Reflecting the diverse and evolving nature of online fraud, a wide variety of fraud had been experienced among participants who took part in an interview or a focus group for the study.
The fraud reported highlighted the sophisticated ways in which confidence fraud and
possessing, making or supplying articles for use in fraud is being carried out and the role the internet is playing in their implementation. Participants’ narratives and the group discussions suggested that where a successful fraud had occurred, this usually involved an overlap between the two categories of possessing, making or supplying articles for use in fraud and confidence fraud.
For example, whilst receiving phishing emails indicated that email addresses had been sold or used (articles for use in fraud), and this was commonplace, a fraud only occurred if these emails were then responded to. The fraud could then fall into the confidence fraud category as the victim believes the opportunity they are responding to is genuine. Similarly, articles for use in fraud were required to set up false websites but only if people were convinced by them and transferred money did a fraud occur. In addition, participant experiences also suggested that a number of different fraudulent activities were in some cases used to render the fraud successful.
Possessing, making or supplying articles for use in fraud
The types of frauds participants described that fell within this category of offence type included:
personal identity or information being used by others to purchase goods or services online;
computer viruses, spam and phishing emails being sent to them; and
accessing fake websites.
Examples of personal information being used fraudulently included people’s credit or debit card details being obtained and used by perpetrators to attempt to purchase goods online or for online gambling or where mobile phone contracts had been taken out in participants’
names.
In relation to computer viruses, there were instances where viruses had completely corrupted participants’ computers and in some cases the computer hardware as well, such as DVD drives. Viruses are used to ‘infect’ computers with software that can then be used by fraudsters to collect personal information stored or when accessed by individuals online.
Viruses can also be used to generate spam emails aimed at participants or send spam to everyone on their contact lists; keylogging viruses capture login details which are then sold on for profit. Case study 3.1 below outlines one experience of receiving what turned out to be a fraudulent spam email which also infected the participant’s PC with a virus:
Case study 3.1: Interview participant Spam email and virus
Tom, a middle-aged married man with children, regularly used the internet. He had recently experienced a virus on his laptop at home. One morning when he switched on his laptop, he was faced with a message which read ‘[name of local police], you are in violation of a Great Britain law for looking at illegal child abuse images (‘child porn’)’. The message went on to explain how if he paid a £100 fine then no further action would be taken. Tom had not been accessing illegal pornography but was going to pay the fine due to the concern he had that further action would be taken regardless. He became suspicious however and reported it to the fraud department at the local police. He found his laptop had also been infected with a virus when he had opened the fraudulent email, which took a great deal of time and effort to remove. Tom felt this was annoying, but the email accusing him of accessing illegal
pornography had a particularly negative impact:
“The other viruses, they were annoying as well but they hadn’t got that shock element ‘cause they didn’t involve the police. They didn’t involve being accused of child porn.”
Spam emails constitute material used to commit fraud, and fraudsters must also have access to email addresses or use software that automatically sends them via viruses to be able to successfully send spam. The spam emails may themselves contain viruses or be offering fraudulent goods or services. Interview and focus group participants who had received spam/fraudulent emails emphasised their legitimate and professional looking façade. The spam emails usually appeared to them to have been sent by a range of individuals and organisations they were familiar with, for example friends, lottery companies (for attempted gambling scams), the police, government departments, financial institutions and e-commerce businesses.
Finally, interview and focus group participants spoke about having accessed fake websites, which again appeared legitimate but were actually being run for fraudulent means. Examples included financial websites which pretended to be well known banks, an auction website where people could buy goods, a website offering job opportunities and a website claiming to be a well-known computer provider. Whilst these websites could constitute articles used to commit fraud, those participants who proceeded to then exchange money as a result of using the websites had consequently become victims of a confidence fraud, illustrating how a number of different fraudulent activities were used in the overall fraud experienced.
Confidence fraud is discussed in the next section.
Confidence fraud
The types of confidence fraud that interview and focus group participants had experienced fell into three broad categories: mass marketing fraud; investment fraud; and dating and romance scams.
Many variations of mass marketing online fraud were reported, the common element of most being that participants had exchanged money with a perpetrator for goods or services which never arrived or which were faulty or counterfeit. In relation to goods, participants had paid for telephones, unlocking mobile telephone software, electrical items, tickets for concerts and sporting events, a mobility scooter and gold, which they had never received. There were also instances where goods had been received, but fell far short of participants’ expectations.
Examples of services which were never received included instances of people paying advance fees for career opportunities (which turned out to be fake) or signing up to ‘free’
trials of websites which they had subsequently been unable to cancel and thereby had money withdrawn from their accounts.
There were also instances of mass marketing fraud where participants had become victims not by attempting to buy goods, but by attempting to sell them using marketplace websites.
In these cases, the goods were quickly collected by someone, face-to-face, but the participants had never received payment for the goods, which was apparently being transferred online.
As well as variations in the type of mass marketing fraud experienced, there were also variations in the ways that these frauds had been committed. In some instances, the internet was integral, with participants purchasing goods either from the types of fraudulent websites described previously, and in case study 3.2 below, or through legitimate websites which sell goods. There were also cases where participants had been specifically targeted by
fraudsters who had attempted to commit mass marketing fraud against them by initially approaching them using the telephone before moving the fraud online. An example of this was where participants had received a telephone call from a person who claimed to be from a large computer manufacturer who said that they could fix ‘errors’ on their computers in return for either a payment or giving the perpetrator access to their computer by clicking on a website link. Some participants had completed this action. Fraud falling into the category of mass marketing fraud is discussed more fully in case study 3.2 below.
Case study 3.2: Interview participant Mass marketing fraud
Mary, a middle-aged married woman with children, regularly used the internet for online shopping and researching topics of interest. She wanted to buy a satellite navigation system and did a Google search on ‘tom tom’. She clicked on the link for a bidding site which was selling a ‘tom tom’ and bought £15 worth of points so she could try and bid for one. The website looked legitimate, especially as it had the PayPal logo on display and she was used to buying items using other well-known bidding sites. When she had almost won the item her computer froze. When she refreshed her screen she had to start bidding for the item again. In the end she lost £26 before realising that the website was fraudulent.
“It looked like… I won… then my computer froze and I had to refresh the page and when I refreshed it again there was five minutes left to the end of the auction. So yeah I was like a winner and then I wasn’t a winner at the same time.”
The other two broad types of confidence fraud interview participants described were investment fraud and dating/romance scams. Common to both of these types of fraud was that, in some instances, the participants had been promised some sort of financial gain but needed to exchange considerable amounts of money in order to receive this gain. Both types of fraud also involved repeated communication between the perpetrator and victim, however, romance/dating scams were very personal, as opposed to professional in the nature of their communication.
An example of investment fraud included an African share investment fraud where the perpetrator emailed the participant to let them know that a previous investment they had made had resulted in a large profit. However, in order to release the funds the participant was told to send a series of financial payments.
Participants who had experienced romance scams met the perpetrator through online dating sites. They had then been asked to send money to the perpetrator for various fabricated reasons. For example, they had been told that they needed to send a sum of money to release the perpetrator’s luggage which had been impounded and in turn contained a large sum of money that could be used to pay them back.