Internet Fraud

A crime in which the perpetrator develops a scheme using one or more elements of the INTERNET to deprive a person of property or any interest, estate, or right by a false representation of a matter of fact, whether by providing misleading information or by concealment of information.

As increasing numbers of businesses and consumers rely on the Internet and other forms of electronic communication to conduct transactions; illegal activity using the very same media is similarly on the rise. Fraudulent schemes conducted via the Internet are generally difficult to trace and prosecute, and they cost individuals and businesses millions of dollars each year.

From computer viruses to Web site hacking and financial FRAUD, Internet crime became a larger concern than ever in the 1990s and early 2000s. In one sense, this situation was less a measure of growing pains than of the increasing importance of the Internet in daily life. More users surfing the Web, greater business reliance upon E-MAIL, and the tremendous upsurge in electronic commerce have raised financial stakes. A single virus outbreak in 1999 was blamed for more than $80 million in damage, while Web site hacking in early 2000 purportedly cost hundreds of millions more. Adding new wrinkles were complaints about rampant fraud on popular online auction sites. Together, the problems drew tough rhetoric from U.S. officials, who announced new initiatives, deployed cyber-crime units, made numerous arrests, and even pursued international manhunts.

According to a U.S. JUSTICE DEPARTMENT Web site devoted to the topic, Internet fraud refers to any type of scheme in which one or more Internet elements are employed in order to put forth "fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme." As pointed out in a report prepared by the National White Collar Crime Center and the FEDERAL BUREAU OF INVESTIGATION (FBI) in 2001, major categories of Internet fraud include, but are not limited to, auction or retail fraud, SECURITIES fraud, and IDENTITY THEFT.

Securities fraud, also called investment fraud, involves the offer of bogus stocks or high-return investment opportunities, market manipulation schemes, pyramid and Ponzi schemes, or other "get rich quick" offerings. Identity theft, or identity fraud, is the wrongful obtaining and use of another person' personal data for one's own benefit; it usually involves economic or financial gain for the perpetrator.

In its May 2002 issue, Internet Scambusters cited a study by Gartner G2 that demonstrated online merchants lost $700 million to Internet fraud in 2001. By comparison, the report showed that "online fraud losses were 19 times as high as offline fraud." In fact, the study pointed out that in the same year more than five percent of those making purchases via the Internet became victims of credit card fraud.

The IFCC, in its 2001 Internet fraud report, released statistics of complaints that had been received and then referred to law enforcement or regulatory agencies for action. For the 12-month period covered by the report, the IFCC received more than 17 million inquiries to its Web site, with nearly 50,000 formal complaints lodged. It must be noted, however, that the number of complaints included reports of computer intrusions and unsolicited CHILD PORNOGRAPHY.

Significant findings in the report revealed that Internet auction fraud was the most reported offense, comprising 42.8 percent of referred complaints. Besides those mentioned above, top fraud complaints also involved non-delivery of merchandise or payment, credit/debit card fraud, and confidence fraud. While it may seem easy to dismiss these concerns as obvious, the schemes used to defraud customers of money or valuable information have become increasingly sophisticated and less discernible to the unsuspecting consumer.

The "IFCC 2001 Internet Report" revealed that 81 percent of those committing acts of fraud were believed to be male, and nearly 76 percent of those allegedly involved in acts of fraud were individuals. According to the report, California, Texas, Florida, New York, and Illinois were the states in which half of the perpetrators resided. The report also provided a shocking example of just how difficult a task tracking down those involved in Internet fraud can be. According to the report, out of the more than 1,800 investigations initiated from complaints during 2001, only three arrests were made.

One example of the growing sophistication of Internet fraud cases can be seen in a 1997 case brought by the FEDERAL TRADE COMMISSION (FTC). FTC v. Audiotex Connection, Inc., CV-970726 (E.D.N.Y.), dealt specifically with a scam in which Internet consumers were invited to view or to access free computer images. As reported in a February 10, 1998, FTC statement made before a Senate Subcommittee on Investigations of the Governmental Affairs Committee, when viewers attempted to access the images, their computer modems were surreptitiously disconnected from their local Internet Service Providers (ISPs) and were reconnected to the Internet through the defendants' expensive international modem connections. Exorbitantly priced long-distance telephone charges continued to ACCRUE until the consumer turned off the computer, even if he or she had exited the defendant's Web site and moved elsewhere on the Internet. Approximately 38,000 consumers fell for this scam, losing $2.74 million.

The U.S. Department of Justice Web site that addresses the major types of Internet fraud reports the following recent examples of various types of illegal activity carried out using the medium.

Two separate Los Angeles cases demonstrate the intricacies of securities fraud and market manipulation. In the first case, defendants bought 130,000 shares of bogus stock in NEI Webworld, Inc., a bankrupt company whose assets had previously been liquidated. Defendants in the case then posted e-mail messages on various Internet bulletin boards, claiming that NEI was being acquired by a wireless TELECOMMUNICATIONS company. Within 45 minutes of the posting, shares increased from $8 to $15 each, during which time defendants "cashed out." The remaining stock was worth 25 cents a share within a 30 minute period. The second example involves a case in which an employee of PairGain Technologies set up a fraudulent Bloomberg news Web site and reported false information regarding the company's purchase by a foreign company. The employee then posted bogus e-mail messages on financial news bulletin boards that caused a 30 percent manipulation of PairGain stock prices within hours.

In another example of investment fraud, perpetrators used the Internet, along with telemarketing techniques, to mislead more than 3,000 victims into investing almost $50 million in fraudulent "general partnerships involving purported high-tech investments, such as an Internet shopping mall and Internet access providers."

More than 100 U.S. military officers were involved in a case of identity theft. Defendants in the case illegally acquired the names and SOCIAL SECURITY numbers of the military personnel from a Web site, and then used the Internet to apply for credit cards issued by a Delaware bank. In another case of identity theft and fraud, a defendant stole personal information from the Web site of a federal agency and then used the information to make applications for an online auto loan through Florida bank.

The Department of Justice Web site also gives an example of a widely reported version of credit card fraud. In the elaborate scheme, a perpetrator offers Internet consumers expensive electronics items, such as video cameras, at extremely low prices. As an incentive, they tell consumers that the item will ship before payment is finalized. When terms are agreed to, the perpetrator uses the consumer's name and address, but another party's illegally obtained credit card number, to purchase the item through a legitimate online vendor. Once the consumer has received the item, he or she authorizes credit card payment to the perpetrator. In the meantime, when the credit card holder, whose card number was used to purchase the item, stops payment on the unauthorized order, the vendor attempts to re-collect the merchandise from the consumer. The defrauded consumer, the victim of the credit card theft, and the merchant usually have no simple means of redress, since by the time they "catch on," the perpetrator has usually transferred funds into untraceable accounts.

In March 1999 the FBI became involved in a highly publicized hunt for a computer virus author. Electronic viruses are malicious software programs written to cause harm to unsuspecting computer users. They are designed to spread from computer to computer. Their propagation traditionally relied upon computer users sharing disks or software. On March 26, 2000, the appearance of the Melissa virus announced a new, dangerous breed of viruses delivered by e-mail, and it prompted heightened interest from federal law enforcement.

The virus was less deadly than those that erase data on a computer's hard drive. At heart, Melissa was an e-mail that contained a list of PORNOGRAPHY Web sites, along with programming code that sent up to 50 copies of itself to names found in a victim's e-mail address book. This self-replicating behavior had the potential to strain and disable computer networks, as the FBI warned on March 28 in an alert issued through its National Infrastructure Protection Center (NIPC). Within days, these fears were realized as dozens of corporate e-mail servers slowed under a flood of Melissa e-mail. In all, the infection reached nearly 19 percent of U.S. corporations and an estimated 1.5 million computers.

Less than a week later, the FBI nabbed the virus author. David L. Smith, a 30-year-old, Aberdeen, New Jersey, computer programmer, had unintentionally left his name in similar

virus code. Charged with conspiracy, theft of computer services, and interruption of public communications, he pleaded innocent. After striking a plea bargain with state and federal prosecutors on December 11, however, he pleaded guilty to a single state count of computer theft along with a single federal count of sending a damaging computer program. Smith acknowledged that the virus had caused upwards of $80 million in clean-up costs.

The FBI issued a second virus advisory in June 1999, and then in May 2000, U.S. and Philippine officials cooperated in a manhunt for a third virus author. Like Melissa, the so-called Love Bug worm transmitted and replicated itself via e-mail, but it differed by damaging files on victims' computers. As authorities deemed it the fastest-spreading virus in history, the NIPC traced its origins to Manila. Prompted by U.S. officials, the Philippine National Bureau of Investigation arrested 27-year-old Reomel Ramones. The case hit snags, however, as authorities were at a loss to find physical evidence and even to know what to charge Ramones with, since virus writing is not a criminal offense under Philippine law.

Hackers also launched assaults on U.S. government systems. For several years, hackers penetrated federal computers belonging to the Pentagon and other agencies, often eluding authorities. They occasionally publicized government data in works such as 2600: The Hacker Quarterly and created a daring image celebrated in popular culture. In 1999 the White House declared war. President BILL CLINTON targeted hackers in get-tough speeches in January and May. An FBI dragnet culminated in the arrest of 20 suspected hackers in six states. Apparently as retaliation, hackers defaced Web sites belonging to the FBI, the INTERIOR DEPARTMENT, the U.S. Senate, and even the White House, forcing some to shut down for hours. A few days later, on June 2, White House press secretary Joe Lockhart announced a government-wide review of computer security and vowed to punish the responsible parties. Yet the government's effectiveness came into question in early 2000 as high-profile attacks crippled major Web sites.

As the government grappled with hackers, a famous hacker was released from prison. Kevin Mitnick, held in federal custody without bail or a trial since 1995, entered a plea bargain with the Los Angeles district attorney's office on charges pending from his arrest for intrusion into several corporate computer systems. A cause celebre in the computer underground since fleeing a manhunt in the early 1990s, Mitnick's case had prompted public protests and even hacks of Web sites proclaiming the message, "Free Kevin." On August 9, U.S. District Judge Mariana Pfaelzer sentenced the 35-year-old hacker to 46 months in federal prison and ordered him to pay $4,125 in restitution. He was released on January 21, 2000. Mitnick's PAROLE terms forbid him from using computers in any way for another three years. When authorities subsequently barred him from accepting lucrative speaking engagements, Mitnick retained famed FIRST AMENDMENT attorney Floyd Abrahms, filed suit, and successfully proved that the terms of his parole violated his right to FREEDOM OF SPEECH.

As Internet auction sites gained popularity, fraud also attracted federal attention. In February 2000, the FTC announced a multi-agency effort to combat what it said was a hundredfold increase in complaints about Web-based fraud. The FTC reported that complaints had soared from 107 in 1997 to 10,700 in 1999. In response, it announced plans to work with the Department of Justice, the U.S. Postal Inspection Service, and other federal and state authorities to increase the number of cases it files in court, which to date amounted to only 35. The leading Internet auction site eBay separately announced that it would cooperate with authorities to sniff out con artists. According to statistics from the National Fraud Information Center, fraud in online AUCTIONS accounted for 90 percent of the total incidents of Internet fraud in 2002.