xxiv Internet Fraud
Fraud and Theft
Computer systems can be exploited for the purpose of conducting fraudu-
lent activities and for outright theft. Such criminal acts are accomplished by
“automating” traditional methods of fraud and by inventing and using new
methods, which are constantly being created by enterprising criminal
minds. For example, individuals carrying out such criminal activity may use
computers to transfer a company’s proprietary customer data to computer
systems that reside outside the company premises, or they may try to use or
sell this valuable customer data to that company’s competitors. Their
motives may be for profit; they may be for inflicting damage to the victim-
ized company to compensate for some perceived injustice; or they may just
be perpetrating an act of malicious behavior for their entertainment or
bragging rights. Computer fraud and theft can be committed by both com-
pany insiders and outsiders, but studies have shown that most corporate
fraud is committed by company insiders [3].
In addition to the use of technology to commit fraud, computer hard-
ware and software resources may be vulnerable to theft. Actual examples
include the theft of unreleased software and storage of customer data in
insecure places, such as anonymous FTP accounts, so that it can be
accessed and stolen by outsiders. The exposure of data to these threats gen-
erates a secondary threat for a company: loss of credibility and possible lia-
bility for damages as a result of premature release of information; exposure
or loss of information; and so on. Preventative measures that should be
taken here are quite simple but are often overlooked. Implementation of
efficient access control methodologies, periodic auditing, and firewall
usage can, in most cases, prevent fraud from occurring—or at least make it
more easily detected.
Internet Fraud
The meteoric rise in fraud perpetrated over the Internet has brought about
the classification of nine types of fraud, developed from the data reported to
the Internet Fraud Complaint Center (IFCC) [4]. Analysts at the IFCC
receive Internet fraud complaints and sort them into one of the nine afore-
mentioned fraud categories:
1. Financial Institution Fraud—A knowing misrepresentation of
the truth or concealment of a material fact by a person to induce
Internet Fraud xxv
Introduction
a business, organization, or other entity that manages money,
credit, or capital to perform a fraudulent activity [5]. Credit/debit
card fraud is an example of financial institution fraud that ranks
among the most commonly reported offenses to the IFCC. Iden-
tity theft also falls into this category; cases classified under this
heading tend to be those where the perpetrator possesses the com-
plainant’s true name identification (in the form of a Social Secu-
rity card, driver’s license, or birth certificate), but there has not
been a credit or debit card fraud committed.
2. Gaming Fraud—Risking something of value, especially money,
for a chance to win a prize when there is a misrepresentation of
the odds or events [6]. Sports tampering and claiming false bets
are two examples of gaming fraud.
3. Communications Fraud—A fraudulent act or process in which
information is exchanged using different forms of media. Thefts
of wireless, satellite, or landline services are examples of commu-
nications fraud.
4. Utility Fraud—A knowing misrepresentation or intention to
harm by defrauding a government regulated entity that performs
an essential public service, such as the supply of water or electrical
services [7].
5. Insurance Fraud—A misrepresentation by the provider or the
insured in the indemnity against loss. Insurance fraud includes
the “padding” or inflating of actual claims, misrepresenting facts
on an insurance application, submitting claims for injuries or
damage that never occurred, and “staging” accidents [8].
6. Government Fraud—A knowing misrepresentation of the truth
or concealment of a material fact to induce the government to act
to its own detriment [9]. Examples of government fraud include
tax evasion, welfare fraud, and counterfeit currency.
7. Investment Fraud—Deceptive practices involving the use of cap-
ital to create more money, either through income-producing vehi-
cles or through more risk-oriented ventures designed to result in
capital gains [10]. Ponzi or pyramid schemes and market manipu-
lation are two types of investment fraud.
8. Business Fraud—The knowing misrepresentation of the truth or
concealment of a material fact by a business or corporation [11].
Examples of business fraud include bankruptcy fraud and copy-
right infringement.
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
