Risk
2/25/2011
03:41 PM
Connect Directly
RSS
E-Mail
50%
50%

Identify Theft, Financial Scams Top Internet Crimes List

The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.

Failure to pay or deliver merchandise, scams in which someone impersonates the FBI, and identity theft were the top three Internet crime complaints last year, according to the FBI/National White Collar Crime Center's Internet Crime Complaint Center (IC3). Victims of these crimes reported losing hundreds of millions of dollars, the center said.

The IC3, which has logged Web-based crime complaints for 10 years, released its 2010 Internet Crime Report (PDF) this week. Last year, the center received 303,809 complaints -- or an average of about 25,000 per month -- mainly reported by men between the ages of 40 and 59 years old living in the U.S. states of California, Florida, Texas, or New York.

Computer crimes, and various forms of fraud -- including advance-fee, spam, auction, credit card, overpayment, and miscellaneous types -- rounded out the top 10 complaints lodged to the IC3 in 2010, according to the report.

The center has recorded more than 2 million complaints about attempts to defraud people via the Internet since its inception.

While men still predominantly report Internet crimes to the center, the previous ratio of men reporting crimes 2.5 to 1 over women has dramatically narrowed, according to IC3. Now women are reporting crimes nearly equally, according to the report.

Though middle-aged people file the biggest number of complaints, those in the 60-and-over age group account for the demographic with the biggest rise in complaints in the IC3's 10-year history, according to the report.

The FBI does not investigate all of the claims it receives, but 121,710 of the ones reported in 2010 did meet the criteria -- some of which is based on the financial nature of the crime. In those cases, the agency refers the crime to the appropriate law-enforcement agency at the federal, state, or local level.

The FBI has used technology to improve investigations based on IC3 complaints in recent years. The search process is now automated, so law-enforcement analysts investigating the crimes can more easily find patterns on which to build cases. Law enforcement agencies in different jurisdictions, but investigating the same or similar cases, also have better information-sharing tools, according to the FBI.

In addition to complaints from the U.S., the IC3 also fielded complaints from people overseas in 2010, mainly from residents in Canada, the United Kingdom, Australia, and India.

When the center had information about the people committing the crimes, it found that nearly 75% were men living in California, the District of Columbia, Florida, New York, Texas, and Washington. When perpetrators lived outside of the country, they were mainly from the United Kingdom, Nigeria, and Canada, according to the report.

The report also includes information about alerts the IC3 put on in 2010 around specific Internet scams people reported.

One concerned online apartment- and house-rental scams, while another used denial-of-service attacks on cell phones and landlines as a ruse to access victims' bank accounts. Yet another Internet scam involved people sending fake e-mails looking for donations to disaster-relief efforts after last year's massive earthquake in Haiti.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.