310                                                     10  E-Commerce Security and Fraud Issues and Protections

              Any e-mail you receive asking for personal details is most   For information and protection, see idtheftcenter.org and
           likely a scam or phishing attempt since a legitimate organiza-  fdic.gov/consumers/theft.
           tion will already have all your personal information. For tips
           from Yahoo! on how to protect yourself online, see Yahoo!
           Safety (safety.yahoo.com).                           Cyber Bank Robberies

                                                              Cyberattacks can happen to individuals and organizations,
             Top Ten Attacks and Remedies                     including banks.

           IT security site Secpoint.com provides a list of the top ten  Example: Secureworks.com
           security-related attacks on the following topics: Top viruses,  Secureworks.com uncovered the following check fraud opera-
           spyware, spam, worms, phishing, hacker attacks, and hack-  tions: Russian cybercriminals used “money mules” (people
           ers and social engineering tactics. In addition, the site pro-  who thought they were signing up for a legitimate job), 2000
           vides related pages on IT security resources such as the top  computers, and sophisticated hacking  methods to steal archived
           ten hackers; top ten security tips and tools; pages relating to  check images from five companies, and wire the collected
           Anti phishing, Anti DoS, Anti spam, and more. For SecPoint  money overseas.
           IT resources for top ten spam attacks, see secpoint.com/Top-   Next, the scammers printed counterfeit checks, which the
           10-Spam-Attacks.html.                              money mules deposited in their own accounts.  Then, the
                                                              mules were ordered to wire (transfer) the money to a bank in
                                                              Russia. The “mules,” as usual, were innocent people who
             Identity Theft and Identify Fraud                were hired and paid to do the transfer. Some of the mules
                                                              became suspicious and reported the scam to the authorities.
           Identity theft, according to the United States Department of
           Justice website, is a crime. It refers to wrongfully obtaining
           and using the identity of another person in some way to com-    Spam Attacks
           mit crimes that involve fraud or deception (e.g., for economic
           gain). Victims can suffer serious damages. In many countries,  E-mail spam, also known as  junk e-mail or just  spam,
           it is a crime to assume another person’s identity. According  occurs when almost identical messages are e-mailed to
           to the U.S.  Federal  Trade Commission (ftc.gov), identity  many recipients in bulk (sometimes millions of unsolicited
           theft is one of the major concerns of EC shoppers. According  e-mails). According to Symantec, in April 2009, over 90%
           to the FTC statistics, identity theft affects over 12 million  of messages on corporate networks were e-mail spam.
           Americans each year, for a loss of over $55 billion, and is  Nearly 58% of spam came from botnets, the worst called
           growing about 20% annually. For an entertaining comedy,  Dotnet. The situation is better today (2016) due to improved
           see the 2013 movie “Identity Thief.”               filtering of junk mail. Spammers can purchase millions of
                                                              e-mail addresses, and  then format the addresses,  cut and
           Example                                            paste the messages and press “send.” Mass e-mail software
           According to Constantin (2016), identity thieves stole 100,000  that generates, sends, and automates spam e-mail sending is
           social security numbers and other personal data from the U.S.  called  Ratware.  The messages can be advertisements (to
           IRS files.                                         buy a product), fraud-based, or just annoying viruses. For
                                                              current statistics  on spam, see  securelist.com/statistics.
             Identity Fraud                                   Securelist is a comprehensive site that also provides descrip-
                                                              tions of spam and viruses, a glossary, and information on
           Identity fraud refers to assuming the identity of another per-  threats. More than 130 billion spam e-mails are sent each
           son or creating a fictitious person and then unlawfully using  day as of 2013, but this growth rate has stabilized. Note that
           that identity to commit a crime. Typical activities include:  approximately 80% of all spam is sent by fewer than 200
                                                              spammers.  These spammers are using spyware and other
           •  Opening a credit card account in the victim’s name  tools mostly for sending unsolicited advertising. The spam-
           •  Making a purchase using a false identity (e.g., using anoth-  mers are getting more and more sophisticated (e.g., see
              er’s identity to buy goods)                     Kaiser 2014).
           •  Business identity theft is using another’s business name to
              obtain credit or to get into a partnership        Typical Examples of Spamming
           •  Posing as another to commit a crime
           •  Conducting money laundering (e.g., organized crime)  Each month Symantec provides a report titled “The State of
              using a fake identity                           Spam: A Monthly Report.” The report provides examples of