National Police and Security Officers' Association of America

Internet Fraud: A Perspective
Strees Reduction Room
If Your Sure That You Really Want To Be A Cop? Click HERE!
Animal Abuse - Animal Cruelty and the SPCA Humane Police
Internet Fraud: A Perspective
Armed Robbery Training For Police and Security Professionals
Detecting Deception or Identifying Lies In Disguise? Both!
Insurance Investigation Self-Study and Training
A Career in Security Consulting with Self-Training via Home Study
A Career For You As A 911 Dispatcher
Bomb Countermeasures CD-ROM
NPSOAA General Training Library Order Form
Criminal Justice Ethics 2004 ... and Beyond
PACT - People Against Car Theft, Incorporated
Kings Knight Chess Club Incorporated
Make-A-Wish Foundation of New Jersey, Incorporated
The NPSOAA Wall of Honor
Sincerely Dedicated to Those Who Have Gone To Make a Place For Us

From The New Jersey State Attorney General





John Kenneth Galbraith once observed that the man who is admired for the ingenuity of his larceny is almost always rediscovering some earlier form of fraud.


Nearly all of the fraudulent schemes found on World Wide Web sites and in e-mail are simply revised versions of tried and true telemarketing or mail frauds that have been fooling the unwary and the gullible greedy for centuries.


The schemes involve high-pressure sales tactics, refusal to provide written information, and unrealistic claims of potential profits or earnings. Perpetrators take advantage of the culture of benevolence and trust on the Internet, as well as the multitude of opportunities presented by instant access to millions of potential victims. Thus, the need to be vigilant and report wrongdoing is greater than ever.


The National Consumers League (NCL) operates the National Fraud Information Center, which estimates that there are 14,000 illegal telemarketing operations bilking U.S. citizens of at least $40 billion annually. Meanwhile, the proportion of fraudulent activity attributable to online schemes is growing almost exponentially. For example, Internet Fraud Watch (IFW), also operated by the NCL, reported that the number of Internet fraud complaints it received rose recently by 600 percent, from 1280 in 1997 to 7,439 in 1998.


In the first six months of 1999, IFW received over 8,000 complaints.


The Internet has created a whole new set of opportunities for

defrauders and problems for law enforcement. It is a powerful tool helping swindlers overcome their two greatest challenges: identifying victims and contacting victims.


What is striking is the size of the potential market and the relative ease, low cost and speed with which a scam can flourish over the Internet. Victims may never have the opportunity to see or even speak to the defrauder.


Eileen Harrington, Associate Director for Marketing Practices of the Federal Trade Commissions Bureau of Consumer Protection, testified that online defrauders benefit from the very characteristics that make e-commerce grow: anonymity, the distance between the buyer and the seller, and the instantaneous nature of the transactions. She added, Fraudulent operators on the Internet take advantage of the fact that this marketplace is still a confusing one to consumers. Ms. Harrington emphasized the confounding speed of online scams.


I think that with the Internet as the medium, everything happens more quickly. The business sets up more quickly. They change identities more quickly. I mean, you can throw up a new Web site in an hour. It just has moved things to kind of a warp speed. So you find that the life-span of one of these frauds is much shorter than might have been the case where the frauds turned out to rent office space, get phone lines, [and] do all of those sorts of things. We find more and more that these scams are operating out of homes.


Noting that fraud over the Internet requires access to some form of payment system, just as every other kind of fraud does, Ms. Harrington urged consumers to pay for their online purchases by credit card. She explained that consumers have important federal rights that protect them from being held liable for unauthorized and fraudulent transactions if they pay by credit card.


Susan Grant, Vice President for Public Policy of the National

Consumers League (NCL) and Director of the NCLs National Fraud Information Center and Internet Fraud Watch programs, testified as to why consumers must take extra care in cyberspace:


I think that people sometimes get so excited about the novelty of

the Internet that they lose sight of the same common sense that

they would use if somebody knocked on their door in the middle of

the night offering them something, and it was a stranger, or if

they got a telephone call out of the blue from somebody that they

didnt know.


Theres a lot of talk about community on the Internet as though

its one big happy place with everybody dedicated to the pursuit

of knowledge and sharing information with each other, but in

fact, just like any community, there are bad guys lurking in the

alleyways. People need to be cautious. Its no reason not to use

the Internet.


And actually, I think its ironic that, for instance, we see a

decreasing amount of credit card use for payment compared to

things like checks and money orders, and yet the credit card is

the safest way to pay because of your legal dispute rights.


I think that people may be so worried about giving their credit

card information on the Net, even though with the encryption

programs that are in place, its really, from what we can see,

relatively safe. And theyre not sufficiently worried about who

it is that theyre doing business with at the other end.


Online auctions alone are expanding e-commerce rapidly. Gomez

Advisors estimates that in 1999 online auctions connected 7.4 million buyers and sellers transferring goods worth $4.5 billion.


The.independent firm, which rates Web sites for consumers, expects online auction sales volume to exceed $9 billion in 2000. According to IFW, online auction complaints led all others with 68 percent of the

Internet-related fraud complaints it received in 1998. Auctions also

were first in 1997 with 26 percent.


During the first six months of 1999, IFW received 5,287 auction complaints, surpassing the 5,236 it received in all of 1998.  IFW reported that 93 percent of payments in response to fraudulent Internet schemes were made offline by check or money order sent to the defrauding company. By and large, consumers failed to follow the safest course, which is to pay by credit card so that the charges can be disputed if there is a problem. Giving cash, a check or, worse, a bank-account number can make it impossible to get a refund from online vendors.


Since online auction sellers often lack proper equipment to take credit card payments, IFW recommends that buyers use escrow services, which hold payment from the buyer and only pass the money along to the seller after verification that the goods or services were satisfactory. Insurance is another safeguard that sometimes proves beneficial.


Once online, consumers are bombarded with unsolicited commercial e-mail (known as "spam") advertising everything from legitimate services to fraudulent investment schemes. Millions of messages can be sent out in a very short period.


Although schemers can easily purchase e-mail address lists from companies that do business online, they also can use harvester software to conduct worldwide searches of Usenet newsgroups, Internet directories and chat rooms in a very short amount of time.


In this way, they can collect thousands of e-mail addresses for individuals likely to be vulnerable to certain types of schemes.


Others pirate names and e-mail addresses from membership directories of Internet service providers.

Spammers also use software that generates e-mail addresses at random. Thus, people can get spam even if they have never made online purchases or entered chat rooms.


Web sites abound offering both legitimate and fraudulent products and services. Since buying online essentially is buying sight unseen, the honesty of the seller is paramount. This is particularly important in the booming online auction business.


The rapid growth of e-commerce has significantly transformed the

U.S. securities industry. In 1998, about 14 percent of all securities

trades were conducted online compared with virtually no such

transactions in 1995.


However, this understates the impact on the small investor because approximately 37 percent of all individual trades are now online, up from 17 percent in 1997. Three million people had online trading accounts in March 1999, a number expected to reach 14 million by 2001.


Online investing is generally a positive development, giving

investors unprecedented access to company and investment information and individual trading services.


As in other areas, however, the Internet has provided dishonest operators with an efficient medium to defraud investors. The U.S. Securities and Exchange Commission reported a 330 percent increase in complaints regarding online investments in 1998.


Its Office of Internet Enforcement receives between 200 and 300 complaints every day, of which 70 percent allege Internet securities fraud. Many investors have not developed proper skepticism about the quality some of the information they encounter online.


Robust education is even more important for cyberspace consumers than it is for those buying in other marketplaces. The average consumer has difficulty distinguishing between legitimate Web sites and those that are scams. Anyone can put up on the Web a reputable looking site.


Criminals forge header information to mask their identities and locations. Some cyber-crooks use "throw away" accounts (easily created and discarded free accounts) and forged headers to make it appear that testimonial e-mail and postings come from many different people rather than from the crook himself.




Common fraudulent schemes found on the Internet and elsewhere



_ Online Auction Frauds. Sellers may not deliver items, or their value may be inflated. Sometimes shills drive up the bids. In early 1998, the National Consumers League placed auction frauds at the top of its list of Internet scams and cautioned consumers to investigate any auction site before placing a bid. The FTC, which received approximately 10,000 complaints about Internet auction fraud in 1999, has issued similar warnings.


Online auction buyers can guard against fraud by placing payments in escrow accounts rather than sending them immediately to the sellers. For details, see i-Escrow® at


Alternatively, using a charge card makes it easier to obtain a refund. Also, some auction sites, such as the popular eBay, sell fraud insurance. Ebays Fraud Prevention Department takes complaints from its Community Watch program and proactively monitors and suspends accounts. Transgressors are referred to government authorities.


_ General Merchandise Rip-offs. These involve sales of everything from T-shirts to toys, calendars to collectibles. The goods are never delivered, or they are not as advertised.


_ Bogus Sales of Hardware or Software. Purchased computer

products may never be delivered, or they may not be as represented.


_ Shady Sales of Internet Services. There may be charges for

services that were touted as free, failure to deliver on promised services and false representations of services.


_ Work-at-Home Schemes. Two popular versions offer the chance

to earn money by stuffing envelopes or assembling crafts at home. However, nobody is paid for stuffing envelopes or craft assembly since promoters, claiming the work does not meet their "quality standards," usually refuse to buy the finished product.


_ Business Opportunity Scams. These promise significant income for a small investment of time and money in a business often a franchise. Some are actually old-fashioned pyramid schemes

camouflaged to look like something else.


_ Chain Letters, Pyramid Schemes and Ponzi Schemes. Any profits are made from recruiting others, not from sales of goods or

services to end-users.


_ Guaranteed Loans or Credit on Easy Terms. Some schemes offer home equity loans, even for those who lack equity in their homes. Others offer guaranteed, unsecured credit cards, regardless of the applicants credit history. The "loans" turn out to be lists of lending institutions, and the credit cards never arrive.


_ Credit Repair Frauds. Sometimes called file segregation,

these schemes are pitched over the Internet and e-mail to consumers with poor credit histories. They lure consumers into

breaking the law by creating fake credit histories with substitutes for their genuine social security numbers. Consumers pay fees as high as hundreds of dollars to the so-called credit repair companies. They are then instructed to apply to the IRS for a taxpayer or employee identification number, which is then substituted for their nine-digit social security number. Thus, the credit repair scams actually turn

gullible consumers into criminals by advising them to use false identification numbers to apply for credit.


Scam operators also offer to clean up credit histories for exorbitant prices. The reality is that consumers can obtain information about their credit history and correct inaccuracies for free. If a credit report is accurate, it cannot be fixed. By federal law, credit repair organizations must give customers a copy of the pamphlet "Consumer Credit.74 File Rights Under State and Federal Law" before a contract is signed.


_ Advanced Fee Loans. These scams prey upon peoples

desperation to obtain loans. Operators claim that for a fee they can find loans despite the victims poor credit history. They also claim to be able to provide favorable interest rates or other advantageous terms. Upon paying the advance fee, however, the victim never hears from the scammer again.


_ Employment Offers and Easy Money Schemes. Phony offers such as "Learn How to Make $4,000 in one day," or "Make unlimited

profits exchanging money on world currency markets," appeal to

the desire to get rich quickly.


_ Bulk E-Mail Scams. Victims are sold lists of e-mail addresses

and software with the claim that this will enable them to make money by sending their own solicitations via bulk e-mail. However, the lists are of poor quality; sending bulk e-mail violates the terms of service of most Internet service providers (ISPs); virtually no legitimate businesses engage in bulk e-mailings; and several states have laws regulating the sending of bulk e-mail.


_ Health and Diet Scams. These bogus cure-alls are just electronic snake oil.


_ Get Something Free Scams. Consumers pay membership fees to "qualify" to obtain free items, such as computers or long-distance

phone cards. After paying the fees, they learn that they do not qualify until they recruit other "members."


_ Fraudulent Stock Offerings and Market Manipulation.In

investment fraud, perpetrators...

(1) create a classy-looking but phony Web page, complete with official-looking emblems, to lure investors;

(2) create enthusiastic endorsements from non-existent customers; (3) send spam to potential investors with a hyperlink to the phony Web site; and

(4) create phony online buzz about the investment in bulletin boards linked to the Web page, discussion forums, chat rooms, and sham or bribed newsletters. In market manipulation pump and dump schemes, individuals who own a companys securities spread positive but false information about the company to increase investor

interest and drive up the price of the securities.


The individuals then sell their securities at a quick profit, while later investors face large losses when the price of the inflated securities declines.


One new fraud involves impersonating legitimate brokerage-firm Web sites. Investors believe they are sending money to the broker when, in fact, the address is a post-office box. When authorities detect them, the perpetrators merely shut down the Web site and

impersonate the same or another brokerage firm using a different Web address and another post office box.


_ Stock Day-Trading Abuses. Stock day trading sometimes

involves false advertising or failure to ensure that people have enough money to trade. Ordinary people can gamble on short-term changes in stock prices from firms trading floors or from home computers equipped with special software. It is very easy for day traders to make mistakes and lose a lot of money, even though they are not defrauded. With huge returns commonplace in the stock market, many people are no longer investing. They are gambling, which makes them more vulnerable to a con game.


_ Cable Descrambler Kits. For a small initial investment one can buy a kit enabling the receipt of cable television without paying the subscription fees. However, the kits usually do not work, and stealing cable service is illegal.


_ Vacation Promotions (Prizes, Certificates, Clubs, Etc.).E-mail

informs consumers that they have been selected to receive "luxury" vacations at bargain-basement prices. However,  accommodations are not deluxe and upgrades are expensive. If the seller can delay the travel for 30 to 60 days, it is harder for a buyer to get a credit-card refund. Consumers need to find out if the seller is a travel agent belonging to the American Society of Travel Agents, whose members subscribe to an ethics code and pledge to help resolve complaints. Also, the U.S. Tour Operators Association and the National Tour Association have a restitution fund to protect travelers against company bankruptcies.


_ Fake Scholarship Search Services. Consumers pay a fee for

guaranteed assistance and merely receive a list of financial aid offices or nothing at all.


_ Page-Jacking. As many as 25 million of the roughly one billion pages on the World Wide Web have been page-jacked.


Perpetrators prepare a page that impersonates an innocent

commercial or informational Web site and resubmit it to search

engines with a false address. When Web users search for the

original site, the sham site opens, often with pornographic material.


The page-jackers make money by selling ads, showing clients that they receive a large number of page hits. Of course, the hits come from unwilling users. Users attempting to back up the Web browser or shut it down are merely connected to more pornographic sites. Legitimate site owners have to ask search engines to remove access to the phony sites, a process that may not occur expeditiously enough to forestall significant losses of profit and reputation.


_ Sham Sweepstakes Prizes. The perpetrators demand payments

before authorizing the release of prizes. Of course, the prizes never arrive.


_ Sound-Alike Charities. Schemers masquerade as legitimate

charities to lure contributions from unsuspecting donors.


_ West African (Nigerian) Oil Profits Deposit Swindles.   Phony civil servants ask U.S. citizens for their bank account numbers so that they can assist in investing millions in oil revenues in return for a percentage of the profits.


The scheme dupes American investors out of $500 million a year, according to the U.S. Postal Inspection Service. The Service received 108,000 complaints nationally between 1997 and 1998.


_ Bogus Banks and Bank Instruments. Sham offshore banks,

operating online, solicit deposits with offers of huge interest. They claim they can offer such interest because of low overhead. They also claim they can protect customers from government prying.


_ Fraudulent Offshore Trusts. These are marketed over the

Internet as a means to evade taxation.


_ Affinity Frauds. They target certain religious or ethnic groups.


_ Cyber-Smears. Perpetrators post false information or fake press releases about companies on the Internet.




A number of conditions have hampered effective control of online

fraud. It is difficult to find reliable statistics on the extent of the problem. Bulwark investigative agencies have only recently joined

in the fight against online fraud. Coordination among those agencies

is just getting started. Creation of a national strategic plan for the

control of such fraud remains in its early stages.


A national education campaign, called kNOw Fraud, was launched in November 1999 to warn the public about telemarketing fraud. More than 120 million over-sized postcards listing fraud-prevention tips and contact numbers were mailed to U.S. households.


A Web site was established at

to explain the program and provide prevention tips. Complainants may contact the programs toll-free hotline at 1-877-987-3728. Public libraries received 16,000 informational videos. Coordinating the campaign are the U.S. Postal Inspection Service, the Federal Trade Commission, the Federal Bureau of Investigation, the Department of Justice, the Securities and Exchange Commission, the National Association of Attorneys General, the American Association of Retired Persons and the Council of Better Business Bureaus Foundation. Many of kNOw Frauds awareness tips also will help people to avoid becoming victims of online fraud.




The FTC has interpreted its enabling legislation as permitting it

to regulate e-commerce. It has assumed that its regulations concerning such things as fair marketing practices and mandatory disclosures apply to the Internet. Eileen Harrington, the FTCs Associate Director for Marketing Practices, testified that the agency brought its first enforcement action against a fraudulent operator using the Internet in 1994. By the end of 1999, the FTC had brought 107 such actions against 315 defendants. In February 2000, it published a report, entitled Going, Going, Gone, highlighting its efforts to counter Internet auction fraud ...




The FTC ( accepts reports of fraud at its Consumer

Response Center over a toll-free Consumer Help Line, 1 877-FTC-HELP (382-4357).


Many involve fraud over the Internet. In a joint project with the National Association of Attorneys General (NAAG), the Council of Better Business Bureaus, the U.S. Postal Inspection Service, and

Canadian partners, Canshare and Phonebusters, the complaints are entered into a database called Consumer Sentinel. Over 1,000 law enforcement personnel connected to the system via desktop terminals search for repetitive schemes and offenders. Help Line counselors also provide information to the callers. As of June 2000, the database, maintained by the FTC and available to more than 240 law enforcement agencies in the United States and Canada, contained in excess of 250,000 consumer fraud complaints filed with federal, state and local law enforcement agencies and private organizations.


Ms. Harrington testified, One of the great benefits of the Internet for law enforcement is that we are more able than we have been with any other medium to see what is going on as it happens and to use the technology to fight the fraud. At its Web page, the FTC operates an online, real-time complaint form. When consumers fill it out, their complaints go directly into the Consumer Sentinel database.


In addition, the FTC pioneered periodic, concentrated, daylong

Surf Days, searching the Internet for targeted fraudulent schemes in

partnership with state and local agencies throughout the country. New. Jerseys Division of Consumer Affairs participates in these periodic nationwide enforcement sweeps. Past targets have included bogus lotions and potions health claims, pyramid schemes and credit repair frauds.


Scamming Web sites that have blocking programs to screen out anyone using a government computer are accessed by investigators from their home computers.


In February 2000, with the help of agencies in 28 countries, the

FTC, assisted by the U.S. Securities and Exchange Commission and the U.S. Postal Inspection Service, targeted more than 1,600 suspect Web sites throughout the world. Law enforcement officers from other federal agencies and 45 states, including New Jersey, participated in the FTCs 21 st international sweep of companies touting get-rich-quick schemes over the Internet. The site operators were warned that failure to cease operations or change their claims would lead to enforcement action.


The FTC has a list called the "Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk E-Mail.


Individuals can forward their scam spam (unsolicited commercial e-mail, or UCE) to a special FTC e-mail address The FTC receives more than 1,000 such messages a day. It also issued a brochure about UCE entitled Trouble @ the In-Box.


In 1998, the FTC published a booklet called Advertising &

Marketing on the Internet: Rules of the Road.


Ms. Harrington testified that the FTC uses the Internet for consumer education. Mimicking fraudulent offers with portions of actual scam pages, FTC staff creates teaser Web sites that look just like what the scam guys do, according to Ms. Harrington. If consumers respond, they view a notice that begins as follows:


"If you answered an ad like this, you could get scammed. Were the

Federal Trade Commission. Here are some things that you need to

watch out for if youre looking for a home-based business

opportunity on the Internet."


The site then directs the surfer to a series of links where consumers

can learn how to protect themselves from fraud on the Internet.


On February 2, 1999, the FTC and the attorneys general of several

states announced a crackdown on credit repair fraud. In 1997, the FTC joined attorneys general in 12 states in Operation Trip-Up, an effort to curtail travel-scam artists. Various operators were forced to stop offending activities and, in some cases, to repay consumers.




In 1999, the Federal Bureau of Investigation (FBI) launched the

Internet Fraud Complaint Center (IFCC) in Morgantown, West Virginia.


It may be reached through the FBIs Web site or Co-sponsored with the National White Collar Crime Center, the IFCC collects computer crime complaints from the public at its Web site. It also serves as a clearinghouse of online fraud complaints collected from a variety of organizations.


Approximately 80 percent of the complaints received do not meet the FBIs threshold guidelines for initiating an investigation. These are forwarded to state and local law enforcement agencies. The National White Collar Crime Center, which receives some project funding from the U.S. Department of Justice, provides analytical support and training to the local and state agencies. It is developing a curriculum for Internet fraud investigations.


The Complaint Centers 150 personnel will develop a national

Internet fraud strategy, identify and track fraud, analyze crime trends, triage complaints, develop investigative packets, and forward

information to the appropriate agencies.


When a fraud has been referred to a particular agency, similar complaints will be referred to the same place. Within the FBI, a group of senior intelligence research specialists conducts Internet fraud investigations.




Established in early 1999, the Internet Fraud Council (IFC)

( is a nonprofit organization of

corporations, trade associations and academic institutions working

with government and the media on preventing, interdicting and

prosecuting fraud committed over the Internet. Based in Richmond,

Virginia, the IFC is creating a clearinghouse of information regarding

the variety of economic crime perpetrated on the Internet. It is studying and quantifying incidents of Internet fraud and disseminating

the information to its members and law enforcement agencies.


The IFC plans to develop tools and best practices that can be used by its members to alleviate the threat of cyber-crime to their respective organizations.


Three privately funded anti-fraud groups support the IFC. They

are the National Fraud Center (a fraud and risk management consulting firm established in 1982), the National White Collar Crime Center, and the National Coalition for the Prevention of Economic Crime (NCPEC a non-profit research organization). The IFC, which is a division of NCPEC, provides training to counter Internet fraud and forecasts fraudulent activity. It gathers statistics and identifies trends in online fraud.


The Council also has created a set of standards for companies

doing business on the Internet. It offers a fraud-free seal of approval for such businesses..




The National Fraud Information Center (NFIC) was established in

1992 to combat telemarketing fraud. In 1996, the Internet Fraud Watch (IFW) was created to operate in tandem with the NFIC, expanding the scope of fraud-fighting efforts to scams in cyberspace.


Both are programs of the nonprofit National Consumers League (NCL), which was founded in 1899. The NCL also has an Elder Fraud Project. The NFIC/IFW toll-free hotline is 1-800-876-7060 (Web site:


Trained counselors help consumers identify the danger signs of fraud. The Alliance Against Fraud in Telemarketing, a coalition of

private sector, government and nonprofit groups coordinated by the

NCL, promotes public awareness about telemarketing and Internet fraud.


Susan Grant, the Director of NFIC and IFW, testified that New Jerseys Division of Consumer Affairs is a long time member of the Alliance.NFIC/IFW is the primary data source for the Federal Trade

Commission/National Association of Attorneys General National Fraud Database (Consumer Sentinel), which, in turn makes information about frauds available to law enforcement in the U.S. and Canada on a 24- hour basis. NFIC/IFW also relays complaints to law enforcement, including those filed by consumers using online fraud reporting forms available through the NFIC.




Established in April 1997, BBBOnLine, Inc. is a wholly owned

subsidiary of the Council of Better Business Bureaus, Inc. (CBBB). The BBBs contribute complaints about online fraud to the FTCs Consumer Sentinel.


The BBBOnLine Reliability program was designed to help build

confidence in the electronic marketplace. Since its creation in April

1997, more than 2,600 companies have applied for BBBOnLine and in excess of 2,300 have been accepted. Of these, more than 2,000 are current, active participants. To be accepted into the program, online businesses must comply with the following requirements:


_ Own an operational Web site;


_ Provide the BBB with information regarding company ownership

and management and the street address and telephone number at

which they do business, which will be verified by the BBB in a

visit to the companys physical premises;


_ Be in business a minimum of one year;


_ Have a satisfactory complaint handling record with the BBB;


_ Agree to participate in the BBBs advertising self-regulation

program and correct or withdraw online advertising when.81

challenged by the BBB and found not to be substantiated or not

in compliance with the BBBs childrens advertising



_ Respond promptly to all consumer complaints; and


_ Agree to arbitration, at the consumers request, for unresolved disputes involving consumer products or services advertised or promoted online.


Approved participants may place the BBBOnLine seal of approval on their Web sites. Each seal links to the BBBOnLine database so a

consumer can click on the seal and confirm instantly that the seal

belongs to a valid BBBOnLine participant. Online shoppers can access a BBBOnLine profile on the participant. Those seeking reliable businesses of a particular type can search BBBOnLine Reliability at


BBBOnLines Web site,, links to many BBB tips for avoiding scams found on the Internet. It also links to other BBB services on the Web, such as online complaint filing, business and charity report lookups and online safe shopping tips.


Russell Bodoff, BBBOnlines Senior Vice President and Chief

Operating Officer, testified that most of the problems his organization encounters in e-commerce involve misleading advertising rather than fraud. He added:


Whats interesting when we go back to the companies though, we

get almost a hundred percent compliance in making changes to the

Web site. So it makes us feel that what we really have I think its an opportunity to work together through our local Better Business Bureau and the law enforcement organizations in any given state is an education process, and reaching out to as many businesses as possible, because were finding the problem with smaller companies, and thats the excitement of the Internet. That is, the small business [that] never before could afford to advertise in anything more than a local penny saver, now, through some creativity, can put up a Web site that can make [it] look as good as Fortune 500 companies and can reach [its] audience, but with a lack of sophistication.


So business education I think is going to be extremely critical.

Its going to help cut down problems in the future where consumers are going to be misled, not deliberately, but because the company is just not comfortable. Because how many times do we see on the Internet companies claims of worlds largest selection or worlds lowest prices. Well, in off-line media, the company is expected to have substantiation for any of that claim. And we expect the same thing on the Internet, the traditional advertising law to apply. But this has been forgotten, and one of the prime reasons is that a lot of the companies who are driving the Internet, Internet advertising and creation of commercial Web sites, are a lot of new young startup companies who are not familiar with a lot of the traditional criteria. So we really have to cite the education aspect.



The SEC has a new Office of Internet Enforcement that patrols

cyberspace looking for business fraud, stock fraud and other crimes.

The SEC has implemented a Cyberforce of more than 240 attorneys, accountants and analysts, called Cybercops, specially trained to detect fraud while surfing the Internet. For example, in November 1998, thirty U.S. state regulators, the British Columbia Securities Commission and the Ontario Securities Commission joined together for Investment Opportunity Surf Day, searching the Internet for investment scams.


Online defrauders want to be found by potential victims. This also affords the SEC Cyberforce opportunities to detect frauds as they are developing. In some instances, the Cybercops can bring an

enforcement action before any victim loses a penny. Thus, the Internet has become a powerful tool for law enforcement as well as scam artists.


The SEC asked Congress for $150 million for its enforcement and

investor education programs for federal fiscal year 2001. The agency plans to create an automated surveillance system to search public online forums, such as Web sites, message boards and chat rooms for telltale words or phrases indicating unscrupulous stock promotions. SEC investigators currently do the job manually with computer search engines.


The SECs Enforcement Complaint Center has an e-mail hotline,, launched in June 1996. By early March 1999, it was receiving more than 300 fraud tips a day, up from 15 a day two years earlier. The Centers toll-free telephone hotline is 1-800-SEC-0330.


The SEC has established programs to educate investors about the

risks associated with Internet securities fraud, such as posting

relevant information on its Web site at The Office of

Investor Education and Assistance can be reached online at The SEC warns investors to read its "Cyberspace Alert" before purchasing any investments touted on the Internet. The document can be accessed through the Investor Assistance and Complaints link at the agencys Web site.


Investors can, without charge, access company financial reports

that must be filed with the SEC via the agencys Electronic Data.83

Gathering, Analysis and Retrieval (EDGAR) system, located at its Web site.


If a companys reports are not listed on EDGAR, investors may

find out from the SEC (1-202-942-8090) whether the company filed a

stock offering circular under Regulation A or a Form D notice.

The SEC also lists its enforcement actions and trading suspensions on its Web site. According to John Reed Stark, Chief of the Office of Internet Enforcement, the SEC has brought over 100 Internet fraud enforcement actions since 1995 (38 in 1998).


Geraldine M. Walsh, Special Counsel to the Director of the SECs

Office of Investor Education and Assistance, testified about how

enforcers and consumers can take advantage of investment defrauders need to collect money eventually:


For investment frauds, at some point, the scamsters want to collect money, and thats where were able to track them down.


We do run into problems, though, of people just disappearing into

thin air. [O]ne of the things that we caution investors to do,

this is what our enforcers do, is when you see a Web site that

looks like a scam, or if you see a Web site and youre going to

invest based on that Web site, print it right then and there.

And if your server doesnt give you the date and time that the

information was printed, then write it down yourself, because in

two days or in two hours or two minutes, that information may not

be there.


So there is that phenomenon of people just disappearing into thin

air. But like I said, at some point these guys want money, and

thats where were able to nab them.




Based in Washington, D.C., NASAA represents state securities law

enforcers. Investors can check its Web site ( for alerts regarding particular schemes or types of investments to avoid. State regulators or consumers can check the Central Registration Depository (CRD) to determine if a broker promoting a particular stock, or the brokers firm, is registered or has a disciplinary history.




NASD can give investors a partial disciplinary history of a broker or brokerage firm. Its toll-free public disclosure hotline is

1-800-289-9999, and its Web site is




The Division of Compliance and Consumer Affairs of the Federal

Deposit Insurance Corporation (FDIC) operates a toll-free hotline at

1-800-934-3342. Its Web site to report suspicious sites or to check

them out using a consumer news link is


The FDIC has 20 examiners who surf the Net on a part-time basis

to locate bank scams.



A voluntary group of systems administrators from around the

world, calling itself the Mail Abuse Prevention System, maintains a

Realtime Blackhole List of notorious spammers senders of unsolicited e-mail.


Appearing on the list, which started in 1997 and contains about 1,400 entries, marks generators of obvious junk e-mail as spammers. Enough Internet service providers refuse to deliver e-mail produced by those on the list to separate them from about 40 percent of the online world. By-and-large, this pleases the vast majority of Internet users since the overwhelming majority of spam comes from pornography sites or individuals pitching get-rich-without-working schemes.




The New Jersey Division of Consumer Affairs

( has a specialized E-Commerce Investigative Unit, also known as cybercops, drawn from the Divisions sub-units, including the Office of Consumer Protection, the New Jersey Bureau of Securities and the Office of Professional Boards.


The Unit was established in 1995 and is headed by a supervising

investigator. Ten investigators work on a full-time basis to uncover

fraudulent e-commerce, including, but not limited to, securities

fraud, prescription legend drug fraud, deceptive cyber-practices in

the sale of merchandise and unlawful offers of professional services

over the Internet. The Divisions cyber-unit has expanded its

operations to join with the Division of Gaming Enforcement to combat cyber-gaming, the Division of Civil Rights in fighting discriminatory housing rentals and the Division of Criminal Justice in fighting the distribution of illegal drugs, including the date rape drug, GHB.


In March 1999, the Division implemented an online complaint form

that can be completed and electronically mailed at the touch of a

button. Prior to this, investors seeking to report suspicious

investment offerings made on the Internet had to download the Bureaus complaint form, complete it by hand and mail it to the Bureau.


In addition to inquiring at the SEC, investors should check with

New Jerseys Bureau of Securities to see if it has additional

information. The Bureau can check the Central Registration Depository (CRD) to determine whether the broker touting the stock, or the brokers firm, has a disciplinary history. It can also find out

whether the offering has been cleared for sale in New Jersey.

The Bureaus surveillance efforts have led to the resolution of

registration or regulatory transgressions without the need for formal

enforcement action. During 1999, nearly 20 entities offering

investment products or services on the Internet have registered or

modified or deleted their Web sites in response to Bureau contacts.


In April 1999, the Bureau assessed civil penalties for violating New

Jerseys securities laws against an unregistered Internet investment

adviser who misled 10 investors into making risky investments. He was ordered not to apply for registration as a broker-dealer, agent or

investment adviser in the state. Also, in October 1999, the Bureau

sued a company offering unregistered shares of stock over the

Internet. Allegedly, five defendants pocketed more than $850,000 in

net proceeds from the sale of shares to state residents.


The Cyberfraud Unit also works in other areas under the

jurisdiction of the Division of Consumer Affairs. For example, on

February 16, 1999, investigators assigned to the Unit conducted the

Divisions first Surf Day, identifying suspicious Web sites

involving licensed professionals.


Many were operating without proper licenses. Several had prior disciplinary histories or failed to list proper specialty designations or permit numbers.


In late 1999, the Division filed two civil cases under New Jerseys Consumer Fraud and Pharmacist Licensing laws involving illicit sales of the drug Viagra over the Internet. In one case the

anti-impotence drug allegedly was shipped in response to a request

over the Internet in the name of an investigators dog. In the other

case two men who were not pharmacists allegedly offered Viagra over the Internet and dispensed it when supplied with physician

prescriptions. Allegedly, in neither case did the purveyor take note

of any other medications the patient was taking and warn of

potentially harmful interactions. Meanwhile, one recent federal

investigation turned up 86 Internet sites offering Viagra without a


In March 2000, the Division filed a second round of complaints

against eight unlicensed pharmacies, based in six cities outside of

New Jersey, for allegedly selling medication over the Internet to New

Jersey patients.


The companies specifically were accused of failing to disclose to undercover investigators posing as online patients that they were not licensed in New Jersey. Doctors working with the companies allegedly prescribed medication in virtual visits, although they were not licensed to practice medicine in New Jersey.


The visits required the patient to fill out a simple questionnaire

but included no medical examination.


The U.S. Food and Drug Administration estimates that there are in

excess of 400 online pharmacies. According to the market research firm Cyber Dialogue, more than 200,000 people bought prescription drugs online from July 1998 to July 1999.


The drug mills in the profession hurt legitimate online pharmacies that work with reputable physicians and have a genuine concern for patient safety. In December 1999, the National Association of Boards of Pharmacy ( established a voluntary certification program for Verified Internet Pharmacy Practice Sites meeting the requirements of 17 review criteria.


Certifications have been awarded to,, Merck-Medco Rx Services and


State medical and pharmacy boards have expressed concerns to the FTC that their existing enforcement tools are not adequate to police online sales of medication. In mid-1999, the FTC recommended that Congress consider whether legislation requiring disclosure of identifying information about the location of prescription drug Web sites, online prescribing physicians and online pharmacies is necessary to assist state law enforcement efforts.


In December 1999, the President asked Congress to give the Food

and Drug Administration (FDA) the power to review and certify hundreds of drug-dispensing Web sites. Under the proposal, fines up to $500,000 could be levied for dispensing drugs without a valid prescription or operating without FDA certification. The FDA also would have the power to subpoena the records of online pharmacy sites during investigations. $10 million for the 2001 budget would be available to hire FDA investigators and upgrade computer equipment for the online pharmacy program. The FDA opened a consumer-advice Web page ( to help patients ensure they are buying from legitimate stores instead of dangerous quacks.


Stressing the importance of jurisdiction over the activities of

online pharmacies, the New Jersey Division of Consumer Affairs has

called for new legislation allowing it to license out-of-state

pharmacies doing business with New Jersey residents over the Internet.


Additionally, the Division formed a Telemedicine Task Force to study potential problems associated with the delivery of health care via the Internet.


Telemedicine is a health care providers use of electronic

communication and information technologies to provide or support

clinical care to a patient at a remote location. Physicians use the

Internet, personal computers, satellites, video conferencing equipment and telephones in telemedicine applications. The Division is developing proposed legislation based on the Task Forces.87 recommendations. The proposed legislation would create a limited license that physicians outside the State would be required to possess to diagnose or treat in-state patients through the use of electronic devices. Provisions also are being drafted that would allow physicians, including those who hold the new limited license, to e-mail prescriptions for patients.


The Division also brought a civil case in October 1999 against a

Monmouth County woman who, using a variety of pseudonyms, offered to sell Beanie Babies and Furby plush toys over several online auction sites. She allegedly never delivered after collecting money for the toys and for tickets to an August 1999 Bruce Springsteen concert.


As a result of its participation in a FTC-sponsored Surf Day,

the Division brought an action against a Paterson-based credit-repair business operating via the Internet. The Division also has issued warnings to nearly 20 dentists and chiropractors in connection with irregularities in their Internet advertising. In addition, the Division published a notice in a trade newsletter, NJ Car, warning automobile retailers to follow proper Internet advertising practices.


Moreover, prompted by consumer complaints about online auctions, the Division has requested and received information from eBay, Inc. in accordance with the latters policy to share information with law



In the area of charitable fundraising, two previously unregistered charities have registered after investigators discovered that they were soliciting donations via the Internet. After the Division contacted it, a Vermont organization, Volunteers for Peace, added a disclaimer page to its Web site to make it clear that the charity was not soliciting in New Jersey, where it is not registered.


In the fall of 1999, desktop high-speed Internet connections were

installed for investigators in the Office of Consumer Protection. This

has enabled the Division to accelerate investigator training and to

expand its focus from businesses that use the Internet as one of many tools to deceive to those that exist primarily to take advantage of e-commerce as an end unto itself. The Division specifically intends to participate in training programs offered by the National White Collar Crime Center. Moreover, efforts to educate the public about Internet fraud have been incorporated into the Divisions consumer outreach program.





Identity theft undermines confidence in the integrity of commercial transactions and invades individual privacy. The Internet provides to perpetrators low-cost, efficient methods for capturing the identities of unsuspecting victims.


Sometimes called true-name fraud or account takeover fraud,

identity theft commonly refers to a host of frauds, thefts, forgeries,

false statements and impersonations involving the use of another

persons identifying information.


Identity theft facilitated by the Internet will grow as electronic commerce grows, which it is doing exponentially. Cyber Dialogue, a New York-based Internet research company, reported that by the third quarter of 1999, 19.2 million U.S. adults had used their credit cards for online transactions, versus 9.2 million during all of 1998. The number of people worldwide buying goods and services on the Internet should rise to 120 million in about three years.


Once armed with an individuals personal information, identity

thieves use it to open new accounts, take over old accounts, make

purchases or commit offenses in that persons name. With a birth date and an address an identity thief can obtain a birth certificate and progress to obtaining a passport, drivers license and credit, all in someone elses name.


While impersonating another, a wrongdoer can take out loans,

lease cars, buy merchandise, take trips, open bank accounts, cash

checks, obtain credit cards, sign up for cellular telephone service,

rent apartments, or acquire a home mortgage or equity loan. The

perpetrator can saddle an innocent victim with a criminal arrest

record or commit motor vehicle violations in the victims name.


Privacy concerns and fear of credit card fraud discourage online

purchasing. Nonetheless, most experts contend that consumers are at much greater risk using credit cards at stores, restaurants or gas

stations than at secure Web sites. Encryption technology and Web site authentication procedures ensure the security of online transactions to most consumers satisfaction. Indeed, the National Consumers Leagues Internet Fraud Watch has not received a single complaint of someones credit card number being stolen while transmitted to a legitimate merchant over the Internet.


A couple of recently exposed incidents have diminished the absolute confidence with which many consumers conduct e-commerce via

credit cards. In December 1999, an Eastern European hacker, using the alias Maxus, allegedly stole the numbers of about 300,000 credit cards from the database of an Internet Web site, CD Universe.


When the firm refused to pay a $100,000 extortion demand, about 25,000 numbers were sold on a Web site, which has since been taken down.


In December 1999, British hackers attempted to extort $10 million

from VISA International after obtaining access to the companys

computer system in July 1999. The firm maintained that the hackers

accessed some corporate servers and obtained some marketing material but no credit card or transaction processing information. With apparent confidence in its security system, VISA refused to pay the demand and contacted Scotland Yard and the FBI.


Neither of these incidents involved a successful attack on data

in transit from customers to vendors or transaction processors. Secure socket layer (SSL), the security protocol built into most Web

browsers, very effectively, if not perfectly, protects such data in

transit. However, when companies store consumer credit information in areas that are connected to the Internet, they are asking for trouble, unless they have installed state-of-the-art security measures.

Storing credit card information in a database typically is done

as a convenience to customers, but without proper safeguards, it may involve security risks. If credit card information is stored, it

should be encrypted using the latest technology.


Access to the database should be severely restricted, and electronic keys should be changed frequently. Vendors also must make sure that their own computer staffs do not abuse the credit card information. As an extra precaution, consumers may ask vendors not to save their credit card numbers, or they may use a separate credit card for online purchases only and cancel it at the first sign of vendor trouble.


Recent technological advances also are making bank account debit

transactions more secure. A Woodcliff Lake-based private network owned by several large banks has developed a CD-ROM the size of a card to securely authorize withdrawal of funds from a checking account to pay for Internet purchases. Encrypted information from the card is routed from the customers computer through the network to the online merchant. Once the information is confirmed, including the personal identification number (PIN) entered by the customer, the money for the purchase is automatically debited from the customers checking account. Because of the strength of the encryption, a cyber-thief would have to steal the actual card, along with the customers PIN, in order to access his checking account. No financial data is actually typed into a keyboard or sent to a merchants Web site and stored.


Banks and credit card companies pick up the lions share of the

direct financial tab for identity theft. Under the Fair Credit Billing

Act, an individuals financial liability is limited to $50 if he promptly reports fraudulent use of a credit card to the credit-card company.


For similar protection, debit-card holders must notify their

banks within two business days. If they wait longer, users are liable

for as much as $500. Meanwhile, the corporate victims pass their

losses on to consumers, who bear the costs indirectly in the form of

higher prices and interest.


The indirect financial and "human" costs of identity theft for the individual victim are quite substantial. People whose identities

are stolen must cope with reputations for substantial indebtedness,

ruined credit histories, difficulty finding employment, and trouble

renting or buying housing. For many victims, their only "fault" was

being on a list or in a file that was stolen, or being duped into

giving out information to the wrong people.


A victim may not even know that her identity has been stolen until she is dunned for a debt about which she knows nothing.

Meanwhile, her credit reports, in the hands of national commercial

credit bureaus that report creditworthiness to vendors and lenders,

may contain errors for a number of years before they are fixed.


Unless the credit reporting companies promptly correct the information in their files, the victim may have to continuously establish the creditworthiness that other consumers take for granted.


Recent federal legislation allows consumers to seek restitution

for expenses from the criminal who carried out the identity fraud.

However, actually obtaining such restitution might prove impossible if

the criminal is not caught or if there is a long list of creditors seeking similar restitution.


The significant financial losses incurred by identity theft victims trying to restore equilibrium in their lives have prompted at least one national property casualty insurer to offer identity fraud expense coverage, starting in 1999. Available to homeowner and tenant

policyholders for an additional premium of about $25 per year, the

coverage reimburses victimized policyholders for up to $15,000 in

expenses they incur as a result of identity fraud. Expenses covered

include legal expenses, loan re-application fees, telephone and

certified mailing charges, notary expenses and lost wages for time

taken from work to deal with the fraud.


Although the volume of identity fraud in the United States and New Jersey is difficult to quantify, available information indicates that it is prolific, and undoubtedly one of our fastest growing crimes. Loss prevention experts believe 20 people have their identities stolen in New Jersey every day. MasterCard International reported that identity theft accounted for $1 billion in losses in 1998.


Officials do not have comprehensive figures on how many identity

thefts occur annually because it is not broken out as a separate crime in analyses of fraud schemes. The U.S. Secret Services national tracking reveals that at least 1,000 Americans are victimized by identity theft every day and that the cost almost doubled from about $442 million in 1995 to $745 million in 1997.


According to the Public Interest Research Group (PIRG), up to 40,000 people are victimized by identity theft every year.


Trans Union LLC the only credit bureau to track identity theft

cases reported that two-thirds of all consumer inquiries to its

Fraud Victim Assistance Department involve identity theft, according

to a 1998 General Accounting Office study. The number of cases

reported to Trans Unions hotline jumped from 35,235 in 1992 to

522,922 in 1997, the GAO added. Another credit bureau, Equifax Credit Information Services, Inc., received 1,200 calls a day on its fraud lines in 1997, quadruple the number received in 1995. In 1996 and 1997, identity theft was the number one complaint at the Privacy

Rights Clearinghouse, based in San Diego, California.


Meanwhile, the Social Security Administration, which operates a

fraud hotline at 1-800-269-0271, reported that it received 30,115

complaints about the misuse of Social Security numbers in 1999, most involving identity theft. That was a tremendous surge from 11,013 such complaints received in 1998 and 7,868 in 1997.


It is easy to understand why so many criminals, including organized rings, have turned to identity theft in ever increasing numbers in modern times. An identity thief runs up an average of $20,000 to $30,000 in bills on each victim versus the average take from a more risky bank robbery of just $2,500.


Retrieval of identity information via the Internet is just the most recent of many methods by which perpetrators compromise others identities.


According to the U.S. Secret Service, organized groups account for 75 to 80 percent of identity fraud cases. Members of the rings get jobs with housekeeping companies or security firms and then snoop for sensitive information in computers, file cabinets and trash bins. In March 2000, for example, Union County authorities arrested 14 people connected to an organized crime group whose main operation was identity theft.


Allegedly, an auto dealership employee provided to the groups leader drivers license information for customers taking test drives or applying for financing. Using high-tech methods to reproduce official documents, the group allegedly created hundreds of phony drivers licenses used to apply for credit cards and instant credit at electronic and home improvement stores. In some cases, merchandise obtained by impersonators allegedly was sold sometimes over the Internet to pay off their debts to at least one loan shark associated with the group.


The Internet now affords perpetrators, whether operating individually or as members of organized rings, access to a vast amount of information about individuals and businesses with just a few



Until 1997, the Congressional Records Web site included the Social Security numbers of military officers granted promotion

approval by Congress. Using the data on the government Web site, a private site operator posted the numbers, along with those of many

prominent public figures.


In December 1999, the Newark Office of the Secret Service arrested three people for allegedly using the military officers numbers to create hundreds of phony credit card accounts, including at least one in the name of the former Chairman of the Joint Chiefs of Staff. Two Trenton residents pled guilty in U.S. District Court in early 2000.


If an identity thief wants someones Social Security number, he or she can purchase it from one of a host of vendors selling personal

information on the Internet. The ready availability of Social Security

numbers in the public domain has enabled at least one Web site,, to offer to retrieve a persons Social Security number in one day for a $49 fee.


Many legitimate companies obtain significant amounts of personal

information about Internet users and their children in order to pass

it on to marketers selling merchandise or services via e-mail or

advertising banners. In return for permission to collect and distribute information about purchasing preferences and household

demographics, these companies offer incentives ranging from the

opportunity to win scholarships in sweepstakes to cash payments for

each e-mail received. If not careful, however, a person could respond

to a phony offer and provide information that could be used for

identity theft or other illicit purposes.


The human element is the weakest link in the information security

chain. Violators take advantage of human carelessness through high-tech and low-tech snooping. Traditional methods include sorting

through discarded trash ("dumpster diving"), co-workers or cleaning

crews rifling through workplace desk drawers, theft of U.S. mail,

bribing bank employees, and soliciting information with false job

application schemes. With these methods exposure is limited, however, by the physical process required to gather the information. Online, on the other hand, aggregation of personal data can occur rapidly as the perpetrator surfs from source to source with a few keystrokes and without ever having to leave home.


With inexpensive but sophisticated "desktop publishing," criminals can quickly create high-quality false identity documents or checks in someone elses name. In the case of Internet transactions, the wrongdoer does not have to present bogus identification documents, whose falsity sometimes can be detected by careful inspection.


Criminals compromise real identities far more often than they

fabricate new ones. Thieves can capitalize immediately on a businesss confidence in a longstanding relationship with a reliable customer.


The defrauder does not have to cultivate a new relationship with the

corporate victim.


It is likely that the private sector will, in the long run, resort more and more to definitive methods for confirming consumer identity: fingerprints, iris scans, face-recognition software, so-called

smart cards, and the like.


IriScan, Inc. ( of Marlton, New Jersey, for example, has developed iris recognition technology for automated biometric systems. Visionics, Inc. of Jersey City, New Jersey, developed software called FaceIt whose uses include identification of customers at ATM machines via their distinctive face prints. This helps people who lack bank accounts but wish to cash checks.


The company reported that about 645,000 people have registered their face prints to cash checks and wire money at 500 Wells Fargo face recognition ATM machines in California, Texas, Arizona and Florida.


However, organizations such as the Online Privacy Alliance ( and PIRG reject such methods as

invasion of privacy.


Law enforcement officials and privacy activists believe that credit card companies and banks already have substantial "know-how" to prevent a large portion of fraud and counterfeiting but are reluctant to invest in the technology or assign the necessary resources.


When a "customer" requests a change of address, for example, the company extending credit always should communicate with the customer of record at the old address or telephone number in order to confirm the change.


Sometimes, careless lenders even permit transactions on closed credit card accounts. Creditors and credit bureaus could implement a fraud notification system that would use software to identify patterns of fraudulent use within the creditor or credit bureaus databases. Once suspicious transactions were flagged, timely notification could be given to all interested parties, including the individual victim.


Most credit card issuers claim they already vigilantly monitor

customers buying patterns and quickly flag questionable transactions.


Several of the countrys largest credit card issuers are now building

a database, with assistance from the Secret Service, in order to share information and identify common geographic locations where credit card fraud occurs.


Although Post Office mail drops are essential for the success

of many schemes, including credit card and identity theft, in the past

there was little scrutiny to determine if they were being used for

illegal activity.


Effective April 24, 1999, new U.S. Postal Service regulations imposed stricter requirements on private mailbox (PMB) customers and commercial mail receiving agencies (CMRAs). The latter are private businesses that, through a written agreement, accept their customers mail from the Postal Service, hold it for pick-up (private mailbox) or re-mail it to other addresses.


Under the new regulations, CMRAs must register with the Postal

Service to act as an agency to receive delivery of mail for others.

They must ask those who rent PMBs from them to produce two forms of identification, one with a photograph. They may not deliver mail to a box unless the customer has identified himself in a Form 1583 that is kept on file. The CMRAs are required to submit quarterly alphabetized lists of their customers to the Postal Service. Their customers must use the designation PMB and the relevant number in their mailing address. An address format change will let correspondents know they are dealing with the holder of a private mailbox at a specific street address and not an occupant of a suite or apartment.


A large share of the responsibility for identity theft rests with the credit card issuing companies and vendors who extend credit too eagerly.


Pre-approved credit card applications abound in everyones

mail and e-mail. John P. Lucich, President of Secure Data Technologies Corp. of Fairfield, New Jersey, testified that his seven-year-old son recently received one.


Beth M. Grossman, the Federal Trade Commissions Identity Theft Program Manager, testified that Department store chains constantly seek customers who will open a chain credit account in return for a discount on a current purchase. She added that in their zeal to grant credit instantly they do not check the customers credit report, which might contain a fraud alert. By failing to check, they provide additional opportunities for identity thieves.



Pretending to sell products and services, fake Web sites entice

customers with attractive looking deals.


They ask the unsuspecting victims for their names, addresses, credit card numbers and mothers maiden names. Sometimes the consumer will provide the information in connection with an application for credit from a sham credit card site.


The sites operators e-mail the consumer that her application

has been denied and simultaneously provide her personal information to identity thieves.


John Lucich testified how a defrauder could turn a credit card

with a simple $1,000 credit limit into an illicit cash cow. Armed with

such a card under a phony or stolen identity, the perpetrator applies

for a credit card processing machine commonly advertised in magazines for use by home businesses.


The defrauder then obtains a legitimate merchants credit card processing number and terminal ID number from discarded receipts that he might find lying around a mall parking lot.


He programs the numbers into the credit card processing device. Then, he makes purchase after purchase with the credit card. However, he never exceeds the cards credit limit because he uses the processing terminal and the impersonated merchants numbers to enter returned merchandise credits canceling the charges in the credit-card companys computer.


By the time the credit-card company realizes what has happened, the perpetrator, enriched by material goods from several expensive purchases, is long gone.


Mr. Lucich pointed out that anybody can set up a Web site for

as little as $15 and attempt to defraud people. Through online

financial newsgroups, the scammer can find out the e-mail addresses of people interested in enhancing their credit. He then spams such people with e-mail touting the easy availability of credit on his Web site.


Once lured there, they provide the information that allows the

perpetrator to steal their identities and leech their good credit

histories. In that way, the schemer can reach thousands or even millions of specifically targeted potential victims with the click of a mouse.


It would take months, a large staff and significant expense to reach such an audience with traditional solicitation by telephone or so-called snail mail.


Pretending to be a consumer, Mr. Lucich showed how a phony Web site dupes unsuspecting credit seekers. In a search engine for the aviation industry, he pointed out a rotating advertising banner

offering a credit card with an especially low interest rate.


By clicking on the banner, the consumer could view a Web site that usurped the logos of legitimate credit card providers, such as Visa and MasterCard, and displayed an application form. The site also contained a reassuring, but fake, certification of security and an

offer of a free credit report.


The application form asked for personal information, such as date of birth, social security number and mothers maiden name, as well as numbers and expiration dates of existing credit cards. When Mr. Lucich submitted the completed application, the screen displayed the message:


Currently our Web servers are overloaded. Please try again at a later time. Thank you for your patience. Although the consumer believes that his completed form was never sent, a defrauder has now captured all his pertinent credit information.


The FTCs Beth Grossman testified how even a vigilant credit card

company can be duped by a thief armed with an individuals identifying information. The thief starts by telephoning the company to change the address on the account. Armed with his victims personal information, the thief can answer all of the questions asked by the companys representative to separate genuine customers from wrongdoers.


The thief knows the legitimate customers social security number, date of birth and mothers maiden name. Once the company assigns a new address to the account, the thief can order expensive items with impunity, collect them at various delivery addresses, and never have to fear timely interruption by authorities tipped off by the victim. Discovery of the scheme occurs only when substantial monthly bills are not paid or bogus credits from an impersonated vendor are discovered.


When the true account holder is traced back to his original address, the impersonator and his purchases are long gone. Ms. Grossman added, The frustration happens when people dont find out about this until its at the time they need credit. They go to get a mortgage or student loan, and they find that their credit is all screwed up.




A simple guideline is to assume that no personal information is

absolutely private or safe. Anthony F. Colgary, Assistant to the

Special Agent in Charge of the U.S. Secret Services Newark Field

Office, testified potential victims bear some responsibility to try

to monitor [their] credit reports to see whats going on. He added:


No credit can be gained in your name, whether its a credit card

or anything else, unless someone passes a credit check on you.


You need to constantly review that credit report and make sure that no one has changed your address, no one has ordered goods or

services or credit that you havent authorized .


People may protect themselves from identity theft by taking the following steps:


--Get a free copy of your credit report from each of the three

major credit bureaus every year.


--Check to be sure that everything, including addresses, is accurate.


Under the federal Fair Credit Reporting Act (amended by the Consumer Credit Reporting Reform Act of 1996), a consumer who has been denied credit during the last 60 days may receive a free copy of his credit report. In New Jersey he is entitled to one free copy

annually, even if he has not been rejected for credit. The cost

is about $8.00 for each additional report.


To order credit reports from the three largest credit bureaus:


Contact Equifax, Inc. (1-800-997-2493) (or 1-800-685-1111)



Contact Trans Union LLC (1-800-916-8800)

(; and


Contact Experian ( (1-888-397-3742)

(formerly TRW).


--Monitor your account activity throughout the year by reading your periodic statements thoroughly.


--Tear up or shred any pre-approved credit offer, receipt or other personal information that links your name to an account number.


--Do not leave your ATM or credit card receipts intact in the

trash. If you decide not to proceed with a loan or purchase, take all unused copies with information home with you.


--Destroy or delete social security numbers from any documents before throwing them away.


--Credit card solicitations are generated from "pre-screened lists" of credit reports provided by credit bureaus. If you do not want

to receive these offers, contact each of the Big Three credit

bureaus to remove your name from pre-screened lists.


--If your credit card or other bills are more than two weeks late,

do three things:


First, contact the Postal Service to see if someone has forwarded your mail to another address.


Second, contact your bank to ask if the statement or card has been mailed.


Third, contact the businesses that send you bills.


--Do not pay your bills by putting them in your home mailbox with

the red flag up. Use the Post Office or a postal mailbox for bill

payments. Protect your incoming mail with a locked mailbox or

Post Office box.


--Protect your account information. Do not write your personal

identification number (PIN) on your ATM or debit card. Do not print or write your social security number, credit card account numbers or driver's license number on your checks or on the outside of envelopes when paying monthly bills. Cover the pad when you are entering PIN numbers.


--Do not carry your social security card, passport or birth

certificate unless you need it that day. Take all but one or two

credit cards out of your wallet, and keep a list in a safe place at home of your account information and customer service telephone numbers. Keep tax records and other financial documents in a secure place.


--Memorize your social security number and all passwords and PIN numbers.


Do not use common identifiers, such as mothers maiden names and birth dates, as passwords or PIN numbers.


--Never provide personal, credit card or other financial

information over the telephone or online, unless you initiate the



In a New Jersey case in January 2000, four students at Absegami High School in Galloway Township allegedly purchased about $8,000 in merchandise, delivered to unoccupied homes, using credit card numbers obtained by tricking America Online and Earthlink subscribers. The teenagers allegedly acquired passwords, addresses, telephone numbers and credit card numbers of people in New Jersey and at least six other states by, in some cases, posing as online representatives of the service providers.


They told the subscribers that their account information had been

lost and should be provided again.


--Cancel, in writing, any credit cards that you do not intend to



--If a creditor contacts you, do not provide information about

your account without contacting the creditor via a telephone number, address or e-mail address indicated on your monthly statement.


--Do not put your genealogy online. It permits identity thieves to

acquire birth dates and maiden names.


--Check social security earnings and benefits statements once a year to make sure the earnings are recorded correctly.


--You may want to have your name, address and phone number deleted from marketers lists.


Write to the Direct Marketing Associations Mail Preference Service (PO Box 9008, Farmingdale, NY 11735) and Telephone Preference Service (PO Box 9015, Farmingdale, NY 11735).




Despite precautions, growing numbers of individuals fall prey to

identity theft. Early detection and reaction is essential to minimize

the harm. It is important to quickly take the following actions:


--Immediately, make a complaint to your local police department.

Obtain a written copy of the police report for inclusion with

notification letters. Contact the Federal Trade Commission to

report the problem at 1-877-FTC-HELP.


--Immediately telephone the toll-free hotlines for the fraud units

of all three major credit bureaus and ask them to "flag" your account with a Fraud Alert/Victim Impact statement. This tells creditors that you are a victim of identity fraud and asks them to contact you before opening any new accounts.


The major credit bureaus fraud unit telephone numbers are Equifax (1-800-525-6285), Experian (1-800-397-3742) and Trans Union (1-800-680-7289).


Follow up in writing, attaching a copy of the police report. The addresses are:



P.O. Box 105069, Atlanta, GA 30348



Attn: Consumer Assistance Department,

CBA Information Services,

P.O. Box 677, Cherry Hill, NJ 08003




Trans Union

P.O. Box 6790, Fullerton, CA 92834.


--Order a copy of your credit report. The report is free if you are

a victim of identity theft or have been denied credit in the last 60 days. Anytime you apply for a loan of any type, you are entitled to a copy of the credit report that is provided for you.


--Immediately notify your banks and obtain new account numbers for all of your checking, savings and other accounts. Pick new PIN

numbers for your ATM and debit cards. Close all of your credit

card accounts and reopen them with new numbers.


--Immediately notify affected creditors by telephone and follow up

with written notification enclosing a copy of the police report.


--Immediately notify your local postmaster. Explain that you

suspect a false address is being used and would like help to find

out the address. Also notify the U.S. Postal Inspection Service

(Web site located at any

suspected mail theft or use of impersonating addresses.


--Call the local field office of the U.S. Secret Service to report

any credit card fraud.


--Call the Division of Motor Vehicles to see if another license was

issued in your name. Put a fraud alert on your license. You may

want to request a new number.


--Contact the Social Security Administrations Fraud Hotline: 1-

800-269-0271. Depending on the circumstances, you may want to

obtain a new social security number from the Social Security



You also may want to contact your local telephone, long distance, water, gas and electric companies to alert them that someone may try to open accounts in your name.


--Maintain a log of all contacts with authorities regarding the matter. Write down each persons name, title and phone number. You may need to re-contact them or refer to them in future correspondence.


--Do not allow yourself to be coerced by creditors into paying

fraudulent bills.




Recently, special laws to contend with identity theft have passed at the federal level and in New Jersey.


Previously, criminal.prosecutions were limited to fraud, theft, forgery and impersonation charges associated with the identity theft. Victim loss thresholds of $40,000 or more limited the number of offenses brought to court.




Effective May 21, 1999, N.J.S.A. 2C:21-17, concerning wrongful impersonation, was amended to specifically include identity theft in its provisions.


Before the amendments became law, the offending conduct had to fit the elements of theft by false representation before it could be prosecuted criminally. The amendments also allow authorities in New Jersey to prosecute those who make purchases in another state using identity information from a New Jersey resident.


Gerald S. Flanagan, Legislative Director for New Jersey Public

Interest Research Group (NJPIRG) Citizen Lobby, testified that an

effective state law was needed because the majority of consumer prosecutions take place on the state level.