulnerable, our young people and our elderly, how to stay safe from cybercrime. Armed with some common sense tactics and information, it is easy to stay safe online.
The crooks may be here to stay, but at least we have ways to stop them cold. Don't become someone's victim online. Be careful, be smart, and communicate when something doesn't seem right to you — and stay safe online.
Extortion has been around for a long time. Think of extortion and you may think of local mobsters extracting payments from shopkeepers for 'protection', or a criminal blackmailing a victim for money in exchange for sensitive images.
These days, however, there is a new threat: digital extortion (also known as cyber extortion). It can affect anyone, anywhere, from large corporations to individuals, and it is only likely to become a more serious problem over coming years.
So what exactly is digital extortion, how can you protect yourself from becoming a victim, and what can you do if you or your organization are affected?
Types of Digital Extortion
There are many types of digital extortion. Some of them are typically targeted at companies, whereas others may be more commonly targeted at individuals.
Distributed denial of service (DDoS) attacks are one of the most common forms of digital extortion, and they are a growing threat, as highlighted in this BBC article.
BT, a telecommunications provider in the UK, found in a June 2014 survey that 41% of organizations around the world had been affected by a DDoS attack in the previous year.
They involve numerous computer systems targeting one system, usually that of a business or organization, to block access to the organization's website. A ransom is then requested in order to stop the attack.
For businesses that rely on their online presence the effects can be disastrous. If the website goes down and customers cannot make orders, the business can end up losing significant amounts of money.
Many organizations do not report these types of attacks. Often they fear that it could affect their reputation or that customers will assume their own security systems were to blame.
Some companies simply pay the money because the amounts involved are less than they would lose if they remained offline for a long period of time.
Holding company data to ransom is another common form of digital extortion.
It gained a lot of publicity when Sony Pictures Entertainment was hacked in November 2014 by the group 'Guardians of Peace', who demanded that the release of the film The Interview was canceled.
When it was not, the hackers released a huge amount of confidential information that caused great damage to Sony.
A similar problem also affected Domino's Pizza in June 2014 when hackers threatened to release details of 600,000 customers unless they received a ransom.
The consequences of the release of such data can be disastrous for organizations because it could lead to legal action and large fines as well as loss of business. A similar situation involves corporate secrets being accessed and held to ransom, which can also be hugely damaging for companies.
Threat of Causing Disruption
Sometimes criminals simply threaten to cause disruption to organizations by hacking into their systems and threatening to delete important files. If the files are essential and have not been backed up, such a situation can be devastating for the affected organization.
Ramsomware can affect individuals as well as organizations. It involves harmful software infecting a computer system, sometimes encrypting files and sometimes locking the system. A ransom is then requested to free the system.
One famous example of ransomware is CryptoLocker, which was first seen in September 2013. This spread via email attachments and earned millions of dollars before being taken down.
Another one was WinLock, which appeared in 2010. This restricted access to computers and asked for a premium rate text message in return for a code to unlock it, earning millions of dollars for the criminals.
This is a crime that tends to affect individuals, and often men.
Police warned men about it in 2018, as reported in CHCH, and the crime involves men being lured into chats online with women where they may end up exposing themselves. Afterwards, the criminal demands payment and threatens to make the footage public.
Another type of sextortion involves a criminal infecting a computer with a virus and then stealing sensitive photos or videos, or even using the victim's webcam to film them. The criminal may then demand more images or money from the victims.
How to Reduce the Risks
Digital extortion is something that can affect anyone. However, there are steps that you or your organization can take to reduce the risks.
Improve Your Security
The most important is to ensure you have suitable security in place. This could be as simple as up-to-date antivirus software for your personal computer.
For an organization, you will need enterprise-level security in place, and you may want to hire a security consultant to check your systems and make any necessary improvements.
Always make backups that you keep both on-site and off-site. That way, if a hacker manages to get access to your system and threatens to delete important data, at least you know you have backups in place and the worst that can happen is that it takes some time to get everything back in place.
Prepare an Action Plan
If you have an action plan in place, you will know what to do when the worst comes to the worst. The risk of digital extortion is very real, so don't wait until the situation happens, and always plan in advance.
Educate your staff on the threats, especially the risks posed by email attachments and phishing emails, and make sure they know what to do if a situation arises.
Some business insurance providers will now provide cover for cyber attacks and extortion. This may be worth considering if you are particularly worried about having to pay large ransoms or the costs for hiring technical experts, so find out whether there is a suitable policy for your business.
Be Aware of the Risks
Simply being aware of the risks and taking sensible precautions can be an effective prevention strategy. In the case of sextortion, be very careful about getting involved in any online video chats with people you don't know.
Change Security Information for Ex-Employees
When employees leave your organization, always change their passwords and any other security information that they had access to otherwise they could pose a security risk.
What to Do If You Receive a Threat
If you do find yourself the victim of digital extortion, you have to make a decision on whether you will pay the ransom or not. It is thought that many organizations do simply pay the ransom when the amount is smaller than the amount they would lose if they did not pay.
If you have insurance in place that covers ransom demands, this may also affect your decision on whether you pay or not.
It may be a good idea to decide in advance if there is any scenario in which you would agree to pay a ransom. That way when a situation arises, you will be better placed to make a quick decision.
If you decide not to pay up the ransom demands, report the situation to the authorities. If the criminals are located overseas, as is often the case, it may be difficult for the authorities to make prosecutions. However, you should still report the situation so that they are aware of it.
You may then want to start collecting evidence including emails and communications. You could also use a service like WhoIsHostingThis.com if the criminals are communicating to you via a website because you may be able to get clues as to who is behind the threat.
Digital extortion is a serious problem, and unfortunately, it is here to stay.
The problem is that criminals often have very little to lose in making their threats anonymously from far-flung places, and they are rarely caught. The best that you can do is to be aware of the risks and take all the relevant precautions to reduce the risk of becoming a victim.
More Extortion Resources
Infosec Institute provides a detailed section on digital extortion.
Security Intelligence also has detailed information on the topic.
Digital fraud and extortion don't affect a large percentage of people, but that doesn't mean they aren't huge problems. And if they affect you, they are very big problems indeed. It is critical to protect yourself.
Hopefully, this guide has made you seen this and given you the tools you need to stay safe.