FBI/IC3: Impersonation, intimidation and scams, yep that’s the Internet

FBI and Internet Crime Complaint Center (IC3) issued their annual look at the state of the dark side of the Internet

The FBI and Internet Crime Complaint Center (IC3) issued their annual look at the state of the dark side of the Internet which is indeed thriving with all manner of scams and intimation tactics being used by criminals.

[RELATED: An inside look at the fraud blight]

[RELATED: FTC: Identity theft retains its throne as No.1 worst scourge in Top 10 consumer complaint list]

 While complaints filed with the IC3 are down slightly through 2012 over 2011 (289,874 v. 314,246, respectively), losses from online scams are up over 8% topping out at over $525 million through the same time period.

The most common complaints received in 2012 included FBI impersonation e-mail scams, various intimidation crimes, and scams that used computer scareware to extort money from Internet users.

From the IC3 report, a more detailed look at the most common scams and online problems:

  • Auto Fraud: In fraudulent vehicle sales, criminals attempt to sell vehicles they do not own. An attractive deal is created by advertising vehicles for sale on various online platforms at prices below market value. Often the fraudsters claim they must sell the vehicles quickly because they are relocating for work, being deployed by the military, or have a tragic family circumstance and are in need of money. Because of the exigent circumstances, criminals refuse to meet in person or allow inspection of the vehicles prior to the sale. To make the deal appear legitimate, the criminal instructs the victim to wire full or partial payment to a third-party agent via a wire transfer service, and to fax the payment receipt to the seller as proof of payment. The criminal pockets the money but does not deliver a vehicle. In a new twist, the criminals have attempted to pose as dealers instead of individuals selling a single car. This allows them to advertise multiple vehicles for sale at one time on certain platforms, potentially exposing more victims to the scam.
  • FBI Impersonation E-mail Scam: An oldie but a goodie. The names of various government agencies and highranking government officials have been used in spam attacks in an attempt to defraud consumers. Government agencies do not send unsolicited e-mails. Complaints related to spam e-mails purportedly sent from the FBI continued to be reported with high frequency to the IC3. In 2012, the IC3 received about 47 complaints per day of this type. With an average adjusted loss of approximately $141 per complaint, victims reported losing more than $6,604 to this scam every day. Complaints that directly spoof the name of FBI Director Robert Mueller continue to make up a large part of the government impersonation e-mail scams. Those complaints include elements of Nigerian scam letters (also known as 419 scams) incorporating get-rich inheritance scenarios, bogus lottery winning notifications and occasional extortion threats. A vast majority of the Mueller spoof complaints are simply reports of probable fraud with no monetary losses incurred by the filer. Nevertheless, the spoofs continue to pose a viable threat to national security.

Intimidation and extortion scams have evolved over the years to include some of the following scams, again from the IC3 report:  

  • Telephone Calls: In a twist to the pop-up scareware scheme, victims began receiving telephone calls from individuals allegedly claiming to be from legitimate well-known software companies. The victims of these calls were advised malware had been detected on their computers and posed an impending threat. The fraudsters tried to instill a feeling of urgency so victims would take immediate action and log on to their computers. Once the victims logged in, the fraudsters directed them to the utility area of the computers, where they appeared to demonstrate how the computers were infected. The fraudsters offered to rid the computers of the malware for fees ranging from $49 to $450. When the victims agreed to pay the fees, they were directed to a website where they entered a code or downloaded a software program that allowed the fraudsters remote access to their computers.
  • Payday Loan: The payday loan scam involves victims receiving harassing telephone calls from individuals claiming they are delinquent in payments. The callers purport to be representatives of federal government agencies, various law firms and other legitimate sounding agencies. The callers have accurate information associated with the victims, including Social Security number, date of birth, address, employer information, bank account numbers, and names and telephone numbers of relatives and friends. The callers claim to be collectors for debt-collecting companies. The fraudsters are relentless in the number of calls made to the victims' homes, cell phones and places of employment. The callers will not provide any details of the alleged payday loans and become abusive when questioned. The fraudsters threaten the victims with legal actions, arrests, and in some cases, physical violence if they refuse to pay. Often, the callers resort to harassment of the victims' relatives, friends and employers. The fraudsters asked some victims to fax a statement agreeing to pay a specified amount via a prepaid money card. It also stated the victim would never dispute the debt. In a slight twist to the scam, the fraudster advised not only were there warrants for the victims for non-payment, but there were also warrants for hacking into a specific business with the intent of obtaining customer information.
  • Process Server: The fraudsters added a somewhat different approach to their intimidation tactics when a person purporting to be a process server for the court appeared at a victim's place of employment and at the home of another victim allegedly to serve papers for a court date. The process server requested a debit card number for payment to be made in order to avoid the court process.
  • The Grandparent Scam: A telephone scam targeting grandparents, and appropriately named "The Grandparent Scam," has continued to resurface over the years. The scam involves fraudsters calling elderly individuals claiming to be a grandson or granddaughter or other young relative in a legal or financial crisis. The crises generally involve claims of being arrested or in a car accident in another country. The callers create a sense of urgency and make a desperate plea for money, begging the grandparents not to tell the parents while often crying to help prevent the potential victims from discovering the scam. The callers also impersonated third parties, such as an attorney or an official, like a U.S. Embassy representative. Once the potential victims appear to believe the caller, they are provided instructions to wire money to a specified individual, often referred to as a bail bondsman, in order for their grandchild to be released by foreign law enforcement. Investigations have determined potential victims were identified via mass-produced lead lists that target specific demographics. Complaints reported the callers were from Canada, the United States, Mexico, Haiti, Guatemala, Peru and the Dominican Republic. To further obfuscate themselves, the callers used telephone numbers generated by free apps, so the bogus telephone number appears on the recipient's caller ID.
  • Hit Man Scam: The IC3 began receiving reports about the hit man/extortion e-mail scheme seven years ago, and over time the content of the hit man e-mails has changed, but the intent remains the same - to defraud people through disturbing e-mails. The scam originated as a person sending an e-mail portraying himself as a hit man hired to kill the victim. The e-mail instructed the recipient to pay an amount of money to ensure the hit man did not carry out the death contract. Although the e-mails were unnerving for the recipients, the IC3 did not receive reports of loss of life or money. More recently the scammers started to utilize social media to gather personal information about the recipient. Popular social networking sites provide a wealth of information for scammers. Limiting the amount of personal information published online is a good practice for consumers seeking to minimize the chance that they will be
  • Scareware/Ransomware: Extorting money from consumers by intimidating them with false claims pretending to be the federal government watching their Internet use and other intimidation tactics have evolved over the years to include some of the below highlighted scams.
  • Pop-up Scareware Scheme: In mid-2008, the IC3 identified a trend in which victims reported they received pop-up messages alerting them that their computers were infected with numerous viruses. The pop-ups, known as scareware or fake or rogue anti-virus software, cannot easily be closed by clicking "close" or the "X" button. The scareware baited users into purchasing software that would allegedly remove viruses from their computers. If the users clicked on the pop-ups to purchase the software, forms to collect payment information appeared and the users were charged for the bogus products. The scareware showed a list of reputable software icons; however, links to the websites were not operational. In some instances, whether the users clicked on the pop-ups or not, the scareware installed malicious code onto the computers. The aggressive tactics of the scareware have caused significant losses to users.
  • Citadel Malware: The Citadel malware is another attempt to extort money from Internet users through intimidation. The malware delivers ransomware named Reveton. Once the ransomware is installed, the user's computer freezes and a warning of a violation of U.S. federal law displays on the screen. To intimidate the user further, the message declares the user's IP address was identified as visiting child pornography and other illegal content. The user is instructed to pay a fine to the U.S. Department of Justice using prepaid money card services in order to unlock the computer. In addition to installing the ransomware, the Citadel malware continued to operate on the compromised computer and could be used to commit online banking and credit card fraud.
  • IC3 Ransomware: The latest version of ransomware reported via complaints uses the name of the Internet Crime Complaint Center in an attempt to extort money from Internet users. As in the Citadel malware example, the victims' computers are hijacked, and a screen displays a warning of federal law violations. The victims are instructed to pay a fine to unlock their computers using prepaid money card services. If they do not comply in a specified time frame, they are told they could face prosecution.

The states with the most Internet complaints were:

California

Florida

Texas

 New York

Illinois

Pennsylvania

Georgia

Virginia

New Jersey

Washington

The states with the least amount of complaint included:

Rhode Island

New Hampshire

Montana

District of Columbia

Wyoming

South Dakota

Vermont

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

NASA lurches toward 2014 unmanned aircraft competition

DARPA moves to create high-power but very cool (literally) cathode technology

Remembering the little desk lamp that could: Pixar's "Luxo, Jr. "

IBM premiers world's smallest movie  - starring 10,000 atoms

DARPA wants huge Holy Grail of mobile ad hoc networks

More weirdness at TSA passenger screening: Human skull fragments

Getting junk out of Earth's orbit needs more urgency

IBM robotic coworker will help engineers fix broken systems

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.