- Email: [email protected]
If It’s Too Good To Be True, It Usually Is!
revise.qxd
9/25/00
3:41 PM
Page 16
SHOCKWAVEWRITER
If it’s too good to be true, it usually is! Most of us are aware, (for some painfully aware) frauds have made the leap to the world of computers. That transition was only natural as computers and their associated networks, Internet, national information infrastructures and the global information infrastructure were built. Old fraud schemes have successfully made the transition to cyberspace. At the same time, new ways of separating us from our possessions, usually money, are being thought up every day. Some of the schemes are quite clever. One wonders what the fraudster could accomplish if they were an honest person. Let’s look at some of this year’s computer-related fraud schemes and see if we can learn a thing or two to protect ourselves from them. (Remember that the criteria for designating a crime as a computer fraud is that a computer must be involved; it is used by someone with the intent of deliberate deception to gain something of value; and it in violation of some law.)
The Fraud “Internet Fueling Boost in Fraud & Identity Theft” 19 May 2000. Brian Krebs of Newsbytes reported, “The Internet is fast becoming the primary tool used by perpetrators of identity and bank fraud — and by individuals who would rather not have their names connected to past misdeeds — to commit crimes using another person’s good name and credit.”
Comments Identity theft is one of the worst frauds that can be perpetrated by one individual to another. It is particularly tragic when an honest person has worked hard to build a nest egg for retirement and maintained a good line of credit and
18
reputation, and then someone steals that person’s identity to obtain cash, credit cards, and the like. Today’s criminal justice system is slow to pass applicable laws and law enforcement personnel are even slower to investigate them. While at the same time, the victim is desperately trying, generally on their own, to find out what happened while trying to explain to creditors that the debt is not theirs. This may take years or may never be accomplished.
“criminal justice systems are not prepared to protect, prevent, or deter the fraudulent act” As we pointed out on page 19 of the August issue of this publication, it may even contribute to a person’s death. One United States fraud investigator said that there are many false ID websites, one that received more that 10 000 inquiries in a single day and the yearly income of the site operator may exceed one million US dollars. This type of income is just too good for a fraudster to pass up, especially if they are stealing the identity of a person in another country. In the United States, the Federal Trade Commission is receiving about 400 identity theft-related calls per week, and estimates that it will receive about 200 000 calls a year. The United States’ Social Security Administration recorded over 39 000 incidents of misuse in 1999. If that is just two US agencies, imagine the total
number of incidents throughout the world! What is the criminal justice system doing about it? Well, if the US Department of Justice is any indication of the extent of the problem, they only ‘opened’ 1147 identity theft cases during 1999. Remember now, that does not mean identification of the suspect, nor successful prosecution, nor successful restitution. So, the future is not bright. Identity theft is one great reason for everyone to do a better job when it comes to personal information privacy. If everyone were doing a great job, this would not be anywhere near the problem that it is! To add to that misery, on 15 August, Dick Kelsey of Newsbytes reported that Ancestry.com has started a project to “digitize images of all original documents amassed by the US Census Bureau from 1790 to 1920, or more than 450 million names”. What a bonanza this will be for fraudsters who often use the identity of dead people gleaned from graveyards. Now they can use this website. This is great for the fraudster because it is very likely that the stolen identity would belong to someone deceased. Thus, if caught, no individual would come forth to complain; and we all know how many of those fraudsters are prosecuted.
The Fraud “Online E-Commerce Store Frauds”. One businessman reported the following to the crime reporting section of the infowar.com site. They were experiencing an increase in a particular kind of fraud; “They order the product they want, the order is delivered to their home, and they simply call up Visa or Mastercard and say that they either did not order the product or that their son is only 14 years old and had no right to order over the Internet. They immediately receive credit and they keep the product. I get hit with a $15 bank charge, the UPS fee and I lose the product and the money which I paid to the manufacturer.”
revise.qxd
9/25/00
3:41 PM
Page 17
shockwavewriter
Comments If you have a small business and take it online or just an E-business online, no one has probably explained that such frauds can and do occur on probably a relatively frequent basis. Of course, the Ebusiness owner had not considered computer frauds when the idea came to him or her to start that business. Throughout the world, more people are employed by small businesses than by global corporations. Throughout the world, the small business people are the lifeblood of a nation’s economy. It is expected that such will also be the case in cyberspace — especially in cyberspace where one can run the business from home and use other lower-overhead-cost advantages. Then come the fraudsters. They are likely to be the people who are parents to the gang members, juvenile delinquents and other misfits of society. As someone once said, you need to have a license to drive a car or get married, but no training is required and no license needed to be a parent. The cost of hunting down these fraudsters, trying to get the merchandise back, trying to get the police to investigate, trying to get someone to prosecute, is almost an impossible task — more so the less the merchandise costs. The saying ‘let the buyer beware’ may apply in some E-business cases, but in this case, ‘let the seller beware’. Those are just two of literally thousands of computer fraud cases being perpetrated on many a victim. Without going into detail, here are a couple more of the interesting ones: 1.“Internet Users Hit with Charity Hoax E-Mails” (Reported by Shanida Smith, August 16, Reuters). An example given is about the “American Cancer Society will donate three cents toward cancer research as part of 7-year-old cancer… patients dying wish.” But it seems none of the 7-year-olds noted in this chain letter exist. The American Cancer Society says they are not the sponsors and it is fraudulent. 2.“Trio Accused of Stock Manipulation Via Internet” (Reuters, 21 August). “A Massachusetts state agency on Monday
moved to stop a trio of men from posting what it says are false and misleading statements about three biotech companies on the Internet.” Allegedly the comments dropped one biotech company’s shares down from $35 to $21 each. It was noted that if a person held a ‘short’ position, they could benefit from the drop in price. 3.“Three Indicted in Fake Virtual Art Gallery Scheme” (Reuters 16 August): “Three men were indicted on Wednesday for their role in a scheme to fraudulently sell $5.5 million worth of securities in an allegedly bogus ‘online virtual art gallery and jewelry mall website’.” 4.Website offers to sell US presidential votes (Richard Stenger, CNN.com). “A new website promises to ‘bring capitalism and democracy closer together’ by auctioning votes in the 2000 presidential election.” Combine the lack of Internet security with identity theft, and the like, and we have a formula for a true democratic disaster. We will continue to have increased levels of fraud in our computer-based societies as long was the following three things occur: 1.Someone wants something you have, e.g. your money. (The Fraudster) 2.People remain greedy and think they can get something, if not for free, then very cheaply. (The Victim) 3.Computers provide easy access to other computers and communication with potential fraud victims. (The Means) Throw into that mixture the fact that criminal justice systems are not prepared to protect, prevent, or deter the fraudulent act. In others words, computer frauds will not cease — ever. So, what can we do about it? How can we mitigate or lessen the number of victims and the number of losses? Are we ‘our brother’s keeper’? Should we protect the potential victims from themselves? A little awareness goes a long way. Businesses and governments should provide fraud awareness programmes for their employees. That would take care of the majority of the citizens of the world. For the senior citizens, most don’t use computers. For those that do, the senior
community centres using government agency provided information could provide that awareness. Compared to the losses, the costs are minimal. It is the responsibility of all criminal justice agencies and professionals, e.g. high technology crime investigators, fraud investigators and the like, to volunteer their time and effort where needed. They should go out to the business associations and senior centres to provide a fraud awareness briefing and answer questions on the topic. It only takes a few hours a month and the benefits are immeasurable. The simple fraud awareness message should be simple and clear to all: “If it’s too good to be true, it usually is!” A word of caution to the nation-states of the world: the answer is not in less fraud at the expense of human or civil rights. “India Passes Its First Cyberlaw With Draconian Powers”(19 May 2000 Internet Wire via COMTEX). “The Parliament of India has passed its first Cyberlaw, the Information Technology Act, 2000 …gives draconian powers to the Police to enter and search, without a warrant, any public place for the purpose of nabbing criminals and preventing cyber crime.” As part of that act, the person has only to be ‘reasonably suspected’, and the police define that term. In Japan, the Japan Consumer Information Center said they only received about 5000 complaints in 1995, but 17 000 last year. The Ministry of International Trade and Industry (MITI) will propose legislation to the next Diet that will include a ban on exaggerated advertisements and allow the return of expensive commodities that don’t live up to promises. (Reported by Masahiro Kawaguchi, 24 August, Mainichi Shimbun newspaper) There are too many other examples from around the world to list here. Suffice it to say the problem is as global as the Internet. So, between identity frauds, draconian police powers, false advertising, selling votes, lack of awareness of the dangers by potential victims and insecure global networks, it’s a dangerous world out there. So, be careful and tell all those you know to do the same! 19
9/25/00
3:41 PM
Page 16
SHOCKWAVEWRITER
If it’s too good to be true, it usually is! Most of us are aware, (for some painfully aware) frauds have made the leap to the world of computers. That transition was only natural as computers and their associated networks, Internet, national information infrastructures and the global information infrastructure were built. Old fraud schemes have successfully made the transition to cyberspace. At the same time, new ways of separating us from our possessions, usually money, are being thought up every day. Some of the schemes are quite clever. One wonders what the fraudster could accomplish if they were an honest person. Let’s look at some of this year’s computer-related fraud schemes and see if we can learn a thing or two to protect ourselves from them. (Remember that the criteria for designating a crime as a computer fraud is that a computer must be involved; it is used by someone with the intent of deliberate deception to gain something of value; and it in violation of some law.)
The Fraud “Internet Fueling Boost in Fraud & Identity Theft” 19 May 2000. Brian Krebs of Newsbytes reported, “The Internet is fast becoming the primary tool used by perpetrators of identity and bank fraud — and by individuals who would rather not have their names connected to past misdeeds — to commit crimes using another person’s good name and credit.”
Comments Identity theft is one of the worst frauds that can be perpetrated by one individual to another. It is particularly tragic when an honest person has worked hard to build a nest egg for retirement and maintained a good line of credit and
18
reputation, and then someone steals that person’s identity to obtain cash, credit cards, and the like. Today’s criminal justice system is slow to pass applicable laws and law enforcement personnel are even slower to investigate them. While at the same time, the victim is desperately trying, generally on their own, to find out what happened while trying to explain to creditors that the debt is not theirs. This may take years or may never be accomplished.
“criminal justice systems are not prepared to protect, prevent, or deter the fraudulent act” As we pointed out on page 19 of the August issue of this publication, it may even contribute to a person’s death. One United States fraud investigator said that there are many false ID websites, one that received more that 10 000 inquiries in a single day and the yearly income of the site operator may exceed one million US dollars. This type of income is just too good for a fraudster to pass up, especially if they are stealing the identity of a person in another country. In the United States, the Federal Trade Commission is receiving about 400 identity theft-related calls per week, and estimates that it will receive about 200 000 calls a year. The United States’ Social Security Administration recorded over 39 000 incidents of misuse in 1999. If that is just two US agencies, imagine the total
number of incidents throughout the world! What is the criminal justice system doing about it? Well, if the US Department of Justice is any indication of the extent of the problem, they only ‘opened’ 1147 identity theft cases during 1999. Remember now, that does not mean identification of the suspect, nor successful prosecution, nor successful restitution. So, the future is not bright. Identity theft is one great reason for everyone to do a better job when it comes to personal information privacy. If everyone were doing a great job, this would not be anywhere near the problem that it is! To add to that misery, on 15 August, Dick Kelsey of Newsbytes reported that Ancestry.com has started a project to “digitize images of all original documents amassed by the US Census Bureau from 1790 to 1920, or more than 450 million names”. What a bonanza this will be for fraudsters who often use the identity of dead people gleaned from graveyards. Now they can use this website. This is great for the fraudster because it is very likely that the stolen identity would belong to someone deceased. Thus, if caught, no individual would come forth to complain; and we all know how many of those fraudsters are prosecuted.
The Fraud “Online E-Commerce Store Frauds”. One businessman reported the following to the crime reporting section of the infowar.com site. They were experiencing an increase in a particular kind of fraud; “They order the product they want, the order is delivered to their home, and they simply call up Visa or Mastercard and say that they either did not order the product or that their son is only 14 years old and had no right to order over the Internet. They immediately receive credit and they keep the product. I get hit with a $15 bank charge, the UPS fee and I lose the product and the money which I paid to the manufacturer.”
revise.qxd
9/25/00
3:41 PM
Page 17
shockwavewriter
Comments If you have a small business and take it online or just an E-business online, no one has probably explained that such frauds can and do occur on probably a relatively frequent basis. Of course, the Ebusiness owner had not considered computer frauds when the idea came to him or her to start that business. Throughout the world, more people are employed by small businesses than by global corporations. Throughout the world, the small business people are the lifeblood of a nation’s economy. It is expected that such will also be the case in cyberspace — especially in cyberspace where one can run the business from home and use other lower-overhead-cost advantages. Then come the fraudsters. They are likely to be the people who are parents to the gang members, juvenile delinquents and other misfits of society. As someone once said, you need to have a license to drive a car or get married, but no training is required and no license needed to be a parent. The cost of hunting down these fraudsters, trying to get the merchandise back, trying to get the police to investigate, trying to get someone to prosecute, is almost an impossible task — more so the less the merchandise costs. The saying ‘let the buyer beware’ may apply in some E-business cases, but in this case, ‘let the seller beware’. Those are just two of literally thousands of computer fraud cases being perpetrated on many a victim. Without going into detail, here are a couple more of the interesting ones: 1.“Internet Users Hit with Charity Hoax E-Mails” (Reported by Shanida Smith, August 16, Reuters). An example given is about the “American Cancer Society will donate three cents toward cancer research as part of 7-year-old cancer… patients dying wish.” But it seems none of the 7-year-olds noted in this chain letter exist. The American Cancer Society says they are not the sponsors and it is fraudulent. 2.“Trio Accused of Stock Manipulation Via Internet” (Reuters, 21 August). “A Massachusetts state agency on Monday
moved to stop a trio of men from posting what it says are false and misleading statements about three biotech companies on the Internet.” Allegedly the comments dropped one biotech company’s shares down from $35 to $21 each. It was noted that if a person held a ‘short’ position, they could benefit from the drop in price. 3.“Three Indicted in Fake Virtual Art Gallery Scheme” (Reuters 16 August): “Three men were indicted on Wednesday for their role in a scheme to fraudulently sell $5.5 million worth of securities in an allegedly bogus ‘online virtual art gallery and jewelry mall website’.” 4.Website offers to sell US presidential votes (Richard Stenger, CNN.com). “A new website promises to ‘bring capitalism and democracy closer together’ by auctioning votes in the 2000 presidential election.” Combine the lack of Internet security with identity theft, and the like, and we have a formula for a true democratic disaster. We will continue to have increased levels of fraud in our computer-based societies as long was the following three things occur: 1.Someone wants something you have, e.g. your money. (The Fraudster) 2.People remain greedy and think they can get something, if not for free, then very cheaply. (The Victim) 3.Computers provide easy access to other computers and communication with potential fraud victims. (The Means) Throw into that mixture the fact that criminal justice systems are not prepared to protect, prevent, or deter the fraudulent act. In others words, computer frauds will not cease — ever. So, what can we do about it? How can we mitigate or lessen the number of victims and the number of losses? Are we ‘our brother’s keeper’? Should we protect the potential victims from themselves? A little awareness goes a long way. Businesses and governments should provide fraud awareness programmes for their employees. That would take care of the majority of the citizens of the world. For the senior citizens, most don’t use computers. For those that do, the senior
community centres using government agency provided information could provide that awareness. Compared to the losses, the costs are minimal. It is the responsibility of all criminal justice agencies and professionals, e.g. high technology crime investigators, fraud investigators and the like, to volunteer their time and effort where needed. They should go out to the business associations and senior centres to provide a fraud awareness briefing and answer questions on the topic. It only takes a few hours a month and the benefits are immeasurable. The simple fraud awareness message should be simple and clear to all: “If it’s too good to be true, it usually is!” A word of caution to the nation-states of the world: the answer is not in less fraud at the expense of human or civil rights. “India Passes Its First Cyberlaw With Draconian Powers”(19 May 2000 Internet Wire via COMTEX). “The Parliament of India has passed its first Cyberlaw, the Information Technology Act, 2000 …gives draconian powers to the Police to enter and search, without a warrant, any public place for the purpose of nabbing criminals and preventing cyber crime.” As part of that act, the person has only to be ‘reasonably suspected’, and the police define that term. In Japan, the Japan Consumer Information Center said they only received about 5000 complaints in 1995, but 17 000 last year. The Ministry of International Trade and Industry (MITI) will propose legislation to the next Diet that will include a ban on exaggerated advertisements and allow the return of expensive commodities that don’t live up to promises. (Reported by Masahiro Kawaguchi, 24 August, Mainichi Shimbun newspaper) There are too many other examples from around the world to list here. Suffice it to say the problem is as global as the Internet. So, between identity frauds, draconian police powers, false advertising, selling votes, lack of awareness of the dangers by potential victims and insecure global networks, it’s a dangerous world out there. So, be careful and tell all those you know to do the same! 19