What is Internet Fraud?

Internet fraud involves using online services and software with access to the internet to defraud
or take advantage of victims. The term "internet fraud" generally covers cybercrime activity that
takes place over the internet or on email, including crimes like identity theft, phishing, and
other hacking activities designed to scam people out of money.
Internet scams that target victims through online services account for millions of dollars worth of
fraudulent activity every year. And the figures continue to increase as internet usage expands and
cyber-criminal techniques become more sophisticated.
Internet fraud offenses are prosecuted under state and federal law. For example, federal law has
the controlling statute 18 U.S.C. § 1343 that covers general cyber fraud and can carry a
punishment of up to 30 years in prison and fines of up to $1 million depending on the severity of
the crime. 
States like California also have anti-phishing, credit card fraud, unauthorized computer access,
and identity theft laws. These laws also prohibit eliciting personally identifiable information
(PII) via the internet by pretending to be a company under the Anti-Phishing Act of 2005. 
Types of Internet Fraud
Cyber criminals use a variety of attack vectors and strategies to commit internet fraud. This
includes malicious software, email and instant messaging services to spread malware, spoofed
websites that steal user data, and elaborate, wide-reaching phishing scams.
Internet fraud can be broken down into several key types of attacks, including:

1. Phishing and spoofing: The use of email and online messaging services to dupe victims
into sharing personal data, login credentials, and financial details.
2. Data breach: Stealing confidential, protected, or sensitive data from a secure location and
moving it into an untrusted environment. This includes data being stolen from users and
organizations.
3. Denial of service (DoS): Interrupting access of traffic to an online service, system, or
network to cause malicious intent.
4. Malware: The use of malicious software to damage or disable users’ devices or steal
personal and sensitive data.
 5. Ransomware: A type of malware that prevents users from accessing critical data then
demanding payment in the promise of restoring access. Ransomware is typically
delivered via phishing attacks.
6. Business email compromise (BEC): A sophisticated form of attack targeting businesses
that frequently make wire payments. It compromises legitimate email accounts
through social engineering techniques to submit unauthorized payments.

To avoid hackers’ internet fraud attempts, users need to understand common examples of
internet fraud and tactics.
Email Phishing Scams
Email-based phishing scams are among the most prevalent types of internet fraud, which
continues to pose a serious threat to internet users and businesses. 

Statistics from Security Boulevard show that in 2020, 22% of all data breaches involved a
phishing attack, and 95% of all attacks that targeted business networks were caused by spear
phishing. Furthermore, 97% of users could not spot a sophisticated phishing email, 1.5 million
new phishing sites were created every month, and 78% of users understand the risk of hyperlinks
in emails but click them anyway.

Email-based phishing scams are constantly evolving and range from simple attacks to more
sneaky and complex threats that target specific individuals.

Email phishing scams see cyber criminals masquerade as an individual that their victim either
knows or would consider reputable. The attack aims to encourage people to click on a link that
leads to a malicious or spoofed website designed to look like a legitimate website, or open an
attachment that contains malicious content.

The hacker first compromises a legitimate website or creates a fake website. They then acquire a
list of email addresses to target and distribute an email message that aims to dupe people into
clicking on a link to that website. When a victim clicks the link, they are taken to the spoofed
website, which will either request a username and password or automatically download malware
onto their device, which will steal data and login credential information. The hacker can use this
data to access the user’s online accounts, steal more data like credit card details, access corporate
networks attached to the device, or commit wider identity fraud.

Email phishing scam attackers will often express the need for urgency from their victims. This
includes telling them that their online account or credit card is at risk, and they need to log in
immediately to rectify the issue.
Greeting Card Scams
Many internet fraud attacks focus on popular events to scam the people that celebrate them. This
includes birthdays, Christmas, and Easter, which are commonly marked by sharing greeting
cards with friends and family members via email. Hackers typically exploit this by installing
malicious software within an email greeting card, which downloads and installs onto the
recipient’s device when they open the greeting card.

The consequences can be devastating. The malware could result in annoying pop-up ads that can
affect application performance and slow down the device. A more worrying result would be the
victim’s personal and financial data being stolen and their computer being used as a bot within a
vast network of compromised computers, also known as a botnet.
Credit Card Scams
Credit card fraud typically occurs when hackers fraudulently acquire people's credit or debit card
details in an attempt to steal money or make purchases. 

To obtain these details, internet fraudsters often use too-good-to-be-true credit card or bank loan
deals to lure victims. For example, a victim might receive a message from their bank telling them
they are eligible for a special loan deal or a vast amount of money has been made available to
them as a loan. These scams continue to trick people despite widespread awareness that such
offers are too good to be true for a reason.
Online Dating Scams
Another typical example of internet fraud targets the plethora of online dating applications and
websites. Hackers focus on these apps to lure victims into sending money and sharing personal
data with new love interests. Scammers typically create fake profiles to interact with users,
develop a relationship, slowly build their trust, create a phony story, and ask the user for
financial help.
Lottery Fee Fraud
Another common form of internet fraud is email scams that tell victims they have won the
lottery. These scams will inform recipients that they can only claim their prize after they have
paid a small fee.

Lottery fee fraudsters typically craft emails to look and sound believable, which still results in
many people falling for the scam. The scam targets people's dreams of winning massive amounts
of money, even though they may have never purchased a lottery ticket. Furthermore, no
legitimate lottery scheme will ask winners to pay to claim their prize. 
The Nigerian Prince
A classic internet fraud tactic, the Nigerian Prince scam approach remains common and thriving
despite widespread awareness.

The scam uses the premise of a wealthy Nigerian family or individual who wants to share their
wealth in return for assistance in accessing their inheritance. It uses phishing tactics to send
emails that outline an emotional backstory, then lures victims into a promise of significant
financial reward. The scam typically begins by asking for a small fee to help with legal processes
and paperwork with the promise of a large sum of money further down the line. 

The scammer will inevitably ask for more extensive fees to cover further administration tasks
and transaction costs supported by legitimate-looking confirmation documents. However, the
promised return on investment never arrives.
How To Protect Yourself from Internet Scams
Internet users can protect themselves and avoid being caught in a phishing line by remaining
vigilant of the common types of internet fraud listed above. It is vital to never send money to
someone met over the internet, never share personal or financial details with individuals who are
not legitimate or trustworthy, and never click on hyperlinks or attachments in emails or instant
messages. Once targeted, internet users should report online scammer activity and phishing
emails to the authorities.
Credit card fraud can also be avoided by keeping a close eye on bank accounts, setting up
notifications on credit card activity, signing up for credit monitoring, and using consumer
protection services. If users suffer credit card fraud, they must report it to the relevant legal
authorities and credit bureaus.

characteristics of online fraud

1. Erratic: surprising & irregular in quantity

As I’ve discussed, fraud tends to appear – seemingly - out of the blue. Once it’s there, it doesn’t
have any reason to grow in proportion to your sales. Your CFO would love to keep fraud losses
at a fixed (low) percentage of your volume, and consider it just another “cost of doing business”
but fraud attacks tend to materialize quickly and a scalable attack might cause a large spike in the
fraud-loss curve. Fraud can also seem to go away - as a result of something you did, or not - but
there’s no guarantee it’s gone for good.
 
The key to dealing with such an “erratic” phenomenon is preparedness: education, early
detection and effective tools and processes enable you to react quickly and “smooth” the fraud-
loss curve.
 
 
2. Adaptive: changing in quality and reactive

You carry an umbrella in your car on dry days too, because you know that weather can change
abruptly and you want to be prepared. Fraudsters go through trial and error and often vary their
methods, so you always need be prepared for changes.
 
But there’s a big difference: rain doesn’t develop new ways to beat umbrellas. Fraudsters, on the
other hand, react to your defenses and find ways to circumvent them. While it is tempting to
predict that future fraud in your system will be similar to the fraud you’ve already seen, such
predictions are always going to fall short.
 
This entails that fraud prevention requires an understanding of what fraudsters can do, in
addition to what they have already done. It also explains why prevention cannot rely solely on
statistical solutions based on past data.
 
 
3. Sly: mimicking the “goods”

A fraudster’s job is to submit an order on your website that looks like it came from one of your
best customers. Fraud prevention is the ability to detect that it’s a fraudulent order, and at the
same time accept your best customers’ orders without any friction. It’s impossible to be 100%
accurate, so the result is that you will turn away some very good business in the process.
 
This may be the single most important challenge in fraud prevention, but sadly, it is not
adequately addressed, and not often discussed by fraud professionals and tool vendors. There is
an implicit assumption that preventing a fraudulent transaction is more important than preventing
insult to a good customer. It’s a very slippery assumption that may end up hurting your business
growth.
 
 
4. Ongoing: here to stay

Even after you’ve made great strides in prevention, you cannot make fraud go away. As long as
there’s money to be made, fraudsters will keep trying. Moreover, the very evolution of your
business provides fresh opportunities for fraudsters: new checkout options, improvements to user
experience, promotion in the holiday season, a new version of the mobile app… any of these
might have loopholes that require your attention.
 
 
The point here is that fraud is managed, not “solved once and for all”. Fraud prevention is an
ongoing effort which requires ongoing investment in people, tools, processes, research and
management’s attention.
 
 
5. Professional: increasing in sophistication

As I explained in the previous post, a significant chunk of eCommerce fraud is now perpetrated
by professionals whose work is to set up scalable operations that milk money from insufficiently
protected online businesses.
 
This means prevention, too, needs to be done by pros. In interacting with clients I often see well-
intentioned people making decisions and taking actions without a formal understanding of fraud.
In the long term, these actions might fall short in preventing fraud, and will often have adverse
effects on the business and its best customers. Fraud is not prevented with broad strokes, it
requires diligently drilling down to details.
 
 
Requirements for a prevention strategy:
 
It’s now time to call out the high-level requirements for a prevention strategy that emerge from
observing theses characteristics of online fraud.
 
Requirement #1: Have a strategy. Even if you haven’t experienced any fraud yet, don’t ignore
the problem. Get educated, assess your risks and make an informed decision. For some
businesses the decision may be not to worry about fraud for now - there could be legitimate
reasons - but make this decision consciously and know when you need to revisit it.
 
Requirement #2: Let pros handle fraud. Hire a professional to run fraud prevention in-house.
Fraud prevention tools need to be used with skill so they stop the fraudsters without shooing
away your good customers. Even if you decide to outsource fraud prevention (there are some
emerging services out there) you may still need an in-house expert.
 
Requirement #3: Think long-term. Your fraud/loss prevention person needs to be a manager and
needs to have your ongoing support. They will need to grow with your business by setting up
processes, acquiring tools, and maybe hiring and training talent. Fraud prevention is not a
project, it’s a team.
 
Requirement #4: Get good at getting better. Since you’re engaging in an arms race, you’ll have
no choice but to keep improving your prevention, just to keep up with the fraudsters and your
business growth. Make sure that improvement cycles are built into your business processes:
Monitor-Analyze-Fix-Deploy-Monitor…
The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17, 2000.
It is the law that deals with cybercrime and electronic commerce in India. In this article, we will
look at the objectives and features of the Information Technology Act, 2000.

Information Technology Act, 2000

In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the
model law on electronic commerce (e-commerce) to bring uniformity in the law in different
countries.

Further, the General Assembly of the United Nations recommended that all countries must consider
this model law before making changes to their own laws. India became the 12th country to enable
cyber law after it passed the Information Technology Act, 2000.

While the first draft was created by the Ministry of Commerce, Government of India as the
ECommerce Act, 1998, it was redrafted as the ‘Information Technology Bill, 1999’, and passed in
May 2000.

Objectives of the Act

The Information Technology Act, 2000 provides legal recognition to the transaction done via
electronic exchange of data and other electronic means of communication or electronic commerce
transactions.

This also involves the use of alternatives to a paper-based method of communication and

information storage to facilitate the electronic filing of documents with the Government agencies.

Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers’
Books Evidence Act 1891, and the Reserve Bank of India Act 1934. The objectives of the Act are
as follows:

i. Grant legal recognition to all transactions done via electronic exchange of data or
other electronic means of communication or e-commerce, in place of the earlier
paper-based method of communication.
ii. Give legal recognition to digital signatures for the authentication of any information
or matters requiring legal authentication
 iii. Facilitate the electronic filing of documents with Government agencies and also
departments
iv. Facilitate the electronic storage of data
v. Give legal sanction and also facilitate the electronic transfer of funds
between banks and financial institutions
vi. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934, for keeping the books of accounts in electronic form.

Features of the Information Technology Act, 2000

a. All electronic contracts made through secure electronic channels are legally valid.
b. Legal recognition for digital signatures.
c. Security measures for electronic records and also digital signatures are in place
d. A procedure for the appointment of adjudicating officers for holding inquiries under
the Act is finalized
e. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act.
Further, this tribunal will handle all appeals made against the order of the Controller
or Adjudicating Officer.
f. An appeal against the order of the Cyber Appellant Tribunal is possible only in the
High Court
g. Digital Signatures will use an asymmetric cryptosystem and also a hash function
h. Provision for the appointment of the Controller of Certifying Authorities (CCA) to
license and regulate the working of Certifying Authorities. The Controller to act as a
repository of all digital signatures.
i. The Act applies to offences or contraventions committed outside India
j. Senior police officers and other officers can enter any public place and search and
arrest without warrant
k. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise
the Central Government and Controller.

Applicability and Non-Applicability of the Act

Applicability
According to Section 1 (2), the Act extends to the entire country, which also includes Jammu and
Kashmir. In order to include Jammu and Kashmir, the Act uses Article 253 of the constitution.
Further, it does not take citizenship into account and provides extra-territorial jurisdiction.

Section 1 (2) along with Section 75, specifies that the Act is applicable to any offence or
contravention committed outside India as well. If the conduct of person constituting the offence
involves a computer or a computerized system or network located in India, then irrespective of
his/her nationality, the person is punishable under the Act.

Lack of international cooperation is the only limitation of this provision.

Non-Applicability

According to Section 1 (4) of the Information Technology Act, 2000, the Act is not applicable to the
following documents:

1. Execution of Negotiable Instrument under Negotiable Instruments Act, 1881, except

cheques.
2. Execution of a Power of Attorney under the Powers of Attorney Act, 1882.
3. Creation of Trust under the Indian Trust Act, 1882.
4. Execution of a Will under the Indian Succession Act, 1925 including any other
testamentary disposition
by whatever name called.
5. Entering into a contract for the sale of conveyance of immovable property or any
interest in such property.
6. Any such class of documents or transactions as may be notified by the Central
Government in the Gazette.

Solved Question for You

Q1. What are the objectives of the Information Technology Act, 2000?

Answer:

The primary objectives of the IT Act, 2000 are:

  Granting legal recognition to all transactions done through electronic data exchange,
other means of electronic communication or e-commerce in place of the earlier paper-
based communication.
 Providing legal recognition to digital signatures for the authentication of any
information or matters requiring authentication.
 Facilitating the electronic filing of documents with different Government departments
and also agencies.
 Facilitating the electronic storage of data
 Providing legal sanction and also facilitating the electronic transfer of funds between
banks and financial institutions.
 Granting legal recognition to bankers for keeping the books of accounts in an
electronic form. Further, this is granted under the Evidence Act, 1891 and
the Reserve Bank of India Act, 1934.
protect yourself against cybercrime

 facebookShareLinkText
 

 twitterShareLinkText
 

 linkedInShareLinkText
Cybercrime is an ongoing threat.

You might think that the only form of cybercrime you have to worry about is hackers stealing
your financial information. But it may not be so simple. There are far more concerns than just
basic financial ones. Cybercrime continues to evolve, with new threats surfacing every year.

When you hear and read about the range of cybercrimes out there, you might be tempted to stop
using the internet entirely. That’s probably too drastic.

Instead, it’s a good idea to know how to recognize cybercrime, which can be the first step to
helping protect yourself and your data. Taking some basic precautions and knowing who to
contact when you see others engaged in criminal activities online are also important steps.
You might want to learn how to prevent cybercrime, but here’s the thing: You can’t. You can,
however, take precautions to help protect against it.

What is cybercrime?

Cybercrime is any crime that takes place online or primarily online. Cybercriminals often
commit crimes by targeting computer networks or devices. Cybercrime can range from security
breaches to identity theft.

Other cybercrimes include things like “revenge porn,” cyber-stalking, harassment, bullying, and
child sexual exploitation.

Terrorists collaborate on the internet, moving terrorist activities and crimes into cyberspace.

How to protect yourself against cybercrime

Anyone using the internet should exercise some basic precautions. Here are 11 tips you can use
to help protect yourself against the range of cybercrimes out there.

1. Use a full-service internet security suite

For instance, Norton Security provides real-time protection against existing and emerging

malware including ransomware and viruses, and helps protect your private and financial
information when you go online.

2. Use strong passwords

Don’t repeat your passwords on different sites, and change your passwords regularly. Make them
complex. That means using a combination of at least 10 letters, numbers, and symbols.
A password management application can help you to keep your passwords locked down.

3. Keep your software updated

This is especially important with your operating systems and internet security software.
Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your
system. Patching those exploits and flaws can make it less likely that you’ll become a cybercrime
target.
4. Manage your social media settings

Keep your personal and private information locked down. Social engineering cybercriminals can
often get your personal information with just a few data points, so the less you share publicly, the
better. For instance, if you post your pet’s name or reveal your mother’s maiden name, you
might expose the answers to two common security questions.

5. Strengthen your home network

It’s a good idea to start with a strong encryption password as well as a virtual private network. A
VPN will encrypt all traffic leaving your devices until it arrives at its destination. If
cybercriminals do manage to hack your communication line, they won’t intercept anything but
encrypted data. It’s a good idea to use a VPN whenever you a public Wi-Fi network, whether it’s
in a library, café, hotel, or airport.

6. Talk to your children about the internet

You can teach your kids about acceptable use of the internet without shutting down
communication channels. Make sure they know that they can come to you if they’re
experiencing any kind of online harassment, stalking, or bullying.

7. Keep up to date on major security breaches

If you do business with a merchant or have an account on a website that’s been impacted by a
security breach, find out what information the hackers accessed and change your password
immediately.

8. Take measures to help protect yourself against identity theft

Identity theft occurs when someone wrongfully obtains your personal data in a way that involves
fraud or deception, typically for economic gain. How? You might be tricked into giving personal
information over the internet, for instance, or a thief might steal your mail to access account
information. That’s why it’s important to guard your personal data. A VPN — short for virtual
private network — can also help to protect the data you send and receive online, especially when
accessing the internet on public Wi-Fi.

9. Know that identity theft can happen anywhere

It’s smart to know how to protect your identity even when traveling. There are a lot of things you
can do to help keep criminals from getting your private information on the road. These include
keeping your travel plans off social media and being using a VPN when accessing the internet
over your hotel’s Wi-Fi network.

10. Keep an eye on the kids

Just like you’ll want to talk to your kids about the internet, you’ll also want to help protect them
against identity theft. Identity thieves often target children because their Social Security number
and credit histories frequently represent a clean slate. You can help guard against identity theft
by being careful when sharing your child’s personal information. It’s also smart to know what to
look for that might suggest your child’s identity has been compromised.

11. Know what to do if you become a victim

If you believe that you’ve become a victim of a cybercrime, you need to alert the local police
and, in some cases, the FBI and the Federal Trade Commission. This is important even if the
crime seems minor. Your report may assist authorities in their investigations or may help to
thwart criminals from taking advantage of other people in the future. If you think cybercriminals
have stolen your identity. These are among the steps you should consider.

 Contact the companies and banks where you know fraud occurred.
 Place fraud alerts and get your credit reports.
 Report identity theft to the FTC.