Risk
2/25/2011
03:41 PM
50%
50%

Identify Theft, Financial Scams Top Internet Crimes List

The FBI's Internet Crime Complaint Center received more than 300,000 reports of Internet crime in 2010, according to its annual report.

Failure to pay or deliver merchandise, scams in which someone impersonates the FBI, and identity theft were the top three Internet crime complaints last year, according to the FBI/National White Collar Crime Center's Internet Crime Complaint Center (IC3). Victims of these crimes reported losing hundreds of millions of dollars, the center said.

The IC3, which has logged Web-based crime complaints for 10 years, released its 2010 Internet Crime Report (PDF) this week. Last year, the center received 303,809 complaints -- or an average of about 25,000 per month -- mainly reported by men between the ages of 40 and 59 years old living in the U.S. states of California, Florida, Texas, or New York.

Computer crimes, and various forms of fraud -- including advance-fee, spam, auction, credit card, overpayment, and miscellaneous types -- rounded out the top 10 complaints lodged to the IC3 in 2010, according to the report.

The center has recorded more than 2 million complaints about attempts to defraud people via the Internet since its inception.

While men still predominantly report Internet crimes to the center, the previous ratio of men reporting crimes 2.5 to 1 over women has dramatically narrowed, according to IC3. Now women are reporting crimes nearly equally, according to the report.

Though middle-aged people file the biggest number of complaints, those in the 60-and-over age group account for the demographic with the biggest rise in complaints in the IC3's 10-year history, according to the report.

The FBI does not investigate all of the claims it receives, but 121,710 of the ones reported in 2010 did meet the criteria -- some of which is based on the financial nature of the crime. In those cases, the agency refers the crime to the appropriate law-enforcement agency at the federal, state, or local level.

The FBI has used technology to improve investigations based on IC3 complaints in recent years. The search process is now automated, so law-enforcement analysts investigating the crimes can more easily find patterns on which to build cases. Law enforcement agencies in different jurisdictions, but investigating the same or similar cases, also have better information-sharing tools, according to the FBI.

In addition to complaints from the U.S., the IC3 also fielded complaints from people overseas in 2010, mainly from residents in Canada, the United Kingdom, Australia, and India.

When the center had information about the people committing the crimes, it found that nearly 75% were men living in California, the District of Columbia, Florida, New York, Texas, and Washington. When perpetrators lived outside of the country, they were mainly from the United Kingdom, Nigeria, and Canada, according to the report.

The report also includes information about alerts the IC3 put on in 2010 around specific Internet scams people reported.

One concerned online apartment- and house-rental scams, while another used denial-of-service attacks on cell phones and landlines as a ruse to access victims' bank accounts. Yet another Internet scam involved people sending fake e-mails looking for donations to disaster-relief efforts after last year's massive earthquake in Haiti.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4793
Published: 2014-12-27
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

CVE-2013-5958
Published: 2014-12-27
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a si...

CVE-2013-6041
Published: 2014-12-27
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

CVE-2013-6043
Published: 2014-12-27
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

CVE-2013-6227
Published: 2014-12-27
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format param...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.