March 13, 2010

Source: ic3.gov

Reported losses from online fraud more than doubled last year, from $265 million in 2008 to nearly $560 million in 2009, according to figures released Friday by the FBI.

The figures come from complaints referred to the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. Last year, the IC3 received some 336,655 complaints, a 22.3 percent increase from the year prior.

Ironically, among the largest sources of complaints (16.6 percent) were e-mail scams that fraudulently used the FBI’s name to gain information from the recipient. Of the top five categories reported to law enforcement during 2009, non-delivered merchandise and/or payment fraud ranked nearly 20 percent; identity theft 14 percent; credit card and auction fraud, just over 10 percent each. The median dollar loss was $575, while the highest median losses were associated with investment fraud ($3,200), overpayment fraud ($2,500) and advanced-fee fraud ($1,500).

The full report is available from this link at ic3.gov (.pdf).


19 thoughts on “FBI: Online Fraud Costs Skyrocketed in 2009

  1. JCitizen

    Yep! I just had my first ripoff. Some place called HOSTING SALES 888-678-8560 WA stole $19.90 from my debit account. I am pretty sure I know which vendor got hacked that had my account information.

    This criminal organization is all over google if you care to search – why the stupid banking system can’t block a KNOWN criminal is beyond my understanding. You would think such a well know scam artist would be blocked by ALL BANK electronic transfer systems.

    This is the problem, there is no standard black list system in banking. Even we regular computer users know better, and use black lists for spam and malware. But the ignoramus U.S. Banking system can’t get off their duff long enough to do the simple things we computer users do everyday!!

      1. JCitizen

        No one ever called me. I’ve only see maybe one or two calls listed as unknown in the six months. Before then I had telemarketer blocking and never got calls. I NEVER answer unknown calls.

        I’ve had skype for about six months too, and I doubt they somehow got ESP on my financial information.

        All of my information is encrypted in the cloud, and that company is also one I will contact, but they have been with me a while, this kind of exploit would more commonly be taken advantage immediately after gaining the information.

        I use Secunia and File Hippo for updates so I didn’t click on any bogus updaters that could spy on me. I have Prevx onboard, which blocks ALL keyboard and video input/and outputs to the browser. So no dice there. I have NEVER entered my financial information to the hard drive and I’ve scanned my drive using ID finder to make sure none of it is on my drive by any circumstance. This company I have done business with for three years, so they are not suspect. They are also well know by the CNET community, I doubt that is the problem. I do not keep it installed on my hard drive despite password protection, precisely because I don’t want to give them and easy out to get the information, should their be an easy crack for that.

        It all boils down to one new vendor I’ve just done business with, and I’m concentrating on them, but I have also contacted the other two unlikely targets, just in case.

    1. Reid

      @JCitizen

      The phone number you list, 888-678-8560, is for PAI Web Hosting.

      PAI Web Host – “The Cheapest Hosting for Everyone”
      The URL for their contacts page is .

      On their main webpage, they list Hurricane Electric as their primary Network Operation Center. If you have a complaint I suggest you file it with Hurricane Electric as well at .

        1. JCitizen

          Thank you Reid, I suspect the cracker is needing domain space for his/her ill gotten dirty work. Probably took advantage of the $19.90 web host for 6months deal.

          I plan to shut that down, even if I have to call the FBI.

      1. JCitizen

        Again, many thanks Reid;

        Hurrican electric denies having such a customer in their building as Hosting services claims, so someone is lying.

        Since it is all over Google about this fraud I nominate HostingSales!

      2. ShelbyVic@gmail.com

        About Hurrican Electric, somebody there hacked into my account and changed my private setting. Bastards!!!

        1. JCitizen

          The people at Hurricane seemed sane and professional to my inquiries; I didn’t suspect them of subterfuge. It is actually common for any email account, whether web-based or server based ISP mail, to be cracked by automated dictionary attacks. Hurricane may not be the culprit here, but they may have bad policies about keeping the network cleaned up, and who is hosting on it. I really don’t know.

          I had read in a reputable article that they had cleaned a lot of other bad sites off there space, so I assume they are being targeted now, for running a square ship. Retribution by the criminals is common; just ask Brian how many times his blog and site have been attacked.

  2. JCitizen

    No one called me. I suspect the new vendor I was doing business with is practicing the poor habit of emailing my financial information to their warehouse of accounting firm in open email instead of VPN or such.

    This poor security practice is still common; but it doesn’t give the bank the excuse to take a debit charge from a KNOWN crook!!!!

    X-(

    1. JBV

      Why use a debit card for online (or any other) purchases? Especially with a “new vendor.” The money is gone from your bank account before you know about the transaction.

      Credit cards don’t debit your bank account at the time of purchase. They have consumer protections and will investigate any report of fraudulent use, suspending the charge during that time. If balances are paid in full, there is no interest charge. To be doubly secure with online purchases, many credit cards offer a service such as B of A’s “Shop Safe,” that lets you generate a single-seller-use card number where you can set a limit on both time and amount of purchases. Much less risk exposure that way.

      1. JCitizen

        I keep this account low just for that reason. It was only $19 bucks but that is beside the point. My credit union gives me a sweet deal that reverses almost all of the 4% service charge done on card transactions.

        I’ve recovered way more than the loss. One month I got over 200 dollars in charges and interest. If I stick to the rules, I get 6% back on debit purchases.

        They are doing this so they won’t need to hire more workers. The account is entirely electronic, bill paying, income, statements. But I keep the debit account separate.

        The interest on overdrafts is way cheaper than credit card revolving balances.

  3. KFritz

    Looked @ the report. Are the bank fraud schemes reported by KOS part of these statistics? The worst schemes reported here over the years have been fr/ the former Soviet block. Yet no country fr/ that group or the PRC is in the top ten listed countries for theft. Is this a very specialized report? The total annual theft reported here is less than the take by the Martino Crew of the Gambino Family in NYC in the late 90’s.

  4. Hilary

    Finally! A security expert with a brain. Keep it up. As a banker I can tell you there is much more here than meets the eye and is being disclosed to the public. I don’t think that Fifth Third was just playing the good guy by making their Biz customers whole. No. They were instructed to do so by the FDIC. The outcry would be too great and too great to be covered up. US banks have convinced our regulators that they are simply too fragile to sustain another loss of confidence by the public. Dig deep enough and I can assure you you’ll have the story of a lifetime.

  5. Hilary

    Sorry a spelling mistake..Finally! A security expert with a brain. Keep it up. As a banker I can tell you there is much more here than meets the eye and is being disclosed to the public. I don’t think that Fifth Third was just playing the good guy by making their Biz customers whole. No. They were instructed to do so by the FDIC. The outcry would’ve been too great for a cover-up. US Banks have convinced regulators they are simply too fragile to sustain another loss of confidence by the public. Dig deep enough and I can assure you you’ll have the story of a lifetime.

    1. KFritz

      Lewis’s interview was a mixed blessing. It’s good to draw attention to the subject. However, he made two claims that seemed dubious, at best.
      1)The US government has better, more up to the minute cyber-security experts than private industry
      2) Russia has more evolved cyber-warfare strategy and better experts than PRC.

      Frankly, to the best of my knowledge gleaned fr/ this blog and elsewhere, these are howlers, so far off the mark that I’m looking for Captain Peter Peachfuzz, ( for folks old enough to understand the joke)!

Comments are closed.