Internet Fraud and the Need For Public Education - Essay Example

Internet Fraud and the Need for Public Education A well educated American woman recently revealed that she had been swindled out of $400,000 by con artists that are part of a scheme that cost Britain as much as £3.5bn in the past year. She had become a victim of a 419 scam, a type of Internet fraud, which in all its varieties has become more difficult for law enforcement as criminals hide behind international borders where lax laws offers them some level of protection from prosecution. Internet fraud may be as simple as an unwary buyer purchasing a counterfeit fashion from a public auction site, or as complex as planting malicious software on an unsuspecting victim's computer in an effort to steal credit card numbers, banking information, and user passwords. Fraud detection software and security patches can barely outpace the criminals who are constantly in search of a vulnerability to exploit. Firewalls, password technology, and bio-metric devices all contribute to making the personal data that is available on the Internet more secure, but it is usually the gullibility and ignorance of the computer user that is the weak link in the security chain. Professional and public education is the most effective method for reducing and eliminating the crime of Internet Fraud. Internet fraud is an important issue based on the magnitude of the economic cost and the number of people who are at risk of becoming a victim of fraud. While the overall number of crimes reported has experienced a slight drop in recent years, combined losses for the US and the UK is on the rise and topped $12 billion in 2007 when as many as 1 in 13 people unwittingly gave out personal information to scammers (Johnson 2008; 'Protect yourself online'). In the US, financial losses for Internet fraud have skyrocketed from $183.2 million in 2005, to $8.5 billion in 2007 (Dignan 2008, p.33; 'Protect yourself online'). In addition, systems administrators and IT security personnel have been negligent in allowing the theft of tens of millions of credit card numbers and other personal information from commercial websites or government databases ('Protect yourself online'). In almost all these cases the crime could have been prevented by following standard security practices and adhering to common sense principles. Criminals have turned to Internet fraud in increasing numbers because their identity is easy to conceal, few resources are required to perpetrate the crime, there is easy access to countless potential victims, and they can operate in geographic locations where pursuing prosecution is complicated (Grazioli & Wang 2001, p.194). All these factors influence the type of fraud engaged in, the method of working the scam, and the selection of the victim. Anyone who comes into contact with the Internet can become the victim of Internet fraud, but there are some markers that indicate segments of the population who are typically more at risk. Perpetrators are overwhelmingly male, with only one out of four being female (Dignan 2008, p.33). Professional criminals will often target banks that are known to have lax security systems or a low rate of fraud recovery (Anderson 2007, p.5). The most common Internet fraud is the illegal downloading of software or music, and 25 percent of the 10 to 25 year old age group admitted to committing this crime in 2004 (Wilson et al. 2006, p.iv). The personal victims are twice as likely to be male rather than female, and males lose a greater amount of money per transaction on average (Dignan 2008, p.33). Internet auction fraud, which accounts for two thirds of the fraud complaints, had a median loss of $800, while the median loss for all Internet fraud was $424 (Bywell & Oppenheim 2001, p.267; Dignan 2008, p.33). As with crime in general, small losses are generally unreported. Unsophisticated users were also more likely to become victims of Internet Fraud as they are "struggling to develop effective strategies to transact in a virtual world. When compared to more successful and more mature consumers, they insufficiently discount risk in the presence of trust" (Grazioli & Wang 2001, p.201). This may explain why students, with a greater access to computers, tend to use more secure online shopping techniques and are less at risk of becoming a victim than non-students (Winterdyk & Thompson 2008, p.175). Cues as to the deception of a website or its information may not be easily discerned by new users, or those that have a culture of general trust in their fellow man. Most victims are simply unaware of the types of Internet fraud that confronts the Internet user, and have no knowledge of where or how to look for clues that a transaction might be a fraud (Cranor 2008). The most dangerous mix is too much trust and too little knowledge. In regards to the Internet, there is a healthy level of mistrust that should be maintained, and adequate knowledge can always, and should always, be acquired. Common sense business practices can help avoid being a victim of many of the common and simpler forms of Internet fraud. Internet auction sites such as eBay make it extremely difficult to verify the condition of the item being sold, or establish the credibility of the seller. Fraud is easily perpetrated by offering counterfeit goods or low quality products to unaware and trusting buyers. The purchaser has no means of inspecting the goods, and returns or refunds may not be practical to obtain. The popular auction site eBay reports that for every 40,000 transactions there is one case of fraud reported, generally for fraudulent merchandise or goods that were never delivered (Bywell & Oppenheim 2001, p.267). However, they rely on self-reporting and the number could be significantly under-reported if only small amounts of money are involved or if the victim feels a sense of personal embarrassment. Internet fraud can also be conducted from fraudulent websites that are operated by scammers that have all the appearances of a reputable storefront. The only difference is that the scammer does not have any products. By using a short-term strategy and staying on the move, the fraudster can avoid the possibility of being caught. Consumers would benefit from adhering to sensible business practices that should be followed when buying any product sight-unseen from an anonymous seller. They could further protect themselves against fraud by using an escrow service such as Safe Pay, which is a holding account that only transfers the money after both buyer and seller are satisfied (Bywell & Oppenheim 2001, p.268). The EU commission has recently recommended upgrading consumer protection in regards to online auctions, but consumer education and awareness remain the most effective means of avoiding this type of fraud. In the last few years Internet fraud has graduated from a crime that was generally perpetrated by a single hacker with little outside cooperation, to a highly organized system of dedicated criminals operating in an underground economy. Hackers now work for larger organizations that write malicious software that infects thousands of machines that can be used to collect personal information, send fraudulent e-mail, or operate counterfeit websites (Anderson 2007, p.2). 'Phishing' has been added to the popular Internet language as one of the fastest growing areas of Internet fraud. Phishing, which was first reported in 2003, is a crime "in which victims are lured by an email to log on to a website that appears genuine but that actually steals their passwords" (Anderson 2007, p.2). As an example, the scammers send out e-mails that claim to be from their bank and requests that they go to the website and login for some reason that portrays a sense of urgency. The unwitting consumer is then directed by a link in the E-mail to a look-alike Website that is operated by the scammers. When they log in their password or PIN is stolen. Within minutes, the criminal is logging into the victim's real bank website and draining their bank accounts. By using malicious software that takes control of someone else's computer, the scammer can make it appear as if the crime had been committed from some other location, which adds an additional distance between the criminal and law enforcement (Cranor 2008). By sending out millions of e-mails, even a small response rate can generate a substantial amount of theft. Phishing relies on a trusting and naive public, and can take advantage of lax security systems that make them an easier target. Because of the potential for large economic losses and the rapid rise in prevalence, experts and organizations have recently increased their focus on phishing, while scammers have worked to stay one step ahead. Phishing detection software has a limited effectiveness, and does not work well in a home application where it is needed most (Anderson 2007, p.3). If it isn't 100 percent effective then it runs the risk of becoming a level of false confidence. Meanwhile, scammers have produced new and improved hacking software such as the MetaFisher that targets financial institutions and reportedly compromised over 1 million bank accounts in a recent 12-month period (Dunham 2006, p.4). There is no reasonable hope that technology will be able to outpace the fraudsters, and phishing will only be eliminated by a well-educated community of users. Another problem associated with phishing is getting a stakeholder to be financially responsible for solving the problem. Anderson (2007, p.3) reports that "at a recent UK conference, the government wanted citizens to take more responsibility for their own safety online, while banks blamed the government and the ISPs, and everyone else was eager to distance themselves from the problem in other ways". The consumers may have the most to lose, and have the least power in the arrangement. While it is everyone's responsibility, ultimately it is in the self-interest of the consumer to protect themselves by educating themselves about phishing and applying a few standard practices. The Anti-Phishing Working Group tracks and makes lists available to the public of known phishing Websites. Educational materials are also available that helps people learn how to spot deceptive Web site addresses, or look for other signs that a site may be a fake (Cranor 2008). Banks routinely warn their customers that they will never ask for personal information or a password. This and the adage that 'if it sounds too good to be true' are common sense concepts that the public needs to be made aware of through education. Banks have the responsibility to provide improved industry standard security methods, while maintaining consumer usability. Law enforcement and asset recovery have the responsibility to vigorously pursue perpetrators as much as possible. Another economic Internet fraud that can lead to significant personal losses are the 419 scams, which are named after the Nigerian criminal code that covers fraud in the country where the scam originated. There are several variations, but the aim is to contact a victim and prey on their naiveté, sympathy, trust, kindness, and greed. An E-mail is sent to the victim that may have a story of a family that needs to leave the country but is suffering under extreme political oppression. The family is wealthy, and will grant you tens of thousands of dollars when they escape their condition. However, they need the victim to wire them $3,000 to get out of Nigeria as their bank account is frozen. Over time and escalating amounts, the victim finally figures out that there is no family and there is no hardship. The same human qualities that make people fall for phishing also get them to fall for the 419 scam. Blommaert and Omoniyi (2006, p.574) describe the 419 fraud as "a genre of contemporary globalized communication: an email spam hoax message, originating presumably from somewhere in the periphery of the world and sent to a large number of addressees in the core countries of the world system". People are led to believe that they are helping someone in need, yet also exploits their greed by promising them future wealth. The FBI and the CIA have vigorously pursued these cyber criminals, but the consumer is once again the weak link in the chain. E-mail users need to become aware of these types of frauds and educated on a more rational reaction to receiving such communications. Not all Internet frauds are economic, as some perpetrators seek to fulfil their own specific needs. Stolen credit cards often require accomplishes to use the cards or take delivery of the products. Known as mules, they are often found through Internet advertising as a legitimate job such as freight forwarding. The scammer has the stolen goods sent to the mule and the mule forwards them to another address. The unwitting victim is placed in the position of receiving goods that were purchased with a stolen credit card, which insulates the scammer from law enforcement. Firms become the victim of Internet fraud by the abuse of 'click fraud'. Firms advertise on websites and pay an amount that is based on how many people click on the ad. Competitors will fraudulently and excessively click on the ad, which runs up their advertising budget and places them at a disadvantage. Holahan (2006) reports that 14.1 percent of the advertising clicks were fraudulent during a three-month period in 2006, at a cost of hundreds of millions of dollars. Cyber criminals will always find new and imaginative ways to exploit any technology. In almost all the cases of Internet fraud described could have been prevented by a well-educated public and improved IT security departments. For the consumer, the clues to detect fraud are usually based around common sense and do not require an in-depth understanding of computer architecture or operating systems. Minimal education could enlighten people to the basic clues that should arouse a rational suspicion. Virus detection software is a necessity on a home computer in today's world of malware and spyware that can monitor your computer and record passwords. . Human nature, and the desire to be generous and caring, is a powerful motivation to overcome, but can be costly when dealing with anonymous parties on the Internet. IT departments need to keep abreast of the latest technology and assure that it is installed and active. Large-scale credit card or identity thefts are often the result of a hacker exploiting a neglected weakness in the system. In essence, Internet fraud cannot be solved by the use of technology alone. It is the human intervention that can make judgments and use the quality of suspicion and mistrust that scammers fear the most. In conclusion, Internet fraud can take a wide variety of forms and can target just about anyone that comes into contact with the Internet. Illegal downloading, online auction fraud, and phishing target the consumer as products are stolen, misrepresented, and bank accounts are breached. Government and corporate databases become targets as hackers break into these computers to steal credit card numbers or personal identity information. Combined economic losses reach into the billions of dollars in the UK, the US, and other developed countries around the world. In addition, scammers put well-intentioned people at risk of arrest by using the unwitting victims as mules in their plan to commit fraud. Phishing, unheard of just 5 years ago, has risen to become one of the most pervasive and costly forms of Internet fraud. It plants malicious software, uses fake websites, and misdirects users in an attempt to steal their passwords and gain access to the victim's bank accounts. Yet, technology cannot solve the problem of Internet fraud. The limitations of technology must be supplemented with a sound educational program that can enlighten the public to the dangers of the Internet, and teach then how to uncover the clues that are available to reveal the scammer's deception. References Anderson, R 2007, Closing the phishing hole – fraud, risk, and non-banks, Federal Reserves Bank, Kansas City KS. Blommaert, J, Omoniyi, T 2006, 'Email fraud: language, technology, and the indexicals of globalisation', Social Semiotics, vol.16, no.4, pp.573-605. Bywell, C, & Oppenheim, C 2001, 'Fraud on Internet auctions', Aslib Proceedings, vol.53, no.7, pp.265-272. Cranor, LF 2008, 'Can phishing be foiled?', Scientific American, vol.299, no.6. Dignan, L 2008, 'Internet fraud: boys will scam, be scammed', eWeek, vol.23, no.17, pp.33-33, viewed 18 Decenber 2008, (Academic Search Premier) Dunham, K 2006, 'MetaFisher: next-generation bots and phishing', Information Systems Security, vol.15, no.5, pp.2-6. Grazioli, S & Wang, A 2001, 'Looking without seeing: understanding unsophisticated consumers' success and failure to detect Internet deception', Paper Presented at the Twenty-Second International Conference on Information Systems December 2001, New Orleans USA, pp.193-204. Holahan, C 2006, 'Compensating click fraud's victims', Business Week Online, 25 July, viewed 18 December 2008, (Academic Search Premier) Johnson, B 2008, 'Scammers take victim for $400,000', guardian.co.uk, 14 November, viewed 19 December 2008, McMillan, R 2008, 'Men fall harder for online fraud', Macworld, vol.25, no.6, viewed 18 December 2008, (Academic Search Premier) 'Protect yourself online' 2008, Consumer Reports, vol.73, no.9, pp.23-25. viewed 18 December 2008, (Academic Search Premier) Wilson, D, Patterson, A, Powell, G, & Hembury, R 2006, Fraud and technology crimes, Report to the Research Development and Statistics Directorate, Home Office, London. viewed 18 December 2008, Winterdyk, J & Thompson, N 2008, 'Student and non-student perceptions and awareness of identity theft', Canadian Journal of Criminology & Criminal Justice, vol.50, no.2, pp.153-186 Read More