There are two main methods that criminals use in committing Internet fraud:

1.Fraudulent Internet sites that appear legitimate but are used to steal information or money; and
2.Unauthorized access to personal information for illegitimate purposes.

In the case of apparently legitimate web sites, a criminal will set up what appears to be a legitimate web site, using an address that appears to be from the target company. For example, if a criminal wants to attempt to defraud customers of Citibank, they may set up a web site at citibanc.com rather than the actual citibank.com. In other cases, they may have an address such as citibank.fraud.com.

Additionally, some people will send out emails called 'phishing' emails, in which they may state that there is a problem with your account, please click on the following link to access your account to verify your information. When the client clicks on the link, it takes them to the fraudulent web site, where it captures all their verification information for later use in obtaining access to the client's account on the target companies web.

The most effective defense of this type of fraud comes from customer education. A company should have a policy in effect, that they ensure every client is aware of, that they will NEVER use e-mail to contact a customer about their account.

Proactive companies can additionally 'patrol' the Internet, watching for scams using their company, or for websites that use names that could be misinterpreted for the targeted company. If a site is found, all possible legal measures should be taken to immediately close down the site. Additionally, customers should routinely be notified of possible fraud.

In the case of unauthorized access to information, a company has a responsibility for providing the tightest security possible. Unfortunately, the vast majority of cases concerning theft of personal data and information, the cause of the security breach has turned out to be failure of an authorized person to properly protect the data, or through an authorized person taking unauthorized actions.

In the several cases that I have read about concerning the Veteran's Administration (VA), the theft of data occurred due to a lost/misplaced laptop computer that contained personal records and information. In other cases, with other companies, the personal information was compromised by unethical employees for personal gain. In only a small percentage of cases, is it determined

• 1
• 2
• next page >>

---

Add your voice

Know something about How can companies better address Internet fraud??
We want to hear your view. Write now!