Risk
5/14/2012
01:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

ID Theft, Online Fraud Rose Slightly In 2011

Internet crime reports increased 3.4% in 2011 as compared to 2010, finds Internet Crime Complaint Center. Some old scams remain popular.

Defense Robots: Fast, Flexible, And Tough
Defense Robots: Fast, Flexible, And Tough
(click image for larger view and for slideshow)
For the third consecutive year, the public-private Internet Crime Complaint Center (IC3) logged more than 300,000 complaints of Internet crime such as identity theft and online fraud, totaling $485.3 million in losses, the IC3 announced Friday in its annual Internet crime report.

The report, which surveys Internet crime reported to IC3 in 2011, indicates that complaints were up 3.4% as compared to 2010, though they remain down from 2009's peak. The 12-year-old IC3 is a partnership among the FBI's Cyber Division, the Department of Justice's Bureau of Justice Assistance, and the National White Collar Crime Center that collects complaints of Internet crime from the public and shares information with law enforcement.

The report analyzes complaints from around the country, with some coming in from other countries as well. Unsurprisingly, the states with the largest number of complaints include some of the most heavily populated states. The top five states by number of complaints were California, Florida, Texas, New York, and Ohio, in that order.

The stats are a bit different when adjusted for rates of Internet crime per capita. Here, Alaska held the top spot, with a 30.1% higher per capita rate than the next worst victim, the District of Columbia. New Jersey, Nevada, and Colorado rounded out the top five for per capita complaints.

[ What are government pros most concerned about? See our exclusive InformationWeek Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats. ]

In terms of demographics, people aged 40 to 59 registered the most complaints, with 43% of total complaints coming from that age group. The next biggest group of victims were those aged 20 to 30, followed by those 60 and older and, finally, those under 20 years old.

Although IC3 received 314,246 Internet crime complaints in 2011, only 36.9% of those complaints, or 115,903, resulted in actual financial loss. The average loss among those reporting financial losses was $4,187, and the median was $636, indicating that Internet criminals are not content just to skim pennies off the dollar.

The top five crime types were: FBI-related scams in which criminals posed as the FBI; identity theft; advance fee fraud, in which criminals attempted to convince victims to pay an advance fee for something of value that would never be delivered to the victim; non-delivery of purchased merchandise; and overpayment.

Some of the most commonly reported crimes included auto-auction fraud in which people sold vehicles that they never owned (4,066 complaints totaling $8.2 million in losses); romance scams in which scammers sought money, frequently from older and divorced or widowed individuals (5,663 complaints totaling $50.4 million); work-from-home scams in which criminals recruit "workers" for false jobs that are actually covers for theft (17,532 complaints totaling $20.1 million); and loan intimidation scams (9,968 complaints totaling $8.2 million).

Some of the complaints IC3 has received over the past few years have led to criminal convictions and other positive outcomes. For example, complaints received beginning in July 2007 led to the extradition of a Nigerian citizen to the United States for allegedly defrauding law firms of more than $29 million in a debt collection scam, and complaints in 2009 about a dietary aid company that sells supplements online led to $3 million in reimbursements and a $51,000 attorneys' fees agreement.

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformqtionWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zaga
50%
50%
Zaga,
User Rank: Apprentice
5/18/2012 | 9:08:40 PM
re: ID Theft, Online Fraud Rose Slightly In 2011
Most online companies are afraid of implementing fraud prevention measures because they think about: 1) Customer friction 2) Increase costs of operation. Companies with this mindset are already behind: the largest websites are allowing users to telesign in. The technology is here already..
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?