email fraud -- the net has grown up

[David Farber <farber () central cis upenn edu>]

Date: Wed, 26 Jan 1994 13:15:34 -0500 (EST)
From: carrigl () fire nic ddn mil (Lori Carrig)
Subject: E-Mail Fraud


            Electronic Mail Fraud, by Lori Carrig


With the advent of Electronic Mail we have several risks associated with this
modern vehicle of information.  Of these risks one is E-Mail fraud.  Just like
with Mail and Telephone fraud, Electronic Mail fraud has come of age.  Before
I diverge into this problem let me set an example of an incident I worked on:


I received a notice from a user that she received E-Mail promoting computer
chips for sale from a internet address.   She had not received her items
which she paid for and wanted to report it.  She gave the following account:


She had received and responded to this address about the sale of the described
items.  After several exchanges of E-Mail from the culprit the price was
determined and she inquired to the method of payment for the desired items.
The culprit explained that they would only take Money Order.  The culprit
would accept a check, but would not ship the desired items until after the
check has cleared.  A name and address was given, but no phone number, to send
the check to.  The culprit stated that they would ship the items after 5-7
days.  After 9 days the victim sent an E-Mail message to the culprit and
inquired if they received the check.  A message was sent back stating that
they did receive the check and was awaiting for it to clear the bank.  After
30 days the victim had not received the ordered, and paid for, items from the
culprits.


The risk here is quite apparent.  As with Mail and Telephone Fraud, E-Mail
fraud can cause extreme losses to users.  What would prevent such an incident?
Well here are some of the ways I have seen:


        1.  Order from known companies like Intel, Microsoft, CompUSA, and
so on.


        2.  Pay with an Credit Card.  You have the right to cancel the payment
            within 30 days if the items have not been received.  There is other
            risks associated with giving you Credit Card number out, but I will
            not address them at this time.


        3.  Request a phone number and call the vendor to confirm the order.


The best prevention is number 1 above and common sense.  Know who you are
dealing with before any monetary exchange takes place.  Items 2 and 3 above
have other risks involved with them which, in turn, may be another form of
fraud.


There are other samples of E-Mail fraud, but I will not address them at this
time.  I will leave that for future releases.  With the estimated losses to
Computer crime ranging from $3-6 billion dollars(1) it is cause for alarm.


If you suspect that you are a victim of E-Mail fraud, contact your local
police department.  Please note that only 11% of computer crimes are ever
reported to law enforcement.(2)




The opinions above are mine only and DO NOT reflect any other parties position.




        Lori Carrig
        carrigl () nic ddn mil


Footnotes:


    (1) Publisher:  Search, Sacramento, CA
    (2) Publisher:  Law and Order, September 1990