The most common type of fraud perpetrated in or out-side of the virtual world was identity theft. Simply put, identity theft is the theft of an individual's personal information
TABLE 4.2
| Computer-related crime prosecuted by prosecutors' offices, 2001 | |||||
| Percent of prosecutors' offices | |||||
| Full-time offices (population served) | |||||
| Type of computer crime prosecuted | All offices | Large (1,000,000 or more) | Medium (250,000 to 999,999) | Small (under 250,000) | Part-time |
| Note: Data on prosecution of any computer related crime under their state's computer statutes were available for 2,151 prosecutors' offices. Data were available on credit card fraud for 1,995 prosecutors' offices, bank card fraud 1,956 offices, forgery 1,894 offices, sabotage 1,853 offices, unauthorized access to computer system 1,878 offices, unauthorized copying or distribution of computer programs 1,883 offices, cyberstalking 1,927 offices, theft of intellectual property 1,839 offices, transmitting child pornography 2,029 offices, and identity theft 1,927 offices. | |||||
| 1ATM or debit. | |||||
| 2Alteration of computerized documents. | |||||
| 3To hinder the normal function of a computer system through the introduction of worms, viruses, or logic bombs. | |||||
| 4Hacking. | |||||
| 5Software copyright infringement. | |||||
| 6The activity of users sending harassing or threatening e-mail to other users. | |||||
| SOURCE: "Computer-related Crime Prosecuted by Prosecutors' Offices," in Prosecutors in State Courts, Bureau of Justice Statistics, Office of Justice Programs, U.S. Department of Justice, 2001, http://www.ojp.usdoj.gov/bjs/pub/pdf/psc01.pdf (accessed November 11, 2004) | |||||
| Any computer-related crime | 41.5% | 97.0% | 72.9% | 44.2% | 16.8% |
| Credit card fraud | 27.4 | 93.5 | 61.2 | 28.2 | 7.4 |
| Bank card fraud1 | 22.3 | 83.3 | 50.9 | 22.6 | 6.9 |
| Computer forgery2 | 13.3 | 63.0 | 39.2 | 12.8 | 2.7 |
| Computer sabotage3 | 4.6 | 53.6 | 14.4 | 3.8 | 0.5 |
| Unauthorized access to computer4 | 9.6 | 60.7 | 28.8 | 8.8 | 2.3 |
| Unauthorized copying or distribution of computer programs5 | 2.7 | 53.8 | 9.0 | 1.8 | 0.2 |
| Cyberstalking6 | 16.3 | 76.7 | 47.8 | 15.1 | 4.5 |
| Theft of intellectual property | 3.2 | 40.7 | 13.4 | 2.3 | 0.5 |
| Transmitting child pornography | 30.0 | 87.1 | 67.1 | 30.4 | 10.8 |
| Identity theft | 18.2 | 80.0 | 51.9 | 17.2 | 4.5 |
such as a telephone number, address, a credit card number, or a Social Security number. Thieves use this information to buy things, set up false credit card and cell phone accounts, and even perpetrate crimes. With a victim's Social Security number, address, and phone number, for instance, a thief can apply for numerous credit cards in the victim's name and proceed to run up the limits on these cards. Such a crime leaves the victim's credit report in shambles, making it difficult to apply for loans or additional cards in the future.
In 1998 Congress gave the FTC the responsibility to track identity theft in the United States. As Figure 4.1 shows, reported cases of identity theft nearly tripled from 2001 to 2003, when they comprised 42% of all cases of fraud. Table 4.3 breaks down incidents of identity fraud by state. Arizona topped the list with the highest number of reported cases of ID fraud per capita, followed by Nevada, California, and Texas. North Dakota and South Dakota had the lowest number of victims of identity theft.
The cases reported to the FTC, however, did not necessarily paint a true picture of identity crime in the United States. In fact, most incidents were never reported. In 2003 the FTC also conducted a survey of random households to come up with a more complete understanding of how identity theft affected Americans. The resulting Identity Theft Survey Report (September 2003) revealed that most identity fraud involved the use of an existing account (both credit card and noncredit card) to purchase merchandise
FIGURE 4.1
or services. Table 4.4 shows that 3.1% of Americans discovered that their existing accounts were being used by thieves in 2003. One-half that number of Americans (1.5%) reported that new accounts or loans were
TABLE 4.3
| Indentity theft victims, by state, 2003 | |||||||
| January 1–December 31, 2003 | |||||||
| Rank | Consumer state | Complaints per 100,000 population | Number of complaints | Rank | Victim state | Victims per 100,000 population | Number of victims |
| Note: Per 100,000 unit of population estimates are based on the 2003 U.S. Census population estimates. | |||||||
| Numbers for the District of Columbia are: Fraud = 989 complaints and 175.5 complaints per 100,000 population; Identity Theft = 917 complaints and 162.8 victims per 100,000 population. | |||||||
| SOURCE: "Identity Theft Victims by State," in National and State Trends in Fraud and Identity Theft, Identity Theft Clearinghouse, U.S. Federal Trade Commission, January 22, 2004, http://www.consumer.gov/sentinel/pubs/Top10Fraud2003.pdf (accessed November 11, 2004) | |||||||
| 1 | Alaska | 179.6 | 1,165 | 1 | Arizona | 122.4 | 6,832 |
| 2 | Hawaii | 131.0 | 1,647 | 2 | Nevada | 113.4 | 2,541 |
| 3 | Wyoming | 128.1 | 642 | 3 | California | 111.2 | 39,452 |
| 4 | Washington | 119.6 | 7,335 | 4 | Texas | 93.3 | 20,634 |
| 5 | Colorado | 114.3 | 5,200 | 5 | Florida | 83.0 | 14,119 |
| 6 | Nevada | 113.7 | 2,548 | 6 | New York | 82.4 | 15,821 |
| 7 | New Hampshire | 113.5 | 1,461 | 7 | Oregon | 81.7 | 2,909 |
| 8 | Oregon | 112.7 | 4,011 | 8 | Colorado | 81.3 | 3,698 |
| 9 | Arizona | 112.1 | 6,256 | 9 | Illinois | 77.4 | 9,792 |
| 10 | Montana | 111.5 | 1,023 | 10 | Washington | 77.3 | 4,741 |
| 11 | Virginia | 110.6 | 8,171 | 11 | Maryland | 74.9 | 4,124 |
| 12 | Florida | 108.2 | 18,419 | 12 | Georgia | 70.5 | 6,127 |
| 13 | Maryland | 107.7 | 5,931 | 13 | New Mexico | 70.3 | 1,317 |
| 14 | California | 104.9 | 37,221 | 14 | New Jersey | 68.9 | 5,948 |
| 15 | Utah | 104.1 | 2,447 | 15 | North Carolina | 65.9 | 5,537 |
| 16 | New Jersey | 97.8 | 8,451 | 16 | Michigan | 65.1 | 6,566 |
| 17 | Delaware | 97.4 | 796 | 17 | Missouri | 61.3 | 3,496 |
| 18 | Connecticut | 96.7 | 3,368 | 18 | Indiana | 59.1 | 3,660 |
| 19 | Wisconsin | 92.2 | 5,048 | 19 | Virginia | 58.2 | 4,297 |
| 20 | Pennsylvania | 91.9 | 11,358 | 20 | Delaware | 57.7 | 472 |
| 21 | Missouri | 90.8 | 5,179 | 21 | Massachusetts | 56.5 | 3,634 |
| 22 | Kansas | 90.5 | 2,465 | 22 | Utah | 56.4 | 1,326 |
| 23 | Vermont | 89.6 | 555 | 23 | Connecticut | 54.9 | 1,913 |
| 24 | Rhode Island | 89.5 | 963 | 24 | Pennsylvania | 52.9 | 6,545 |
| 25 | Massachusetts | 89.1 | 5,729 | 25 | Hawaii | 51.6 | 649 |
| 26 | Idaho | 88.9 | 1,215 | 26 | Kansas | 50.6 | 1,378 |
| 27 | Indiana | 88.0 | 5,455 | 27 | Rhode Island | 49.9 | 537 |
| 28 | Nebraska | 87.7 | 1,526 | 28 | Minnesota | 49.7 | 2,517 |
| 29 | Ohio | 87.6 | 10,020 | 29 | Oklahoma | 48.1 | 1,689 |
| 30 | Maine | 85.7 | 1,119 | 30 | Ohio | 48.0 | 5,494 |
| 31 | Michigan | 85.4 | 8,612 | 31 | Tennessee | 47.6 | 2,782 |
| 32 | Illinois | 84.4 | 10,681 | 32 | Arkansas | 47.5 | 1,294 |
| 33 | New Mexico | 84.3 | 1,580 | 33 | South Carolina | 45.7 | 1,895 |
| 34 | New York | 84.3 | 16,170 | 34 | Nebraska | 44.9 | 781 |
| 35 | Minnesota | 83.6 | 4,229 | 35 | Wisconsin | 42.5 | 2,325 |
| 36 | North Dakota | 81.7 | 518 | 36 | Louisiana | 41.7 | 1,875 |
| 37 | Oklahoma | 80.5 | 2,828 | 37 | Alabama | 40.5 | 1,823 |
| 38 | South Dakota | 79.9 | 611 | 38 | New Hampshire | 38.8 | 500 |
| 39 | West Virginia | 79.2 | 1,434 | 39 | Mississippi | 37.6 | 1,084 |
| 40 | North Carolina | 78.7 | 6,618 | 40 | Idaho | 36.1 | 493 |
| 41 | Iowa | 77.7 | 2,288 | 41 | Alaska | 35.6 | 231 |
| 42 | Tennessee | 76.7 | 4,479 | 42 | Wyoming | 34.3 | 172 |
| 43 | Georgia | 76.6 | 6,649 | 43 | Kentucky | 32.3 | 1,332 |
| 44 | Texas | 75.5 | 16,706 | 44 | Montana | 30.7 | 282 |
| 45 | Kentucky | 72.5 | 2,986 | 45 | Iowa | 30.6 | 900 |
| 46 | Alabama | 71.0 | 3,196 | 46 | West Virginia | 28.1 | 508 |
| 47 | South Carolina | 70.1 | 2,907 | 47 | Maine | 27.0 | 353 |
| 48 | Louisiana | 65.3 | 2,936 | 48 | Vermont | 25.7 | 159 |
| 49 | Arkansas | 62.8 | 1,712 | 49 | North Dakota | 20.0 | 127 |
| 50 | Mississippi | 52.2 | 1,503 | 50 | South Dakota | 19.6 | 150 |
taken out in their name in 2003. All told, an estimated ten million cases of identity fraud took place in the United States in 2003, affecting 4.6% of Americans. Banks and credit card companies, which typically assumed the cost of the merchandise purchased by identity thieves, lost an estimated $48 billion to identity theft. Victims of identity theft spent an average of thirty hours and nearly $500 of their own money dealing with the problem.
Figure 4.2 shows what types of accounts identity thieves opened after they obtained a victim's personal information. Nearly 8% of all identity victims reported that the thief opened up a credit card account in the victim's name. Five percent said their identity was used to take out a loan or subscribe to telephone service, and 3% claimed someone opened a checking/savings account in their name. Figure 4.3 displays which types of existing accounts thieves misused. By far, thieves stole credit card account numbers the most. Checking/savings accounts came in second at 19%, followed by telephone service at 9%, Internet at 3%, and insurance accounts at 2%.
TABLE 4.4
| Cost of identity theft, 20021 | |||
| New accounts & other frauds | Misuse of existing accounts (both creditcard & non-credit card) | All ID theft | |
| 1Totals by type of ID theft may not sum to the amount shown in the totals column due to rounding. "Average per victim" figures in the "All ID theft" column are a weighted average of the values for the different types of ID theft with the incidence in the past year used as weights. | |||
| 2Based on U.S. population age 18 and over of 215.47 million as of July 1, 2002. | |||
| SOURCE: "Costs of Identity Theft in the Last Year," in Federal Trade Commission—Identity Theft Survey Report, U.S. Federal Trade Commission, September 2003, http://www.ftc.gov/os/2003/09/synovatereport.pdf (accessed November 11, 2004) | |||
| Victims in the last year | |||
| Percent of population | 1.5% | Credit card – 2.4% nor credit card – 0.7% |
4.6% |
| Number of persons2 | 3.23 million | 6.68 million | 9.91 million |
| Loss to businesses, inc. financial institutions | |||
| Average per victim1 | $10,200 | $2,100 | $4,800 |
| Total | $32.9 billion | $14.0 billion | $47.6 billion |
| Lose to victims | |||
| Average per victim | $1,180 | $160 | $500 |
| Total | $3.8 billion | $1.1 billion | $5.0 billion |
| Hours victims spent resolving their problems | |||
| Average per victim | 60 hours | 15 hours | 30 hours |
| Total | 194 million hours | 100 million hours | 297 million hours |
Identity Thieves
Identity thieves can operate alone or as a part of large crime organization. They can be someone the victim knows or a complete stranger. They gather personal information in various ways, stealing wallets and checkbooks or going through trash bins outside of homes and businesses to dig out credit card statements, old check books, and receipts. Some pilfer financial statements and other private information from open mailboxes. Since the mid-1990s, many thieves have turned to the Internet to steal information. In fact, the widespread use of the Internet coincided directly with the dramatic increase in identity theft nationwide.
There are a number of ways in which thieves use the Internet to retrieve personal information. Tech-savvy crooks will often take the direct method and hack into business and bank servers and make off with hundreds of credit card numbers. Most identity thieves, however, do not employ such sophisticated methods. According to Duncan Graham-Rowe in "Internet Fuels Boom in ID Theft" (New Scientist, March 13, 2003), one of the easiest ways to steal identities is simply to use a search engine such as Google. Many people naively post all manner of personal information on home and even office Web sites, including their Social Security number, date of birth, mother's maiden name, current address, and phone number. Simply typing "driver's license" or "passport" into
FIGURE 4.2
the Google image search engine yields hundreds of photos of driver's licenses and passports from around the country. Businesses that keep lists of Social Security and credit card numbers sometimes inadvertently place the information in an insecure location. For a patient identity thief, the Internet is a treasure trove.
Another technique thieves use to acquire personal information is known as "phishing." Thieves will often send out bogus e-mails to scores of people. Typically, these e-mails will look like authentic e-mails from a prominent Internet service provider or bank. The e-mail will inform the receiver that there is something wrong with his or her account and that the problem can be fixed by clicking on a hyperlink. When the victim does click on the link, the victim is then taken to an official-looking site where he or she is asked to provide passwords, Social Security information, and even credit card information. The moment the victim types in their personal information, the thief has them. Once crooks have a credit card in another person's name, the Internet makes it easier to purchase items as well. No longer do crooks have to risk being caught using someone else's account in a shopping mall or grocery store.
Auction Fraud
Outside of identity fraud, the biggest fraud perpetrated in 2003 was auction fraud. (See Figure 4.4.) In 2003 the FTC received some 77,500 complaints of auction fraud. Internet auction fraud is usually very straightforward. Typically, a con artist advertises merchandise on an auction site such as eBay until a buyer is found. The buyer then sends a payment but receives no merchandise.
FIGURE 4.3
The Internet Fraud Complaint Center (IFCC) annual report profiles several cases that they have helped solve each year. In one instance in 2002 a woman named Teresa Smith stole more than $800,000 from over three hundred people in an auction fraud involving computer sales. She operated out of an office in West Boylston, Massachusetts, where she put computers up for auction on eBay, receiving payments but not shipping the merchandise. When customers accused Smith of foul play, she gave them an excuse, often maintaining that the computer had been lost in the mail. Each time eBay shut down her account, she opened a new one under a different false name.
More elaborate auction frauds have also been set up to trick the seller. In a 2002 FTC case a con artist created a phony escrow company to avoid paying the seller. Legitimate escrow companies act as mediators; they hold onto the payment owed to a seller while the buyer has a chance to test the merchandise and see that it works. When the buyer gives approval, the escrow company sends the money to the seller. The phony escrow outfit in the FTC case, blandly named premier-escrow.com, was owned by a scam artist who bought items in auctions and then informed the sellers that he would like to use premierescrow.com. The sellers, thinking the thief's money was secure in an escrow company, would send the merchandise to the thief.
Other Types of Online Fraud
While auction fraud and identity theft made up the vast majority of fraudulent activity on the Web, countless other frauds have been perpetrated over the years. These
FIGURE 4.4
ranged from false merchandise advertised on a phony Web page to work-at-home e-mail schemes in which the victim was told to send in money as an initial investment. One of the more famous e-mail scams of the early twenty-first century was the Nigerian letter fraud scam, which had been circulating via traditional mail since the early 1980s. In its electronic form, an e-mail purportedly from a "Nigerian dignitary" informed the victim that he or she had the opportunity to receive vast sums of money currently being held in Nigeria. When the victim responded to the message, he or she was then told that the Nigerian dignitary required money in advance, usually to bribe government officials, so that the funds could be released and deposited in the victim's account. In 2002 the IFCC yearly report revealed that seventy-four U.S. individuals had sent money to perpetrators of this scam and lost a total of nearly $1.6 million.
Still other, more elaborate scams were designed to manipulate the stock market. Such scams were particularly effective in the late 1990s during the stock market bubble. The best known of these was the "pump-and-dump" scam. The criminals invested in a stock that was lightly traded and then tricked online investors into buying it. Typically, this involved posting fake documents and press releases on financial Web sites, telling investors that the company was either about to be bought out or had developed a new, money-making product. In other instances, scam artists bribed lesser-known stock pundits to tout the lifeless stock. After the stock took off, the criminals simply sold their holdings, leaving other investors holding the bag.
User Comments Add a comment…