INTERNET CRIMES

    IF YOU BELIEVE YOU ARE A VICTIM OF AN INTERNET CRIME, DO NOT CONTACT YOUR LOCAL POLICE AGENCY.  
    Contact the  INTERNET CRIME COMPLAINT CENTER (IC3) .  IC3 is an alliance between the NATIONAL WHITE
    COLLAR CRIME CENTER (NW3C) and the Federal Bureau of Investigation.    IC3 analyzes and refers all fraudulent
    activity identified on the Internet to the appropriate local, state, and federal law enforcement agencies.  Your local police
    agency may receive your case once it is review by IC3 and referred to them.  An investigator should contact you if the
    case is referred to your police agency for an investigation.  TO FILE AN INTERNET CRIME COMPLAINT OR TO LEARN
    MORE, VISIT THE INTERNET CRIME COMPLAINT CENTER WEB SITE AT   WWW.IC3.GOV

    THE FOLLOWING DESCRIBES HOW ONLINE THIEVES CAN STEAL YOUR
    INFORMATION, HOW THEY CAN SCAM YOU, AND HOW YOU CAN USE SOME
    METHODS LAW ENFORCEMENT AGENCIES UTILIZE TO TRACE A CRIMINAL ONLINE
    AND DO YOUR OWN INVESTIGATION:

    PHISHING AND SPOOFING  Phishing or spoofing is typically carried out by using email, auction sites, second
    chance offers, or instant message to trick victims by requesting a click on a link or response to an unsolicited email that
    will direct the victim to a fake web site disguised as a legitimate web site.    Fake web sites are very convincing.  This
    criminal technique occurs when a legitimate web page such as an online auction site, bank's site, or IRS web site...is
    reproduced exactly like the legitimate site except you are now under the control of the attacker's server.  The intent is to
    fool the users into thinking that they are connected to a trusted site and to fraudulently obtain user names, credit/debit
    card numbers/pin numbers, social security numbers, passwords, etc.  Once the victim enters their card numbers, pins, or
    personal information, the fraudulent page will usually generate some type of error and redirect the user back to the
    legitimate site.  Banks, IRS, online auction sites etc., should never send you an email requesting your personal
    information or account numbers to verify your account information for security reasons or any other reason.  If you
    believe that you may have an account problem with a bank or business, call them directly using the number on the back
    of your cards or use telephone directory verification.

    Cyber criminals know how to disguise their headers, URL address bars, web/surfer addresses, user names, etc., so that
    you or anyone else will not be able to trace or contact them after they have stolen what they want. Visit Anonymizer.com
    and Hushmail.com if you want to learn how a surfer can be disguised.   NOTE:  If you are concerned about an online
    purchase, get the seller to send you an email and save it, it can be traced by law enforcement but it won't be
    much help if it is disguised and the person lives on the other side of the world.  If you have been phished, you
    should immediately update and check your account information with the business or auction site, contact the credit/debit
    card company used to make the purchase, check your credit report, request a fraud alert or credit freeze, and check
    every other account you have.  You should also contact the business or auction site and inform them of the incident.

    A very convincing and sophisticated online auction site Internet crime involves legitimate sellers and buyers that
    are phished or fooled.  The criminal phishes a seller to click on a fraudulent web page and obtains his account
    seller information.  The criminal is then able to list a large ticket item "truck" for sale on the legitimate auction site
    using the "phished" legitimate seller's account.  A buyer using the auction site sees the great deal for the truck
    and wins the auction.  The buyer then clicks to pay for the truck and is unaware that he is on a fraudulent page
    representing the auction site created by the criminal.  The fraudulent page directs the seller to wire the money to
    the criminal.  The criminal also creates a fake purchase tracking page so the buyer can track when and where he
    will receive the truck.  No truck and out several thousand dollars.   Be wary of second chance offers and
    purchasing large ticket items on online auction sites.

    Online auction web sites' policies generally state that buyers should avoid paying with instant money transfer
    services that send cash instantly from storefront locations, by telephone, and over the Internet.   Instant money
    transfer services can wire money just about anywhere in the world.  The rate of online auction fraud is increasing
    exponentially and law enforcement agencies may have guidelines requiring monetary loss limits that will determine
    whether an investigation is conducted.  

    FAKE CALLER ID

    In public telephone networks, it has for a long while been possible to find out who is calling you by looking at the
    Caller ID information that is transmitted with the call. There are technologies that transmit this information on land
    lines, cellphones, and also with Voice over Internet Protocol (VoIP).  VoIP is simply an Internet Telephone.  
    Unfortunately, these technologies (especially associated with VoIP) allow callers to lie about their identity, disguise
    their voice as male or female, and present false names and numbers, which could of course be used as a tool to
    defraud, harass, or prank.  Because there are services and gateways that interconnect VoIP with other public
    phone networks, these false Caller IDs can be transmitted to any phone on the planet, which makes the whole
    Caller ID information now next to useless.   If you doubt this, visit www.spoofcard.com.   Due to the distributed
    geographic nature of the Internet, VoIP calls can be generated in a different country to the receiver, which means
    that it is very difficult to have a legal framework to control those who would use fake Caller ID's as part of a scam.  
    A bank, credit card company, or government agency should never call you and ask for personal information.  Call
    them direct by using the numbers on the back of your cards or use telephone directory verification.   As for the
    phone pranks made with this technology, enjoy the laugh.   

    A METHOD TO CONDUCT YOUR OWN INTERNET INVESTIGATION

    Regardless of what you want to investigate, child predators, suspicious sellers, harassing boyfriend or girlfriend
    etc., you should get them to email you.  Depending on your email service and your effort to obtain the instructions,
    you may be able to view an email's routing and server paths:  It should look similar to this:  

    Return-path<sj2833-DXXX@servage-business.net>
    Received from xxx-yxxx.mx.aol.com  (rly-yhoxx.mail.aol.com [100.21.340.xxx]
    yhxx.yahxx.com (v114_rl.10) with esm id  mrromance@gotcha (432.xxx.xxx)  
    Received from xxxii.com@ugoslava uthursideofwurld [9xxx.87.111]
    Received: from cxx.servxge.net (cxx.servxge.net [82.140.xx.xx] by sliest-dude.mx.xol.com
    Mail relayintel 231lxxxxa4fdd33
    Received: from node xxxcjz [10.1.xx.4]
    For Beccagirlspoofedya<@axl.org

    This path looks like an alien language to most of us but it is very important to law enforcement cyber detectives.  
    Notice the highlighted numbers in purple bold brackets. "x"'s placed to represent real numbers.  These are called
    IP address numbers, in simpler terms, a computer address.   You should copy and print this path information or
    write these numbers down.  Although many predators or spoofers can disguise these paths,  there should be one
    correct IP number that can be traced to real servers.  You can use websites like www.arin.net to conduct a
    reverse IP number search that may reveal a true computer server address and perhaps a true domain name.  
    Enter the IP numbers on the IP reverse web site search bar to obtain a  path of the IP number.  If your seller's or
    predator's  path appears entirely different than what you observed in your email and address bar, you probably
    should be suspicious.  For example: your address bar may display "BigtrucksGreatDeals.oxg" and the email
    routing path you traced ultimately looks something like "Yonkidork@bbyAhDdaSSdghEww423dDASEDADAk.uk."    
    NOTE:  These paths can be very long and difficult to understand.  Do not jump to conclusions until the Internet
    Crime Complaint Center has reviewed it.  

    COMMON TYPES AND TRENDS OF INTERNET CRIMES:

    Wi-Fi HOT SPOT FRAUD
    Most laptop computers are configured to search for open wireless points and common Wi-Fi names at
    airports, cafés, hotels, or any  Wi-Fi access point.  Fraudulent Wi-Fi access point names can be an
    established commercial, altered, or a disguised name to fool Wi-Fi users.   Most Wi-Fi users will be unaware
    they are being hacked.  Hackers can easily set up a middle access Wi-Fi point or use other hacker tactics
    that can obtain your passwords, files, credit card numbers, purchase information, or financial transactions.  
    Wi-Fi users should be wary using  Wi-Fi to make purchases or to conduct any financial transactions until a
    more secure Wi-Fi security system is implemented.

              HOTEL BUSINESS ROOM, INTERNET CAFÉ, AND PUBLIC COMPUTERS
    Don't use "public computers" and hotel business room computers to access your financial accounts or to
    make purchases.  Public computers could be loaded with a virus that records your passwords, account
    information, or transaction and send the information anywhere in the world.  Your account(s) could be
    depleted in minutes.  Use your connected home computer to conduct financial transactions and to make
    purchases.
 
    ONLINE AUCTION FRAUD :
    Before you bid, check the seller's rating on the auction site, contact the seller with any questions and get
    the seller to e-mail you as a precaution.  Investigators may be able to trace it.  A seller's entire web site can
    be disguised as a legitimate auction site including the address bar.  Be wary of sellers that try to get you off
    an auction site's web page.  E-mails offering second chance offers, etc,.

    A common and easy technique used by attackers occurs when an attacker has items listed for sale on an
    online auction site along with related items for sell.  When the intended victim clicks on the related items,  
    the victim may be unknowingly directed  to the attacker's web page and server off the legitimate auction site
    that looks exactly like the legitimate auction site's web page.  The victim then enters their credit/debit card
    information to purchase other item(s).   The  attacker can then purchase items using the victim's personal
    information and credit/debit card online, and in minutes, drain their account.   

    Make efforts to ensure the site is secure and reputable before providing your credit/debit card number
    online.  Take the time to read the online auction site's security policy to learn how to verify a legitimate
    seller.  Obtain name, address, and telephone number of the individual or company.  Research the individual
    or company to ensure they are authentic by contacting the Better Business Bureau at http://lookup.bbb.
    org to determine the legitimacy of the company.  Some identity thieves use cell phone numbers and will
    answer their listed number on a website posing as a company employee.  Remember an entire web page
    can be disguised.  

    Exercise caution when dealing with individuals outside of your own country.  Be wary if the seller only
    accepts wire transfers or cash.  Wire transfers can be picked up anywhere in the world.  Be wary of
    businesses that operate from P.O. Boxes or mail drops.  Ask for names and contacts of other customers,
    and contact them.  Do not provide credit card information when requested by unsolicited e-mails.  All it takes
    is one mistake or click by providing your credit/debit card numbers to an impostor.  In minutes, your cards
    can be "maxed" or your debit account can be depleted.  If it seems too good to be true, it most likely is.  

    Be alert  for the unsolicited Spam e-mail scam that informs you that your account has been compromised
    and you must update it for security reasons.  The entire web page will be disguised and will be convincing.  
    This is a very common Internet crime and easy way to steal your account information and credit card
    number.  If you don't remember anything else on this page, remember this...No auction site or company
    should send you an unsolicited e-mail requesting your account information and credit card number.   Delete
    these e-mails or forward them to www.ic3.gov  

    FOREIGN LOTTERIES
    An e-mail, phone call, or letter informs you that you have won a lottery!  You respond and a very convincing
    letter is already in hand or mailed to you containing a lottery check payable to you for a few thousand
    dollars or more.  You are instructed to cash the check on your bank account and send some type of
    processing or tax fee back to the person or fake company that mailed you the check.  Need I say more.  
    Congratulations! You just committed Forgery.  You may or may not go to jail but the bank may hold you
    accountable for the money.  This scam primarily targets the elderly and is costing U.S. Citizens.  Fake
    foreign lottery scams have made millions.  Lottery scams will continue to evolve and probably create a scam
    with legitimate smaller denomination checks to initially  convince victims.   Victims may receive larger
    denomination lottery checks that will ultimately be counterfeit and may cost victims their life savings if they
    fall for this.   You cannot win a lottery without buying a legitimate ticket and no lottery system will
    ever contact winners.     

    ONLINE EMPLOYMENT AND BUSINESS OPPORTUNITIES
    Be wary when replying to unsolicited e-mails for work-at-home employment especially those that exaggerate
    claims of possible earnings or profits and require no experience.  Do not give your social security number or
    any personal identifiers when first interacting with a prospective employer.  Use caution when dealing with
    individuals outside of your own country.  Illegitimate offers require you to cash counterfeit checks or money
    orders at your bank and send a portion of the money back.  Banks may close your account and repo your
    car.   Research the company to ensure they are authentic.  Contact the Better Business Bureau to
    determine the legitimacy of the company.  Better Business Bureau

    INTERNET AND TELEPHONE EXTORTION
    A person may e-mail you or call you threatening to drain your accounts unless you wire the person money.  
    They may actually tell you - your name, address, date of birth, social security number, and your bank and
    account information.  Hang up.  Write down any email address (probably fake) or phone number (probably
    fake) on the caller ID.  Report the incident to your bank, monitor your accounts, and file a complaint with the
    Internet Crime Complaint Center.  

    INVESTMENT FRAUD
    Be wary of investment offers received through unsolicited e-mail offering high returns at little or no risk.  
    Don't invest in anything you don't understand.   Research the company and nature of the investment.  Be
    cautious when dealing with individuals outside of your own country.  Don't assume a company is legitimate
    based on the appearance of their web site.  Remember web sites can be disguised and the phone numbers
    you call from the web site can be operated by an impostor.  Contact the Better Business Bureau or call by
    telephone directory verification to determine the legitimacy of the company.  Better Business Bureau