Corporate computer security professionals should be aware that Internet fraud is not only growing in frequency but also expanding in scope, security experts warned at a cybercrime conference last week.
Despite recent surveys that indicate consumers are feeling more comfortable conducting online business transactions, the number of Internet-related fraud complaints jumped from 220,000 in 2001 to 380,000 in 2002, according to statistics released last month by the U.S. Federal Trade Commission. But what has law enforcement officials especially concerned is the wide range of tactics and targets that criminals are now pursuing online.
Jonathan Rusch, special counsel for fraud prevention at the U.S. Department of Justice, said criminals aren't just using the Internet to conduct traditional identity theft and investment fraud. They're engaging in such activities as setting up legitimate business enterprises and spoofing Web sites of other companies in an effort to defraud customers who deal with those companies online.
Rusch said criminals are increasingly making use of software to expedite their scams, including the wholesale copying of HTML code from corporate Web sites to trick customers into sharing personal financial information. As a result, 45 percent of dual-channel retailers last year reported losing more from online fraud than from fraud in their bricks-and-mortar operations, Rusch said.
In addition to harvesting personal data for identity theft, experts say criminals are using fake e-mails with spoofed headers that provide links to replicas of legitimate corporate Web sites where the difference in the Web address is so minor that it often goes unnoticed by consumers.
"It will look just like eBay, but it won't be eBay," said Joseph Sullivan, senior counsel at eBay Inc. and a former federal cybercrime prosecutor. "There are probably 50 fake escrow sites up on the Internet right now."
Sullivan said Eastern European organized crime groups have initiated a campaign to target eBay and its business partners, including the online payment processor PayPal, which it acquired in November.
To battle organized fraud rings, eBay is working closely with law enforcement agencies. The company has even set up "undercover accounts" that can guarantee law enforcement agents become the highest bidders during suspected fraudulent online auctions. In one such case, an IT worker from a major computer manufacturer, one of many that liquidate excess stock on eBay, was caught selling equipment from his IT shop "one piece at a time," said Sullivan.