Draft
bachris
Bassono_FinalReport.pdf
FINAL REPORT
Christophe Bassono
Omaha, NE 68182-0694
21st September 2018.
Amanda L. Gutierrez,
Omaha, NE 68182-0694.
Dear Ms. Amanda Gutierrez,
SUBJECT: THE TRANSMITTAL LETTER
As it can be seen in the present society, many workplaces have turned their operationsfrom
manual to online. Consequently, this has led to the rise in online workplace scams that are
experienced on day to day basis. Therefore, this letter targets to address employees in various
institutions to make them aware of the dangers they are exposed to as a result of online scams.
On this final draft, I have structure my information in level one and level two. Level one is in
red without indent and has size 16. In level two I have black bold with size 14 recent decades,
the rise in technological use has led to many organizations transforming from analog to digital.
Currently, most organizations carry out their transactions and other communications via online
means. It is, therefore, necessary for workers within these organizations to know that they are
exposed to various forms of frauds including the friendly fraud, the clean fraud, online
intellectual property, identity theft, phishing, credit card fraud, and hacking.
In conclusion, it is essential for workers to ensure that they are aware of the dangers theyface
while doing business activities online and how they should cope with the situations if they
become victims. Workers should receive proper training towards the same since such online
scams could cost them or their organizations a significant loss.
FINAL REPORT
How to Avoid Internet Scams at the Workplace
Christophe Bassono
CIST3000:
Advanced Composition IS&T
Amanda L. Gutierrez, M.S. & M.A
UNO-Fall 2018
FINAL REPORT
2
How to Avoid Internet Scams at the Workplace
Christophe Bassono
CIST3000:
Advanced Composition IS&T
Amanda L. Gutierrez, M.S. & M.A
FINAL REPORT
i
Contents List of Tables .............................................................................................................................................. 5
Executive Summary .................................................................................................................................... 6
1. Introduction......................................................................................................................................... 7
2. Definition ............................................................................................................................................ 8
3. Numbers on Online Fraud ................................................................................................................. 10
4. Types of Online Fraud and How They Occur ................................................................................... 12
4.1. The Friendly Fraud ................................................................................................................ 12
4.2. The Clean Fraud .................................................................................................................... 13
4.3. Online Intellectual Property Theft ......................................................................................... 13
4.4. Identity Theft ........................................................................................................................ 14
4.5. Phishing ................................................................................................................................ 15
4.6. Credit Card Fraud .................................................................................................................. 15
4.7. Hacking ................................................................................................................................. 15
5. Prevention of Online Fraud ................................................................................................................... 16
4.9. Keep Financial Data Separate ................................................................................................... 16
4.10. Know who is asking .............................................................................................................. 17
4.11. Protect your computer ........................................................................................................... 17
4.12. Keep your passwords secret .................................................................................................. 17
5. Conclusion ........................................................................................................................................ 18
6. References......................................................................................................................................... 20
FINAL REPORT
ii
List of Tables
Fig 1: A table showing growing cases of identity theft and fraud reports in U.S
Fig 2: A graph showing the growing cost of frauds in the U.S. from 2010 to 2014
iii
FINAL REPORT
Executive Summary
The cases of internet scams at the workplaces have increased significantly over the past decades.
The sudden increase has been attributed to the technological advancements whereby most
organizations prefer carrying on most of their activities via the internet. There are various online
frauds that are experienced at the workplace on day to day basis. Examples include, the clean
fraud, the friendly fraud, online intellectual property theft, identity theft, phishing, credit card
theft, and hacking. Therefore, based on these prevalent figures regarding online fraud at
workplaces, institutions that use the internet while offering services to their clients need to be
aware of the risks they are exposed to. Employers need to inform their workers of their
vulnerabilities while dealing with online transactions and other services and then show them
some of the ways they can evade these issues. It is also necessary for organizations to educate
their workers how to handle such issues in case they become victims.
1
FINAL REPORT
Introduction
The best defense against workplace Internet scamming is to have awareness of the cyberscams
that have significantly increased in the modern Internet world (Cacciottolo, & Rees,
2017). It is vital for an individual to be aware of the various vulnerabilities they may be exposed
to while using the Internet at the workplace. Just because one is at the workplace does not imply
that they are safe from cyber frauds. Most scammers usually spy on organizations to familiarize
themselves with the activities and processes that are conducted within these organizations.
Someof the cases where Internet scamming is experienced in organizations include Mandate
FraudAttacks (Cross, & Kelly, 2016). In this case, the right back specifics of a client can be sent
to anoffender. The offender sends an email allegedly containing new bank particulars of a client
to theworkplace. The employee at the workplace could then fall into the trap and send back the
correctparticulars of the client. Due to such like cases, it is vital that the employee crosschecks
thestrange payment orders for money transfers. In cases whereby an employee does not have a
clearawareness about the transactions, it is necessary that they request for clarification from the
management. If it becomes clear that an incorrect transaction has been conducted, the
organization should inform the respective bank as soon as possible. Such amongst many others
are examples of cyber scam cases that are being experienced at the workplace on a day to day
basis. Numerous organizations handle personal and sensitive information of their employees and
clients. The organization is mandated to ensuring that this information is kept safe from online
hackers and other scammers. Failure of an organization to secure the personal and sensitive
information of their clients and workers could lead to negative consequences within its
operations. For instance, clients may lose their trust in the organization since no individual could
wish her or her information to be lost to fraudsters. Therefore, this report is targeted to educating
2
FINAL REPORT
organizations regarding the vulnerabilities they are exposed to. The management of any
institution should work towards ensuring that they create awareness to their employees regarding
the possible scam cases they may come across.
Purpose
The objective of this report is to create an insight of the numerous cases of internet scams
atthe workplace and how these cases could be minimized or scrapped off. This section
outlines howthe researcher envisions presenting the report. The outline demonstrates the
different sections inwhich the report will be broken into and the information that will be
contained in each section.The report starts the definition of terms related to online fraud
at the workplace. Secondly, ithighlights the history of online fraud at the workplaces
whereby it provides the various cases thathave been gathered around the world regarding
workplace cyber fraud. After that, the report statesthe numbers of online frauds that have
ever been reported at workplaces. Such creates a picture ofhow most workplaces are
vulnerable to online frauds (Cross, & Kelly, 2016). The report then goesfurther to state the
types of online frauds and how they occur. In this case, it highlights the possibleways online
frauds can lure their prey and the names given to these methods. The fifth section ofthe
report covers how to prevent online scams at workplaces. The section provides some of
themethods that organizations and firms can use to minimize or scrap off the online
scams. Lastly,the report ends with a conclusion which summarizes the entire contents
outlines in the introductionand the body.
Definition Online fraud refers to deceitful schemes that are done using the internet. Online fraud
maycome in the form of financial theft, identity theft or a combination of both.
3
FINAL REPORT
History of Online Fraud
An influx of online fraud began to be experienced in the 1990s with the increased
technology use and e-commerce. In the beginning, online fraud was done by using the names of
famous celebrities of the time to commit internet crimes. Over time, more technical and
sophisticated plans were developed such as creating card-generator applications with real credit
card numbers, setting up dummy merchant websites and mass identity theft. Today, despite
attempts by various governments to regulate and mitigate online fraud, more sophisticated online
fraud schemes have been established ranging from credit card fraud to phishing, hacking, and
identity theft (Saeger & Probert, 2015).
In the recent past, computer fraud has evolved through a series of advancements outplaying the
traditional security defenses such as the two-factor authentication, antivirus, and SSL
encryption in the process. Zeus and SpyEye are the most common attack tools used by hackers
since they support the gathering of vast volumes of extremely sensitive authentication data. It has
been established that no single application is immune to attacks and the malicious attackers are
focusing more on online banking accounts because they offer most direct payoff. Online fraud is
based on three core technologies: the botnet controllers capable of handling hundreds of thousands
of bots, highly effective data collection, and sophisticated Trojans that are updateable. Form
grabbing for PCs running IE/Windows has been a simplified approach for fraud. The technique
helps attackers to extract data within browsers. The deployment of form grabbing on compromised
PCs allowed hackers to obtain numerous numbers of online bank account IDs and passwords. The
password-based authentication was termed no longer safe for online banking prompting the
introduction of two-factor authentication (Mellinger, 2011). Nevertheless, criminals still found the
loophole that helps them to challenge the security of two-factor authentication through web injects.
4
FINAL REPORT
Malicious attackers that promote online fraud have created various techniques. As a result, efforts
to combat crime ware have been put into place. Computer fraud jeopardizes our security, privacy,
and anonymity. There is the need for cybercrime analysts to find out the extent to which malware
attacks and viruses have affected our technologies to ensure damage control (Mellinger, 2011).
Moreover, they should develop new approaches to controlling the spreading of computer fraud in
daily operations. Besides, government agencies need to increase their accountability by
bankrolling an anti-crimeware program and detecting all forms of online fraud.
Numbers on Online Fraud
The numbers of online fraud have reached a record high as of the year 2017. The top fraudof
2017 has been reported to online imposters with at least one in every five people having
been duped by fraudsters. A whopping three hundred and twenty-eight million has been
lost through this form of online fraud (Vaca, 2018). Identity theft and credit card theft has
also been reported to be among the top forms of online fraud. Sixty-three thousand people
reported tax fraud in 2017. In 2017, the total amount of money lost to online fraudsters in
the United States was recorded as nine hundred million dollars, a seven percent increase
from the amount lost in 2016. Cacciottolo and Rees (2017) report that in the United
Kingdom, over three thousand eight hundred online dating fraud victims had lost over
thirty-nine million dollars in 2016 to online fraudsters. Recent studies have illustrated that
cases of internet scam are on the rise. These cases have accounted to loss of more than
$100 billion by companies and individuals. Internet scammers continue to develop
diverse ways to blackmail or defraud individuals without their knowledge. Both
professionals and non-professionals are susceptible to online fraud and this complicates the
issue. According to the Scam Tracker by the Better Bureau reports, computer fraud has
continued to escalate in the recent past with over 46,000 cases reported in 2007 in the
United States and more than 30,000 cases had been reported by mid-August in 2018
(Wagner, 2018).
FINAL REPORT
5
The graph below illustrates the growing cases of internet fraud in the U.S. (Wagner, 2018)
Fig 1.A graph showing growing cases of internet frauds in U.S. Source: Facts + Statistics
Fig 2.A graph showing the growing cost of frauds in the U.S. from 2010 to 2014. Source: Facts +
Statistics
6
FINAL REPORT
Types of Online Fraud and How They Occur
According to Rampton (2015), online payment fraud is continuously growing. A
significant share of the fraudulent transactions emanates from mobile commerce. E-commerce
fraud also referred to as purchase fraud happens when a fraudster approaches an innocent party
and recommends a business transaction by application of fraudulent means such as fake or stolen
credit card. In the process, the merchant is left unpaid during the business transaction. Online store
owners are more exposed to online fraud. The continuing advancement of technology jeopardizes
payment methods and the data processing systems in most institutions. Often, online fraud
occurred when a credit card got lost or its information was not stored securely, but the card-not-
present (CNP) frauds have continued to grow recently. Fraudulent orders have increased from
1.58% in 2017 to 1.8% in 2018 in terms of the percentage of total revenue loss in online stores.
The most common types of e-commerce fraud include friendly fraud and clean fraud.
The Friendly Fraud
The friendly fraud occurs when a client buys a product or pays for some services with their
personal credit card, and issues a deliberate chargeback arguing that the product or services
were never received or claims that they never made these charges. Online business
supports friendly fraud as it allows customers to perform reverse transactions (Bumbiere,
2018). In most cases, chargebacks are allowed to safeguard clients from online scams, but
customers have started taking advantage by using it in place of refunds. The credit card
companies continue to suffer from the narrative that the customer is always right as they
place the burden of proof on retailers during these dubious transactions. Friendly Fraud
can be prevented through various means. The client must take responsibility by ensuring
that the credit card distributor matches the business name.
7
FINAL REPORT
Most often, the chargeback fraud takes place when customers fail to identify the name
of thecompany on their card statements. Customers are advised to use shipping with
tracking since itmakes it easier to provide evidence where the products were delivered.
Moreover, it is vital to
ensure there are clear reshipping, return, and refunds policies before making any transactions.
The Clean Fraud
The clean fraud takes place when a stolen credit card is used to make a purchase. It needsa
high skill and expertise to happen. The clean fraud is regarded as the ultimate doppelganger
sinceit appears like a genuine transaction with good billing, shipping, and IP addresses
together withcomplete and verified card data (Bumbiere, 2018).
The clean fraud entails four steps. First, thecriminals obtain the cardholder information
through data breaches and card skimming. Second,during the purchase, the fraudsters
utilize the card’s information by impersonating the cardholdermaking online purchases.
Thirdly, believing the transaction is legitimate; the merchant accepts thesale and processes
payment. Lastly, the merchant is pressurized for chargebacks and lostmerchandise
when the fraud is found out. For small retailers, avoiding clean fraud will requireregular
software updates since it can bypass the fraud detection tools easily. Smaller retailers
areadvised to use the free trial plans of the fraud detection software during holidays from
companiessuch as Kount, Signifyd, and Sift Science. Huge retailers have the resources
required to purchasethe fraud detection software, and they need to buy them even though
they are extremely pricey.Retailers must be keen during any transactions, and this can
help to detect some of the cases. Online fraud occurs in various ways. Some of these
include online intellectual property theft,
identity theft, phishing, untrustworthy websites, credit card fraud, and hacking.
8
FINAL REPORT
Any author or creator of information has intellectual property rights to their material,
whichprohibits other users from using or publishing the material without the owner’s
consent. Today,online fraudsters use this material on their own sites without the
owner’s permission. This is calledonline intellectual theft. It can therefore be argued that
most of the online stores for books andother publications lose the materials with
intellectual property rights to fraudsters who access themwithout the authors’ permissions.
Online Intellectual Property Theft has emerged a threat to many
authors whose publications have been stored on online bookshelves.
Identity Theft
Identity theft occurs when a fraudster steals another person’s personal information such as
names, address, birth-date, and account details and uses the stolen information to create an
identity under which they hide when committing fraud. It is mostly experienced in
organizations which store their clients’ details such as banks, insurance companies, and so
on. The fraudsters could use this information to access the client’s bank accounts and other
sensitive stuff that could bring a big loss to the client and the company. Identity theft is
categorized into two groups including account takeover and true name identity. True name
identity implies that the fraudster uses personal info to create new accounts. On the other
hand, account takeover implies that the scammer uses personal info to access one’s
existing accounts.
FINAL REPORT
9
Phishing Phishing is a fraudulent activity that attempts to obtain access a person’s sensitive info
includingpasswords, credit cards, account information, and usernames. It occurs through
deceive emails orwebsites that are created by the fraudsters to lure people into producing their
personal information..Fraudsters may trick organizations into providing their client’s
particulars by pretending to be theowners of the information to be sent. The fraudsters
then use this information unlawfully by defrauding the unsuspecting users (Cassim, 2014).
Credit Card Fraud
This fraud occurs once a person enters their credit card details on deceitful websites.
Fraudsters create deceitful cites which appear like genuine cites that lure persons
into entering their confidential information into the cites and thus obtain their details
illegally. Fraudsters then use this information to make unlawful purchases without the
owner’s permission
10
FINAL REPORT
Hacking
This entails gaining illegal entry into a computer system. Hackers use unauthorized meansto
access various databases or networks in organizations to retrieve information from clients
andother workers. This enables the hacker to steal money or carry out other unlawful
dealings without exposing their actual identity.
11
FINAL REPORT
Prevention of Online Fraud
Various things can be conducted by organizations and workers to avoiding becoming victims of
internet fraud.First,employees in an organization should monitor and be conscious of people
should use different passwords for their accounts and choose long strong passwords, which
may not be hacked easily. Secondly, even though there may be many legitimate sellers online,
one should be keen on whom they give their information. Before clicking on any linkd, one should
make the habit of running a full scan with their antivirus software .
Know who is asking
Financial institutions such as banks do not send sensitive emails or messages asking for
personal information such as social security numbers. These institutions disapprove any
attempts to verify account information using this approach. People should understand the
safety associated with not sharing personal information such as account numbers, social
security or tax ID numbers,passwords or log in information through email or text. An
individual can only share his/hersensitive information to a bank through the bank’s secure
online banking platform. Any email that asks for sensitive information is illegitimate and
people should verify its authenticity before replying or sending personal details.
Protect your computer
Cyber-attacks have been on the rise recently. Installing antivirus software, therefore, is
important to any computer or network. Users should regularly update their software to
safeguard their computers from computer viruses. Software such as anti-spam software aids
in preventing spam and junk email from entering into the inbox of emails and this protect
against phishing emails. Besides, every computer should be installed with a firewall as it
avoids unauthorized persons, viruses, or malware, from access. The anti-spyware software,
nonetheless, blocks the spyware installation on your computer thus redirecting malicious
websites or pop-ups.
12
FINAL REPORT
Passwords Protection
Computers users should avoid sharing their passwords. Additionally, always leave any
documents with financial data in a secureplace. Changing passwords on a regular basis
help to improve the protection and it is necessary to combine numbers, letters, and
special characters. Administrators should change password and the default SSID of the
wireless network on a regular basis.
13
FINAL REPORT
Conclusion
Evidently, online fraud poses a big threat to organizations as well as individuals. The
vice has caused businesses and individuals millions of dollars each year. With increased
internet usage,fraudsters continue to device newer and more sophisticated ways of
committing online fraud.Advancement in the technologicaluse has led to numerous
organizations conducting most of theirtransactions through online means. Such implies
that they also face big risks of experiencing onlinescams.It is, therefore, important for
every individual to be more aware of the various forms inwhich online fraud may occur.
This way, they are in a better position to save themselves frombeing victims of online
fraud. Apart from increased consciousness whileusing the internet andmonitoring where
their personal information goes, it is also important that organizations invest ina current
security system which is able to protect their information from hackers and
fraudsters.Furthermore, organizations shouldmake their employees understand the
various kinds of onlinefrauds they maycome acrossin the midst of their jobs to prepare
them andahead of thesescamsand make them ready to tackle such issues whenever
they arise(Cross,& Kelly,2016).Businesscorporations should implement measures to
prevent the online fraud cases because of the damagesand losses that they can cause.
As illustrated, companiescan adhere to various approaches such asinstalling the
anti-virus software, adware software, and anti-spyware for protection.
Nevertheless,firewall installation allows necessary connections and protects computers
from viruses, malware,and hackers. Regular updates of software help in maintenance
and increase thinformation of clients and destroy the reputation of companies. Businesses
should create atrustworthy environment if they want to succeed both in the short-term and
long-term. However,this can only be attained if organizations ensure that they do not become
preys to the numerousonline attacks that are increasing with the enhancement in technology.
FINAL REPORT
References 14
Bumbiere, E. (2018, October 23). The Basics of Ecommerce Fraud - What It Is and How To
Manage It | Blog - Printful. Retrieved from https://www.printful.com/blog/the-basics-of-
ecommerce-fraud-what-is-it-and-how-to-manage-it/
Cacciottolo, M. & Rees, N. (2017). Online dating fraud victim numbers at record high. Retrieved
from https://www.bbc.com/news/uk-38678089
Cassim, F. (2014). Addressing the specter of phishing: are adequate measures in place to protect
victims of phishing? The Comparative and International Law Journal of Southern Africa,
47(3), 401-428.
Cross, C., & Kelly, M. (2016). The problem of "white noise": examining current prevention
approaches to online fraud. Journal of Financial Crime, 23(4), 806-818. Goldsmith, J.
(2007). Who controls the Internet? Illusions of a borderless world. Strategic Direction,
23(11).
Insurance Information Institute. (2018). Facts + Statistics: Identity theft and cybercrime | III.
Retrieved from https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-
cybercrime
Mellinger, P. (2011, November 7). Crime and malware: A short history of computer fraud.
Retrieved from https://www.computerworlduk.com/security/crime-and-malware-a-short-
history-of-computer-fraud-3316463/
FINAL REPORT
15
Rampton, J. (2015, April 14). How Online Fraud is a Growing Trend. Retrieved from
https://www.forbes.com/sites/johnrampton/2015/04/14/how-online-fraud-is-a-growing-
trend/#c596a495f7f7
Saeger, D. A., & Probert, C. (2015). Ponzi scheme: Learn to detect scams and take care of your
money.
Vaca, M. (2018). The top frauds of 2017. Retrieved from
https://www.consumer.ftc.gov/blog/2018/03/top-frauds-2017 Wagner, P. (2018, August
14). Infographic: Internet Scamming is on The Rise. Retrieved from
https://www.statista.com/chart/15069/number-of-internet-scams-in-the-us/
