Risk
5/14/2012
01:27 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

ID Theft, Online Fraud Rose Slightly In 2011

Internet crime reports increased 3.4% in 2011 as compared to 2010, finds Internet Crime Complaint Center. Some old scams remain popular.

Defense Robots: Fast, Flexible, And Tough
Defense Robots: Fast, Flexible, And Tough
(click image for larger view and for slideshow)
For the third consecutive year, the public-private Internet Crime Complaint Center (IC3) logged more than 300,000 complaints of Internet crime such as identity theft and online fraud, totaling $485.3 million in losses, the IC3 announced Friday in its annual Internet crime report.

The report, which surveys Internet crime reported to IC3 in 2011, indicates that complaints were up 3.4% as compared to 2010, though they remain down from 2009's peak. The 12-year-old IC3 is a partnership among the FBI's Cyber Division, the Department of Justice's Bureau of Justice Assistance, and the National White Collar Crime Center that collects complaints of Internet crime from the public and shares information with law enforcement.

The report analyzes complaints from around the country, with some coming in from other countries as well. Unsurprisingly, the states with the largest number of complaints include some of the most heavily populated states. The top five states by number of complaints were California, Florida, Texas, New York, and Ohio, in that order.

The stats are a bit different when adjusted for rates of Internet crime per capita. Here, Alaska held the top spot, with a 30.1% higher per capita rate than the next worst victim, the District of Columbia. New Jersey, Nevada, and Colorado rounded out the top five for per capita complaints.

[ What are government pros most concerned about? See our exclusive InformationWeek Federal IT Survey: Hacktivists, Cybercriminals Are Top Threats. ]

In terms of demographics, people aged 40 to 59 registered the most complaints, with 43% of total complaints coming from that age group. The next biggest group of victims were those aged 20 to 30, followed by those 60 and older and, finally, those under 20 years old.

Although IC3 received 314,246 Internet crime complaints in 2011, only 36.9% of those complaints, or 115,903, resulted in actual financial loss. The average loss among those reporting financial losses was $4,187, and the median was $636, indicating that Internet criminals are not content just to skim pennies off the dollar.

The top five crime types were: FBI-related scams in which criminals posed as the FBI; identity theft; advance fee fraud, in which criminals attempted to convince victims to pay an advance fee for something of value that would never be delivered to the victim; non-delivery of purchased merchandise; and overpayment.

Some of the most commonly reported crimes included auto-auction fraud in which people sold vehicles that they never owned (4,066 complaints totaling $8.2 million in losses); romance scams in which scammers sought money, frequently from older and divorced or widowed individuals (5,663 complaints totaling $50.4 million); work-from-home scams in which criminals recruit "workers" for false jobs that are actually covers for theft (17,532 complaints totaling $20.1 million); and loan intimidation scams (9,968 complaints totaling $8.2 million).

Some of the complaints IC3 has received over the past few years have led to criminal convictions and other positive outcomes. For example, complaints received beginning in July 2007 led to the extradition of a Nigerian citizen to the United States for allegedly defrauding law firms of more than $29 million in a debt collection scam, and complaints in 2009 about a dietary aid company that sells supplements online led to $3 million in reimbursements and a $51,000 attorneys' fees agreement.

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformqtionWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zaga
50%
50%
Zaga,
User Rank: Apprentice
5/18/2012 | 9:08:40 PM
re: ID Theft, Online Fraud Rose Slightly In 2011
Most online companies are afraid of implementing fraud prevention measures because they think about: 1) Customer friction 2) Increase costs of operation. Companies with this mindset are already behind: the largest websites are allowing users to telesign in. The technology is here already..
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5704
Published: 2014-04-15
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2013-5705
Published: 2014-04-15
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVE-2014-0341
Published: 2014-04-15
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to ob...

CVE-2014-0342
Published: 2014-04-15
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

CVE-2014-0348
Published: 2014-04-15
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding...

Best of the Web