Top 10 Internet Crimes of 2006

According to the Internet Crime Complaint Center and reported in U.S. News and World Report, auction fraud and non-delivery of items purchased are far and away the most common Internet crimes. Identity theft is way down near the bottom.

Although the number of complaints last year­207,492­fell by 10 percent, the overall losses hit a record $198 million. By far the most reported crime: Internet auction fraud, garnering 45 percent of all complaints. Also big was nondelivery of merchandise or payment, which notched second at 19 percent. The biggest money losers: those omnipresent Nigerian scam letters, which fleeced victims on average of $5,100 ­followed by check fraud at $3,744 and investment fraud at $2,694.

[...]

The feds caution that these figures don't represent a scientific sample of just how much Net crime is out there. They note, for example, that the high number of auction fraud complaints is due, in part, to eBay and other big E-commerce outfits offering customers direct links to the IC3 website. And it's tough to measure what may be the Web's biggest scourge, child porn, simply by complaints. Still, the survey is a useful snapshot, even if it tells us what we already know: that the Internet, like the rest of life, is full of bad guys. Caveat emptor.

Posted on April 24, 2007 at 12:25 PM • 21 Comments

Comments

Joe BuckApril 24, 2007 1:19 PM

My guess is that the real #1 crime is related to the vast bot networks out there; millions of computers are being taken without permission to provide services for others (cranking out spam, distributed DOS attacks and associated extortion -- pay up or we take you down, etc).

JoeKillerApril 24, 2007 1:45 PM

I think the real #1 crime is the rates which broadband providers charge for this slow internet in the USA.

skaffmanApril 24, 2007 2:18 PM

How many internet crimes against corporates go unreported because the companies is question don't want their reputation tarnished? Banks in particular.

Bruce SchneierApril 24, 2007 2:26 PM

"How many internet crimes against corporates go unreported because the companies is question don't want their reputation tarnished? Banks in particular."

Less now than years ago, I believe. Back then, banks had to pretend they were invincible; today customers have more realistic expectations.

But I'm sure quite a bit goes unreported. The only reason we know about these massive personal-data thefts are the mandatory disclosure laws.

aApril 24, 2007 2:31 PM

JoeKiller, welcome to Ireland then ... pay 3 x more for having 1/3 of the speed. You wouldn't believe what they call broadband in this country ...

ARMApril 24, 2007 2:45 PM

"[T]hose omnipresent Nigerian scam letters, which fleeced victims on average of $5,100 [...]"


I'm impressed that anyone silly enough to fall for one of those 419 scams after all this time has the financial smarts to have managed to accumulate 51 cents, let alone 51 hundred dollars...


After all the publicity surrounding these things (ABC even played a Nigerian music video mocking dimwitted westerners that fell for the scam), you've got to be either Pollyanna incarnate or dumb as a post to be taken in by one of those.

AnonymousApril 24, 2007 3:29 PM

@ARM

There will always be newbies, and there will always be those who are greedy. If half of newbies are below average intelligence, then there will always be a return on investment for the Nigerian scam.

TimApril 24, 2007 4:48 PM

Interesting take that the article author has on child porn. It is first mentioned as a "daily feature of online life" (how many of you encounter child porn on a daily basis on the internet?) and then again at the end as "what may be the internet's biggest scourge."

pointfreeApril 24, 2007 4:50 PM

"How many internet crimes against corporates go unreported because the companies is question don't want their reputation tarnished? Banks in particular."

I'd be very surprised if crimes are reported unless organisations are forced to, that is, unless the crime actually results in a definitive dollar value damage or loss that is significant enough that it cant be explained away to the shareholders. If organisations identify crime where privacy is compromised, security is compromised or information is lost in some unquantifiable way, I believe most wont go to the authorities and wont report it outside a minimal 'need to know' group internally.

I worked with an organisation where on a couple of occasions security was breached and in one case a substantial amount of information was compromised but because it wasn't a quantifiable loss (and because the customer would probably have taken action against my employer) it was officially kept quiet. The customer was aware of issues, but senior executives were deliberately economical with the truth. Another time (attempted) police action was involved when an employee was the 'attacker' and the police were only interested in the dollar value of the damage - when this couldn't be established, they weren't interested (which is probably more a reflection of the lack of maturity of laws relating to cyber crime in this jurisdiction).

I have no figures to back this up, but I'd be surprised if more than 10% of online crime is reported outside of a core team dealing with it inside the affected organisation. Only when the hand is forced would it become a matter for the authorities and I'd be surprised if all of them become public, though the percentage would increase I imagine.

Its a mighty big carpet that organisations keep on standby ready to sweep these things under.

jApril 24, 2007 6:37 PM

Re "JoeKiller, welcome to Ireland then ... pay 3 x more for having 1/3 of the speed. You wouldn't believe what they call broadband in this country ..."

The Texan, expansively: "Why you can get on a train at one end of Texas, ride all day, and at the end of the day you're still in Texas!"

The Irishman: "Yes, we have trains like that too, but we don't brag about 'em"

jApril 24, 2007 6:43 PM

RE: "what may be the internet's biggest scourge" and "daily basis" --

Certain folks, when they say "biggest scourge" probably mean "darkest scourge" - for many people the existence of child porn out there, even if they have never (or rarely) seen it, is a large black stain on the Internet.

Or they have spent too much time watching Law & Order SVU repeats (I know I do).

nostromoApril 25, 2007 1:09 AM

"The biggest money losers: those omnipresent Nigerian scam letters, which fleeced victims on average of $5,100"

People stupid enough to fall for a Nigerian scam letter will be separated from their money one way or another anyway.

"what may be the Web's biggest scourge, child porn,"

I get a lot of spam and waste too much time surfing, and I've never, ever, encountered any child porn as far as I can remember. Surely only a tiny number of mentally-ill individuals respond to it? How can it be the "biggest" scourge?

MeApril 25, 2007 2:47 AM

Isn't the biggest crime more likely to be copyright infringement?
I'd of thought that was huge compared to pretty much anything else.

gregApril 25, 2007 4:03 AM

Of course child porn never exsitied before the internet. Right?

Child porn is not really any more of a problem than it was before. Even the definition of child porn is different between countries. To the point where some legal pron in one country is child porn in another.

Its a boggie man that folks bring up to futher political agenders...

you know... Think of the children (even CG ones)... pass this law...

MicahApril 25, 2007 1:31 PM

I would agree with Joe Buck at the top. That's probably the only thing actually associated with the Internet (and broadband in particular). Everything else existed pre-Internet, even the Nigerian scams. They have been taking advantage of gullible doctors and lawyers via the fax machine for years...

gregApril 25, 2007 2:53 PM

@Me

Its much smaller than the MPAA want you to belive. Again, tapes were traded at school long before we had the internet.

mxApril 25, 2007 3:15 PM

far and away the biggest internet crime in dollar terms is the time wasted at work playing around on line. the cost is probably in the trillions world wide!

John FaughnanApril 25, 2007 5:02 PM

I'm not aware of any research, but my suspicion is that the majority of those Nigerian scam victims are elderly persons with significant cognitive impairment who have not yet progressed to dementia.

There are millions of American who are pre-dementia stage, and the number is growing fast. Many of these persons will have email, which they will have learned to use earlier in their "disease". (Dementia is more an aging process than a classic disease).

If you send out millions of these scams, a certain percentage will land on "fertile ground" -- severely impaired minds with control of a checking account.

These scum are praying on a very, very vulnerable population. Anyone who thinks this is "natural selection" should hope that our anti-Alzheimer's research bears fruit before the clock tolls for them.

ImpersonatingBruceApril 27, 2007 3:23 AM

``Identity theft is way down near the bottom."

Identity theft may be way down the bottom on the Internet. But as a percentage how much identity theft occurs online? Is dumpster diving still a popular attack? Stealing hardware? And of course, insiders.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..