Fraud is defined as criminal activity that is committed by deceptive methods and intended to bring financial or other types of material gains to the criminal from the victim. Fraud is unlike other types of crimes that are committed by using some sort of force such as assault or breaking and entering, and involves some sort of lying or other deception. Rather than using force, the criminal who uses fraud misrepresents themselves or the situation in order to entice the victim to willingly hand over money or other valuable goods (Yar, 2006).
The Internet has provided criminals with new avenues to commit fraud. The architecture of the Internet consists of several individual networks tied together, with no one single owner and no overall central governance or oversight. The relative anonymous nature of the Internet allows criminals to mask and change their identities and locations frequently. By using virtual private networks that connect to Internet presence points in other countries and using anonymous browsers such as Tor, criminals can obscure their criminal Internet activity, making it difficult for law enforcement to track and capture them. It is also fairly easy to set up websites and email on the Internet to make a fraudulent operation appear legitimate to potential victims.
In May 2000, the Internet Crime Complaint Center (IC3) was established by the Federal Bureau of Investigations (FBI). IC3â€™s mission is to raise public awareness on Internet-related criminal activity by providing a way for the public to report complaints and by building partnerships between law enforcement agencies and industry (Internet Crime Complaint Center, 2019). While the IC3 is based in the United States, they also respond to complaints from across the globe. Since 2000, the IC3 has received 4,415,870 complaints about Internet-related criminal activity, and received a average of 300,000 complaints annually between 2013 and 2018 (2018 IC3 Annual Report, 2018).
According to the IC3, the majority of Internet-related criminal activity are cases involving some type of fraud. The top three types of complaints received by the IC3 include non-payment or non-delivery of goods ordered from websites, phishing, and business email compromise (BEC). Business email compromise is a quickly growing area of Internet-related criminal activity and involves the transfer of funds or other valuable data from a victim through unauthorized access to a computer or system. Over the past year, there has been a 100% increase in BEC activity as criminals find new ways to exploit victims by accessing their personally identifiable information (PII) or business and personal financial accounts. BEC scammers often use email phishing or social engineering attacks to direct the victim to unknowingly take fraudulent action, or to steal their credentials by sending them to a malicious site (Gatlan, 2019).
BEC scams are usually successful because the scammers often appear legitimate by masking their identity as someone the victim would be likely to trust, such as the victim’s business owner or known business partner. The IC3 estimates that BEC scams total around $26 billion, with BEC scams reported in all 50 states and in 177 countries around the world, with the majority of the fraudulent wire transfers sent to China and Hong Kong (Gatlan, 2019).
2018 IC3 Annual Report. (2018). Retrieved from Federal Bureau of Investigation: https://pdf.ic3.gov/2018_IC3Report.pdf
Gatlan, S. (2019, September 10). Business Email Compromise Is a $26 Billion Scam Says the FBI. Retrieved from Bleeping Computer: https://www.bleepingcomputer.com/news/security/bus…
Internet Crime Complaint Center. (2019, Oct 2). Retrieved from Federal Bureau of Investigation: https://www.ic3.gov/about/default.aspx
Yar, M. (2006). Cybercrime and Society. London: Sage Publications.