Business Week e.biz -- Special Report: Internet Fraud
Fraud on the Net
Sandra Von Lienen, a retired letter carrier from Peoria, Ill., received an e-mail message on the evening of Jan. 22 touting the stock of Parallel Technologies Inc. The message claimed the company was America Online Inc.'s stock pick of the day and predicted a big runup in the price. Von Lienen jumped online and snatched up 20,000 shares. At just 3 cents a share, she thought, the offer sounded too good to be true. Turns out it was. Von Lienen wound up losing $13,000 on what she thought was a $600 investment. "Boy, was I wrong," she sighs.
Von Lienen was the perfect target--someone who knows enough to invest online but is far from being a sophisticated investor. She is a whiz with computers. But until the recent death of her mother, she hadn't much money to invest, or much knowledge of stocks. So when she placed her order to buy, she failed to specify a maximum price she was willing to pay. At the same time, Parallel's stock, which AOL never touted, was getting some buzz from the bulk e-mail, known as "spam," sent to thousands of Web surfers. It shot up from 3 cents to 81 cents before Von Lienen's trade was executed, saddling her with a $16,000 bill when the bottom suddenly fell out of the stock. She salvaged $3,000 by selling at a huge loss.
The fraud that snookered Von Lienen was one of the most sweeping and successful so-called pump and dump schemes federal authorities have come up against. In these scams, someone buys a stock, touts it on the Internet, sending it skyward, then unloads into a buying frenzy. This particular case involved stock in Parallel Technologies and 56 other companies and caught dozens of innocent victims. According to an indictment brought by the U.S. Attorney in Manhattan, the two alleged con artists pocketed about $340,000 in a matter of weeks.
But then, where else can con artists and hypesters find such a ready pool of potential marks, so fast and so cheap? The Internet's ability to reach millions of people, combined with its protective cloak of anonymity, has made it vastly easier for the unscrupulous to snag victims. "And you don't have to set up a boiler room, rent phone lines, or hire cold-callers to do it," says Cameron K. Funkhouser, vice-president for market regulation at NASD.
The Net is becoming a breeding ground for scams of every design: Credit-card fraud, auction rip-offs, get-rich schemes, and e-commerce sites that fail to deliver what they promise or overpromise--from miracle diets to full heads of hair. The vast majority of victims are like Mason A. Newton. The College Station (Tex.) police officer bought two leather jackets through eBay Inc.'s online auction. Despite sending a $200 check to the seller, he never got what he paid for. "I'm as gullible as anyone," Newton says sheepishly. EBay says its fraud rates are low--only one in 25,000 transactions on average are reported as fraudulent.
Not too long ago Internet scams were rare, but now they are so rampant that regulators are finding themselves buried beneath all the paperwork. According to the National Consumers League, a nonprofit consumer organization, individuals and businesses were bilked of $3.2 billion last year alone. The Federal Trade Commission identified 18,660 instances of potential Internet fraud last year. One-fourth of all its consumer complaints are now about the Internet, up from just 3% in 1997. And at the Securities & Exchange Commission, officials receive about 2,000 e-mails a day identifying potential Internet cons, up from a handful when it created its Web site in 1996.
It's not just the gullible consumer who is being duped. Businesses of all sizes are becoming targets. The hot business scams: Hijacking Web pages and diverting Net traffic to sites (usually X-rated) that can then charge higher ad fees based on their new audience; fraudulent Internet access offers; and bogus Web page design outfits that prey on small companies. In the case of Web site design, businesses sign up for the services of a design firm to take advantage of free trial offers. Then the unsuspecting victim is immediately hit with hefty set-up fees. The FTC has brought charges against five outfits it alleges have fraudulently sold their services, bilking over 1 million small businesses.Web page-jacking. Some of the biggest e-commerce companies also have been fooled by con artists. Expedia.com, an online travel agent, disclosed on Mar. 1 that it expects to lose as much as $6 million on bogus airline ticket purchases. Company officials won't talk about the losses, but insist they are not the result of hackers stealing the credit-card numbers of Expedia customers. Instead, crooks used bogus credit cards to buy e-tickets that were picked up at the airport, thus avoiding a common red flag in credit-card fraud: different billing and ship-to addresses. Nike.com estimates that more than 10% of purchase requests it receives are attempts to defraud the company, says Sam Bradach, global logistics director.
Credit card scams look almost timid when you consider some of the other schemes. Federal authorities were stunned at the audacity of a Web page-jacking exposed last August that diverted requests for more than 25 million legitimate Web pages to a series of pornography sites managed out of Australia. The crooks made copies of the pages by coding them with instructions used by search engines such as Yahoo! Inc. and Lycos Inc. When Web surfers requested those pages, they were instead treated to dirty pictures. Angel Munoz, who owns popular teen computer-game site Avault.com, lost untold customers. "There's an intangible harm done here," frets Munoz. The page-jacking scam has been shut down, but no criminal charges have been brought.
In February, federal authorities came across a new type of Internet crime that combined hacking with cyber fraud. A securities crook broke into the Web site of Michigan-based biotech company Aastrom Biosciences Inc. and planted a fake press release saying the company was being acquired at a large multiple of its current share price. The stock price jumped 50% before the company spotted the fake release and had trading in its shares suspended. Such focused attacks on individual companies for the purpose of committing a fraud are likely to grow, says John T. Pescatore, a network security analyst at the Gartner Group Inc., a consulting firm. "The most effective attacks will be the ones that get the least publicity."
Not that the techies aren't fighting back. Efforts to combat fraud are getting more sophisticated as new technologies come out of the labs. Expedia.com, for example, has deployed profiling software to root out questionable purchases. The software can analyze data, make comparisons, and red-light suspicious activity. Programs like this look at a number of factors, including whether a card number is coming from the same Internet address it normally comes from, whether it is routed through a host computer server with a history of fraud, whether it is part of a surge in certain types of transactions, and whether the customer's address information seems to be in order. The profiling program instantly digests all this information to quickly spit out a rating on the risk of the transaction. Then it's up to the merchant.
For small companies, human intervention may be the best bet. Stephanie Sebek, who manages a small e-commerce company, Netrageous.com, out of her home in Maryland, was ripped off for $700 when an office temp failed to spot some suspicious-looking online purchases. Sebek's company sells software, databases, and instructional information for people to set up their own e-commerce sites. Ironically, the company was founded by a North Carolina couple who also started a popular antifraud newsletter. Clearly familiar with the types of fraud her company may face, she says only partly in jest she will prevent fraud by never again taking a vacation.Cybersleuthing. Government snoops also are getting better. Any fraud involving spam usually comes to the attention of federal authorities about as fast as it reaches its victims. That's because it gets forwarded to Washington by private Internet fraud watchdogs and entered into databases maintained by the FTC and the SEC, and then immediately analyzed. The sheer volume of the e-mail is the first clue as to how widely disseminated a fraudulent message is. On the weekend of Feb. 26-27, for instance, 316 of the 864 e-mails the SEC received pertained to the same spam. With a little cyber-detective work, the feds can trace the spam back to a specific network server--and possibly a person.
The FTC isn't relying on just the help of businesses and private citizens. The agency puts on what it calls "surf days." It coordinates surfing efforts that can involve hundreds of law enforcement agencies around the country and dozens from other nations. Usually they target a specific type of con, such as investment schemes. Each surf is conducted in multiple languages with different search engines. The surf days help find scam sites. After some sweeps, the FTC says, 40% of the fraudulent sites are taken down. But only a fraction of the potential crimes are prosecuted. One easy way of finding a lot of scam Web pages is to enter the phrase "This is not a scam" into a search engine, says Paul Luehr, head of the FTC's Internet fraud unit (page 66).
In May, the Federal Bureau of Investigation, which has been a laggard in Internet fraud, will join up with the National White Collar Crime Center (a nonprofit organization funded through the Justice Dept.) to form an Internet fraud center. The center will have 161 full-time employees and plans to do preliminary investigative work, forwarding their findings to agents out in the field.
More policing of the Net is great, but antifraud experts say the buyer's best bet is to follow a few rules of thumb. The most important may be to use a credit card when possible because the credit-card companies generally protect their customers from losses above $50. Another trick is to make sure the seller has a location in the real world, with an address and phone number--and don't hesitate to call and check it out. Finally, consumer groups say, check with the Better Business Bureau (www.bbbonline.org). In the case of auctions, experts say it pays to check the references from the merchant's previous sales. Most auction sites, including eBay and others, now offer an option for placing money in escrow until goods arrive.
One can never be too cautious. Terri Walker, vice-president of Atlanta-based market research firm Richard Miller & Associates, thought she had found a good place to buy a $900 television when she saw the Better Business Bureau icon at a site called Closeout.com. Only later did she realize the icon had simply been cut and pasted, and did not click through to complaints or comments about the company. No case has been brought against Closeout. Next time, Walker says, she will click on the bureau icon to make sure it's real.
Some scams don't sound so outrageous, as Lisa Y. Pettit, a computer technician living in the Florida Keys, can attest. She found what she thought was a perfect business venture on the Web. For $3,210, she was promised chocolate candy, coin-operated dispensers, and a list of South Florida businesses willing to display the dispensers as a public service, since a portion of the candy sales went to charities. The idea seemed perfect. She would make a little money while helping children's causes. As a single mom, she relished the idea of managing her route of restocking the dispensers with her eight-year-old. "He was going to be my little business partner," she explains. But the list of businesses never materialized, and the dispensers were pathetic--little more than plastic boxes that were secured with twist ties. After complaining to the company Pettit asked for her money back but was told that was impossible. She values what she received at less than $100.
With Net fraud rising, some companies are rethinking policies. In February, E*Trade Group Inc. decided it will no longer accept orders for penny stocks outside of market hours if a maximum purchase price isn't specified. The aim is to prevent the kind of scam that caught Von Lienen unawares. She applauds and only wishes E*Trade had thought of it sooner.For tips on how to avoid getting ripped off on the Net, go to ebiz.businessweek.com. More information on Internet fraud can be found at:
www.fraud.org (The National Consumers Federation fraud watch)By Dan Carney; Contributing: Mike McNamee in WashingtonReturn to top