Much as California was the hot destination for gold prospectors looking to strike it rich, the Internet is fast becoming the new nexus for fraud, scams, and identity theft -- and the losses appear to be mounting.
A new report issued on April 4 by the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation's (FBI) Bureau of Justice Assistance and the National White Collar Crime Center, claims that US citizens lost $239 million in various Internet-based fraud schemes, up from $198 million in 2006. The median dollar loss was $680 per complaint.
The IC3 compiled the data from the complaints it receives and processes from citizens, of which it received 206,884 for 2007, a slight decrease from 2006. The center said it processed roughly 17,240 complaints per month. Among the findings in the IC3 report:
The highest dollar loss per incident was reported by Internet-based investment and retirement scams, with a median loss of $3,547 per complaint. Other high-loss categories were check fraud ($3,000) and Nigerian scams ($1,922). The lowest dollar loss was associated with credit/debit card fraud, at $298 per incident.
Measuring by states, California had the highest number of reported fraud perpetrators at 15.8 percent, followed by Florida at 10 percent, and New York at 9 percent. In terms of population density, the District of Columbia had the highest rate of fraud by far, at 99 percent per 100,000 individuals in a region.
Men made up the largest numbers of both perpetrators and complainants. Over 75 percent of the perpetrators reported were male, while the average complainant was a man between 40 and 49 years of age, and a resident of California, Florida, Texas, or New York.
Email was the preferred method of interaction between the fraud perpetrator and the victim at 73.6 percent, followed by Web site visitations at 32 percent, interactions via telephone at 18 percent, or chats via an instant-messaging service at 11 percent.
The highest overall category of fraud involved Internet auction services such as eBay, followed by non-delivery of goods ordered online or via advertising services such as Craigslist.
The FBI and outside security analysts were quick to point out that the reported crimes and complaints they received through IC3 and other sources represented only a fraction of the actual levels of crime and fraud that may be occurring, due to the lack of reporting information on cybercrime from industries and businesses.
"The Internet presents a wealth of opportunity for would be criminals to prey on unsuspecting victims, and this report shows how extensive these types of crime have become," said FBI Cyber Division Assistant Director James E. Finch. "What this report does not show is how often this type of activity goes unreported."
Victims may also mischaracterize the type of crime committed against them, viewing a loss of money from visiting a spoofed eBay site as an auction scam, when it was in fact a "phishing scam," the report said. Because Internet-based crimes often use overlapping methods, categorizing them to provide accurate statistics can prove difficult.
The Stats Game
The lack of effective reporting by industries on losses from fraud hampers the ability of investigators to build an accurate picture of how serious Internet-based crimes really are. Consumers also often fail to report crimes or losses from fraud, as the investigation process can take months of frustration, with little to show in the way of actual gains.
The end result is a number of dueling claims as to how much cybercrime is actually costing and where it comes from. US Treasury cybercrime advisor Valerie McNiven once famously claimed that Internet crime outpaced the global drug trade for profitability in 2004, amassing $105 billion in stolen funds. Although many in the security industry disputed the claim as too high, it also remains difficult to disprove.
Working solely from voluntarily reported complaints, the Federal Trade Commission determined that consumer fraud totaled $1.2 billion for 2007, with an average financial loss of $349 per individual.
Credit card fraud was the most common form of reported identity theft at 23 percent, followed by utilities fraud at 18 percent, employment fraud at 14 percent, and bank fraud at 13 percent.
Using FTC complaint data gathered over several years, privacy expert Chris Hoofnagle was able to piece together that many of the world's largest corporations' customer records were the most frequently pilfered for identity theft and related fraud. But Hoofnagle cautioned that his findings were only a first attempt, and that without better reporting by financial institutions, no one could really determine the true costs of any kind of fraud, online or off.