Chapter 3. Cyber Stalking, Fraud, and Abuse

Chapter Objectives

After reading this chapter and completing the exercises, you will be able to do the following:

Know the various types of Internet investment scams and auction frauds

Know specific steps one can take to avoid fraud on the Internet

Have an understanding of what identity theft is and how it is done

Know specific steps that can be taken to avoid identity theft

Understand what cyber stalking is, and be familiar with relevant laws

Know how to configure a web browser’s privacy settings

Know what laws apply to these computer crimes

There are many avenues for fraud on the Internet. In this chapter, we will explore what the various major types of fraud are, what the law says, and what you can do to protect yourself. Fortunately for some readers, this particular chapter is not particularly technical because most Internet fraud does not rely on in-depth technological expertise. Internet fraud merely uses the computer as a venue for many of the same fraud schemes that have been perpetrated throughout history.

1. The U.S. Securities and Exchange Commission. “Internet Fraud: How to Avoid Internet Investment Scams.” Washington, D.C.: Author, November 15, 2001. Accessed April 2011: www.sec.gov/investor/pubs/cyberfraud.htm

2. The U.S. Secret Service. “Public Awareness Advisory Regarding ‘4-1-9’ or ‘Advance Fee Fraud’ Schemes.” Washington, D.C.: Author, 2002. Accessed April 2011: www.lbl.gov/IT/CIS/CITG/email/419-Fraud.html

Now consider this investment scam, and variations of it, from a logical point of view. If you had large sums of money you needed to transfer, would you send it to a person in a foreign country, someone you had never met? Wouldn’t you be worried that the recipient would cash out her account and take the next plane to Rio? If a person needs to transfer money internationally, why doesn’t he just transfer the money to an account in the Bahamas? Or cash out the account and send it via Federal Express or United Parcel Service to a storage facility in the United States? The point is that there are many ways a person could get money out of a country without trusting some stranger he has never seen before. That fact alone should indicate to you that this offer is simply not legitimate. This concept is the first general principle you should derive concerning fraud. In any offer, consider the point of view of the person offering it. Does it sound as if he is taking an inordinately large risk? Does the deal seem oddly biased in your favor? Put yourself in his position. Would you engage in the deal if you were in his position? If not, then this factor is a sign that the deal might not be what it seems.

Sometimes these online stock bulletins can be part of a wider scheme, often called a pump and dump. A classic pump and dump is rather simple. The con artist takes a stock that is virtually worthless and purchases large amounts of it. The con artist then artificially inflates the value in several ways. One common method is to begin circulating rumors on various Internet bulletin boards and chat rooms that the stock is about to go up significantly. Often it is suggested by the trickster that the company has some new innovative product due to come out in the next few weeks. Another method is to simply push the stock on as many people as possible. The more people vying to buy a stock, the higher its price will rise. If both methods are combined, it is possible to take a worthless stock and temporarily double or triple its value. The perpetrator of the fraud has already purchased volumes of the stock, at a very low price, before executing this scheme. When the stock goes as high as she thinks it can, she then dumps her stock and takes the money. In a short time, and certainly by the time the company’s next quarterly earnings report is released, the stock returns to its real value. This sort of scheme has been very popular in the past several decades; thus, you should always be wary of such “insider” information. If a person is aware that Company X is about to release an innovative new product that will drive her stock value up, why would she share that information with total strangers?

The U.S. Securities and Exchange Commission lists several tips for avoiding such scams:³

3. The U.S. Securities and Exchange Commission “Pump+Dump.con: Avoiding Stock Scams on the Internet.” Washington, D.C.: Author, September 8, 2000. April 2011: www.sec.gov/investor/pubs/pump.htm

Consider the source. Especially if you are not well versed in the market, make sure you accept advice only from well-known and reputable stock analysts.

Independently verify claims. Do not simply accept someone else’s word about anything.

Research. Read up on the company, the claims about the company, its stock history, and so forth.

Beware of high-pressure tactics. Legitimate stock traders do not pressure customers into buying. They help customers pick stocks that customers want. If you are being pressured, that is an indication of potential problems.

Be skeptical. A healthy dose of skepticism can save you a lot of money. Or, as the saying goes, “If it sounds too good to be true, it probably is”

Make sure you thoroughly research any investment opportunity.

The truth is that these types of fraud depend on the greed of the victim. It is not my intent to blame victims of fraud, but it is important to realize that if you allow avarice to do your thinking for you, you are a prime candidate to be a victim of fraud. Your 401K or IRA may not earn you exorbitant wealth overnight, but it is steady and relatively safe. (No investment is completely safe.) If you are seeking ways to make large sums of money with minimal time and effort, then you are an ideal target for perpetrators of fraud.

4. The U.S. Federal Trade Commission, Accessed April 2011: https://www.onguardonline.gov/articles/0020-shopping-online

Failure to send the merchandise

Sending something of lesser value than advertised

Failure to deliver in a timely manner

Failure to disclose all relevant information about a product or terms of the sale

The first category, failure to deliver the merchandise, is the most clear-cut case of fraud and is fairly simple. Once you have paid for an item, no item arrives. The seller simply keeps your money. In organized fraud, the seller will simultaneously advertise several items for sale, collect money on all the auctions, and then disappear. If he has planned this well, the entire process was done with a fake identification, using a rented mailbox and anonymous email service. The person then walks away with the proceeds of the scam.

The second category of fraud, delivering an item of lesser value than the one advertised, can become a gray area. In some cases, it is outright fraud. The seller advertises something about the product that simply is not true. For example, the seller might advertise a signed copy of the first printing of a famous author’s book but then instead ship you a fourth printing with either no autograph or one that is unverified. However, in other cases of this type of problem, it can simply be that the seller is overzealous, or frankly mistaken. The seller might claim his baseball was signed by a famous athlete but not be aware himself that the autograph is a fraud.

The second category is closely related to the fourth item on the FTC list: failure to disclose all relevant facts about the item. For example, a book might be an authentic first printing and autographed but be in such poor physical condition as to render it worthless. This fact may or may not be mentioned in advance by the seller. Failure to be forthcoming with all the relevant facts about a particular item might be the result of outright fraud or simply of the seller’s ignorance. The FTC also lists failure to deliver the product on time as a form of fraud. It is unclear whether or not that is fraud in many cases or merely woefully inadequate customer service.

Shill bidding, when fraudulent sellers (or their “shills”) bid on the seller’s items to drive up the price.

Bid shielding, when fraudulent buyers submit very high bids to discourage other bidders from competing for the same item. The fake buyers then retract their bids so that people they know can get the item at a lower price.

Bid siphoning, when con artists lure bidders off legitimate auction sites by offering to sell the “same” item at a lower price. Their intent is to trick consumers into sending money without proffering the item. By going off-site, buyers lose any protections the original site may provide, such as insurance, feedback forms, or guarantees.

All of these tactics have a common aim: to subvert the normal auction process. The normal auction process is an ideal blend of capitalism and democracy. Everyone has an equal chance to obtain the product in question if she is willing to outbid the other shoppers. The buyers themselves set the price of the product, based on the value they perceive the product to have. In my opinion, auctions are an excellent vehicle for commerce. However, unscrupulous individuals will always attempt to subvert a process for their own goals.

In the case of getting a driver’s license in the victim’s name, this fraud might be attempted to shield the perpetrator from the consequences of her own poor driving record. For example, a person might get your driving information to create a license with her own picture. Perhaps the criminal in this case has a very bad driving record and even warrants out for immediate arrest. Should the person be stopped by law enforcement officers, she can then show the fake license. When the police officer checks the license, it is legitimate and has no outstanding warrants. However, the ticket the criminal receives will be going on your driving record because it is your information on the driver’s license. It is also unlikely that the perpetrator of that fraud will actually pay the ticket, so at some point you—whose identity was stolen—will receive notification that your license has been revoked for failure to pay a ticket. Unless you can then prove, with witnesses, that you were not at the location the ticket was given at the time it was given, you may have no recourse but to pay the ticket, in order to reestablish your driving privileges.

The U.S. Department of Justice defines identity theft in this manner:⁵

5. The U.S. Department of Justice Identity Theft web page, Accessed April 2011: https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud

“Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.”

The advent of the Internet has made the process of stealing a person’s identity even easier than it used to be. Many states now have court records and motor vehicle records online. In some states, a person’s social security number is used for the driver’s license number. So if a criminal gets a person’s social security number, he can look up that person’s driving record, perhaps get a duplicate of the person’s license, find out about any court records concerning that person, and on some websites, even run the person’s credit history. Later in this book, we will examine using the Internet as an investigative tool. Like any tool, it can be used for benign or malevolent purposes. The same tools you can use to do a background check on a prospective employee can be used to find out enough information to forge someone else’s identity.

Many end users today are aware of these sorts of tactics and avoid clicking on email links. But unfortunately, not everyone is so prudent, and this attack still is effective. It is also the case that the attackers have come up with new ways of phishing. One of these methods is called cross-site scripting. If a website allows users to post content that other users can see (such as a product review), the attacker then posts, but instead of posting a review or other legitimate content, the attacker posts a script (Java-Script or something similar). Now when other users visit that web page, instead of loading a review or comment, it will load the attacker’s script. That script may do any number of things, but it is common for the script to redirect the end user to a phishing website. If the attacker is clever, the phishing website looks identical to the real one, and end users are not aware they have been redirected. Cross-site scripting can be prevented by web developers filtering all user input.

6. The U.S. Department of Justice Cyber Stalking page. Accessed April 2011: https://www.justice.gov/criminal/cybercrime/cyberstalking.htm

“Although there is no universally accepted definition of cyber stalking, the term is used in this report to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person’s property. Most stalking laws require that the perpetrator make a credible threat of violence against the victim; others include threats against the victim’s immediate family; and still others require only that the alleged stalker’s course of conduct constitute an implied threat. While some conduct involving annoying or menacing behavior might fall short of illegal stalking, such behavior may be a prelude to stalking and violence and should be treated seriously.”

If someone uses the Internet to harass, threaten, or intimidate another person, then the perpetrator is guilty of cyber stalking. The most obvious example is sending threatening email. The guidelines on what is considered “threatening” can vary a great deal from jurisdiction to jurisdiction. But a good rule of thumb is that if the email’s content would be considered threatening in normal speech, then it will probably be considered a threat if sent electronically. Other examples of cyber stalking are less clear. If you request that someone quit emailing you, yet she continues to do so, is that a crime? Unfortunately, there is no clear answer on that issue. The truth is that it may or may not be considered a crime, depending on such factors as the content of the emails, the frequency, the prior relationship between you and the sender, as well as your jurisdiction.

In the first successful prosecution under California’s new cyber stalking law, prosecutors in the Los Angeles District Attorney’s Office obtained a guilty plea from a 50-year-old former security guard who used the Internet to solicit the rape of a woman who rejected his romantic advances. The defendant terrorized his 28-year-old victim by impersonating her in various Internet chat rooms and online bulletin boards, where he posted, along with her telephone number and address, messages that she fantasized being raped. On at least six occasions, sometimes in the middle of the night, men knocked on the woman’s door saying they wanted to rape her. The former security guard pleaded guilty in April 1999 to one count of stalking and three counts of solicitation of sexual assault. He faces up to six years in prison.

A local prosecutor’s office in Massachusetts charged a man who, using anonymous re-mailers, allegedly engaged in a systematic pattern of harassment of a co-worker, which culminated in an attempt to extort sexual favors from the victim under threat of disclosing past sexual activities to the victim’s new husband.

An honors graduate from the University of San Diego terrorized five female university students over the Internet for more than a year. The victims received hundreds of violent and threatening emails, sometimes receiving four or five messages a day. The graduate student, who has entered a guilty plea and faces up to six years in prison, told police he committed the crimes because he thought the women were laughing at him and causing others to ridicule him. In fact, the victims had never met him.

A man in South Carolina allegedly fixated on news anchors at the WRAL TV station. He sent a large number of emails to the news anchors. Those emails contained sexually explicit material as well as references to cross burnings. The case was investigated by the South Carolina Bureau of Investigation.

Robert James Murphy was the first person charged under federal law for cyber stalking. He was accused of violating Title 47 of U.S. Code 223, which prohibits the use of telecommunications to annoy, abuse, threaten, or harass anyone. Mr. Murphy was accused of sending sexually explicit messages and photographs to his ex-girlfriend. This activity continued for a period of years. He was charged and eventually pled guilty to two counts of cyber stalking.

James Allen was convicted in 2015 of both child pornography and cyber stalking. He was accused of having harassed 18 New York girls online. He used the harassment to extort illicit pictures from the girls.

Clearly, using the Internet to harass people is just as serious a crime as harassing them in person. And it can lead to real-world crimes. This problem has even extended to workplace issues. For example, court cases have upheld that unwanted email pornography can be construed as sexual harassment. If an employee complains about unwanted email, the employer has a duty to at least attempt to ameliorate the situation. This attempt can be as simple as installing a very inexpensive spam blocker (software that tries to limit or eradicate unwanted email). However, if the employer takes no steps whatsoever to correct the problem, that reticence may be seen by a court as contributing to a hostile work environment. As previously stated, if the stalking act would constitute as harassment in person, then it would be considered harassment in cyberspace. Black’s Law Dictionary⁷ defines harassment as follows:

7. Blacks Law Dictionary, 1999, West Publishing Company, 7th Edition.

“A course of conduct directed at a specific person that causes substantial emotional distress in such person and serves no legitimate purpose.”

“Words, gestures, and actions that tend to annoy, alarm, and abuse (verbally) another person.”

Usually law enforcement officials will need some credible threat of harm in order to pursue harassment complaints. In simple terms, this situation means that if you are in an anonymous chat room and someone utters some obscenity, that act probably will not be considered harassment. However, if you receive specific threats via email, those threats would probably be considered harassment.

Many states specifically prohibit cyber stalking; and in general, existing anti-stalking laws can be applied to the Internet. In 2001, in California a man was convicted of cyber stalking under existing antistalking statutes.⁸ Other countries also have existing antistalking laws that can be applied to cyber stalking as well. Canada has had a comprehensive antistalking law since 1993. Unfortunately, there are many similar cases. Just a few include the following:

8. The Identity Theft and Deterrence Act of 1998, USC 1028

From 2010, there is the case of Joseph Medico (70 years old), who met a 16-year-old girl at his church. Mr. Medico followed the girl to her car and tried to talk her into going to dinner with him and then back to his home. When she rejected his advances, he began calling and texting her several times a day. His activities escalated until the girl reported the activities and Mr. Medico was arrested for stalking.

In 2008 Shawn Michael Hutchinson, 20, posted threats and nude pictures of a former girlfriend. His threats included statements such as ‘“I told you that if I saw you with David that would be the end of you. That’s not a threat, it’s a promise.”

One reason law enforcement agencies are taking a much closer look at cyber crimes is the frequency with which they become real-world crimes with real consequences in the physical world. We have already mentioned cyber stalking that has, in some cases, escalated to real-world assaults and even homicides. Let’s examine a few other ways that the cyber world can be connected to physical crimes. These crimes were selected over the period of 2006 to 2015.

In 2006, Arizona resident Heather Kane was arrested for using MySpace to attempt to solicit a hit man to kill a woman whose picture had appeared on Ms. Kane’s boyfriend’s MySpace page. After finding a person she thought was a hit man, she met with him and gave him a $400 down payment. The individual was in fact an undercover police officer.

In February 2009 in the United Kingdom, Edward Richardson stabbed his wife to death because she had changed her marital status on her Facebook page from married to single.

In July 2008, Scott Knight of Aurora, Oregon, was arrested on charges that he raped a 13-year-old girl he had met through MySpace.⁹ A similar case occurred in 2009, when William Cox of Kentucky was charged with raping a 13-year-old girl that he, too, met on MySpace.

9. The Minneapolis-St.Paul Star Tribune, Accessed August 23, 2001: www.startribune.com/

In 2012, in the town of McKinney, Texas—which just happens to be very close to my own home—a man used Craigslist apartment ads to lure women to a location so he could rape them. He was captured, convicted, and sentenced to 20 years in prison.

Also in 2012, U.S. Forest Rangers in Utah were trying to find who was responsible for setting up medieval booby traps along hiking trails in Utah. The police were tipped off that two men, Benjamin Rutkowsky and Kai Christenson, had been chatting about setting the traps on Facebook.

2015 brought a new twist on cyber stalking. David Matusiewicz, his sister Amy Gonzalez, and his mother Lenore Matusiewicz are the first defendants in the United States charged with cyber stalking resulting in death. The three were found guilty of conspiracy and cyber stalking that led to the death of Mr. Matusiewicz’s ex-wife. The victim was killed by Mr. Matusiewicz’s father after a long pattern of cyber stalking by the defendants in this case. The shooter took his own life after shooting the victim and the victim’s friend as they showed up at a Delaware courthouse for a child support hearing.

One could fill several volumes with similar cases. The common element of all but the last of these is that a computer was used as either an agent or a catalyst for a real-world violent crime. These cases should make clear to the reader that computer crime is not just about hacking, fraud, and property crimes. It is becoming more common for law-enforcement officers to find a computer/Internet element in traditional crimes. And I am sure most readers have heard about Craigslist’s “erotic services” ads, which are in reality advertisements for prostitution. The last case shows that although a computer might not always be a part of the crime, it could lead to evidence of the crime. There are numerous other cases of criminals posting Facebook messages, tweets, and YouTube videos that contain incriminating evidence and, in some cases, full confessions.

The other element of a threat is viability. Is the threat credible? On the Internet, people are frequently more vocal and often more hostile than they are in other venues. That means a law enforcement officer must to some extent differentiate between someone simply spouting off or venting versus someone making a real, serious threat. The question becomes, how do you determine whether to take a threat seriously? The key is to look for four factors:

Credibility: For a threat to be credible, there must be some reasonable expectation that it could be carried out. For example, suppose a woman in Nebraska is on an Internet discussion board and receives a general threat from another user living in Bangkok in the course of a heated debate. In this scenario, the sender very likely has no idea where the recipient lives. Indeed, because many people use screen names on the Internet, the sender may not even know the recipient’s real name, gender, age, or appearance. That means this threat has a very low level of credibility. If, however, the woman in Nebraska receives a threat from the user in Bangkok accompanied with personal information such as her address, her place of work, or a photo of her, that is a very credible threat.

Frequency: Unfortunately, people often make ill-advised comments on the Internet. Often, however, a single hostile comment is just a person reacting too emotionally and too quickly online. For this reason, this type of comment is less of a concern than a pattern of threats over a period of time. Frequently, stalkers escalate their comments and threats over time, gradually building up to a point where they act violently. While there certainly may be cases in which a single threat warrants investigation, as a general rule, isolated threats are of less concern than a pattern of harassment and threats.

Specificity: Specificity refers to how specific the perpetrator is regarding the nature of the threat, the target of the threat, and the means of executing the threat. Of course, it is very important for law enforcement officers to realize that real threats can sometimes be vague. Put another way, real threats aren’t always specific. But specific threats are usually real. As an example, someone receiving an email saying, “You will pay for that” is less of a concern than an email containing a specific threat of a very specific type of violence, such as, “I will wait for you after work and shoot you in the head with my 9mm” along with a photo of the recipient leaving work. (The photo also makes it very credible.) This threat is specific and should be of much greater concern to law enforcement.

Intensity: This refers to the general tone of the communications, the nature of the language, and the intensity of the threat. Graphic and particularly violent threats should always be taken very seriously by law enforcement. Often, when someone is simply venting or reacting emotionally, he may make statements that could be considered threatening. In these cases, however, most people make low-intensity statements, such as threatening to beat someone up. Threats such as these are of less concern than, say, a threat to dismember someone. This is because normal, nonviolent people can lose their temper and want to punch someone in the nose. But normal, nonviolent people don’t usually lose their temper and want to cut someone into pieces with a chainsaw. Anytime a threat is raised to a level that is beyond what a reasonable person might say, even in a hostile situation, that threat becomes of greater concern.

All four of these criteria need not be met for a cyber threat to be considered viable. Law enforcement officers must always rely on their own judgment and should err on the side of caution. A particular officer may feel a given threat is very serious even if several of these criteria are not met. That officer should then treat the threat as a serious concern. And if one or more of these criteria are present, the officer should always treat the matter seriously, regardless of her personal inclinations. A credible, frequent, specific, and intense threat is very often a prelude to real-world violence.

1. The initial conversation the predator initiates with a minor will probably be about an innocuous topic that is of interest to a minor. During this initial phase the predator is often looking for key signs that this child might be a likely target. For example, children that feel like they don’t belong, are not getting enough attention from parents, or are going through some major life issue such as parental divorce are likely targets.

2. Once the predator has identified a potential target, he will then begin trying to extend the conversations outside the chat room or social page, into private chats or emails. He will also likely be very sympathetic to whatever the child’s problem is. Predators often use flattery with their intended victims. Children who feel like they don’t belong or who have low self-esteem are very susceptible to these sorts of tactics.

3. The next step is to begin easing sexual content into the conversation. Their intent is to gradually get the child comfortable discussing sexual topics. Usually they are careful to take this phase carefully so as not to cause the targeted child to panic. If this process proceeds to a point the predator feels comfortable, he will then suggest a face-to-face meeting. In some cases the face-to-face meeting is expressly for the purpose of sex; in others, the predator will lure the child to a location with the promise of some seemingly benign activity such as video games or a movie.

4. Of course, there are sometimes deviations from this pattern. Some predators move much quicker to meet with the child face to face. They may also avoid sexual conversations at all and simply try to lure the child out of her house with the intent of forcibly molesting the child. Whether the predator chooses to lure the child and then force a sex act or attempts to seduce the child depends on how the predator views the act. It may surprise some readers to discover that some pedophiles actually view themselves not as child molesters, but rather as being in a relationship with the child. They actually think their behavior is acceptable and it is simply society that fails to understand them. This sort of pedophile is much more likely to use a method of gradually increasing the sexual content and explicitness of the online conversation. Their intent is to seduce the child.

There have been a number of well-publicized sting operations with the purpose of catching online predators. In these operations, adults (sometimes law enforcement officers, sometimes not) pose as minors online and wait for a pedophile to approach them and attempt to engage in sexually explicit conversations. These attempts have been quite controversial. Given the nature of the activities, however, it seems unlikely that a nonpedophile adult could accidentally or mistakenly become involved in explicit sexual discussions with a minor. It is even less likely that a nonpedophile adult would attempt to meet in the physical world with a person she believed to be a minor. It would certainly seem that these programs, if conducted properly, can be an invaluable tool in combating online predators.

It should be noted that many states have an online sex offender database. This allows you to look up anyone who might be on the sex offender list. In many cases such databases provide a photo and a birthdate to help prevent misidentifications due to similar names. The following list are a few such directories:

Texas: https://records.txdps.state.tx.us/sexoffender/

U.S. Department of Justice: https://www.nsopw.gov/?AspxAutoDetectCookieSupport=1

Alabama: https://app.alea.gov/Community/wfSexOffenderSearch.aspx

New York: http://www.criminaljustice.ny.gov/SomsSUBDirectory/search_index.jsp

Identity theft has been the subject of various state and federal laws. Most states now have laws against identity theft. This crime is also covered by federal law. In 1998, the federal government passed 18 U.S.C. 1028, also known as the Identity Theft and Assumption Deterrence Act of 1998. This law made identity theft a federal crime. Throughout the United States, federal law now covers identity theft. In many states identity theft is also covered by state law.

One nation that has decided to crack down hard on cyber criminals is Romania. Some experts have described Romanian cyber crime law as the strictest in the world. However, what is most interesting about Romanian law is how specific it is. The crafters of this legislation went to some effort to very specifically define all the terms used in the legislation. This specificity is very important in order to avoid defendants finding loopholes in laws. Unfortunately, the Romanian government only took such measures after media sources around the world identified their country as a “Citadel for Cyber Crime.” The country’s reactive approach to cyber crime is probably not the best solution.

The University of Dayton School of Law has an entire website devoted to cyber crime. The school has some rather extensive links on cyber crime, cyber stalking, and other Internet-based crimes. As we move forward in the twenty-first century, one can expect to see more law schools with courses dedicated to cyber crime.

An interesting phenomenon has begun in the past few years: the emergence of attorneys who specialize in cyber crime cases. The fact that there are lawyers who specialize in this area of law is a strong indicator that Internet crime is a growing problem in modern society.

1. Only invest with well-known, reputable brokers.

2. If it sounds too good to be true, then avoid it.

3. Ask yourself why this person is informing you of this great investment deal. Why would a complete stranger decide to share some incredible investment opportunity with you?

4. Remember that even legitimate investment involves risk, so never invest money that you cannot afford to lose.

1. Do not provide your personal information to anyone if it is not absolutely necessary. This rule means that when communicating on the Internet with anyone you do not personally know, do not reveal anything about yourself—not your age, occupation, real name, anything.

2. Destroy documents that have personal information on them. If you simply throw away bank statements and credit card bills, then someone rummaging through your trash can get a great deal of personal data. You can obtain a paper shredder from an office supply store or many retail department stores for less than $20. Shred these documents before disposing of them. This rule may not seem like it is related to computer security, but information gathered through nontechnical means can be used in conjunction with the Internet to perpetrate identity theft.

3. Check your credit frequently. Many websites, including www.consumerinfo.com, allow you to check your credit and even get your beacon score for a nominal fee. I check my credit twice per year. If you see any items you did not authorize, that is a clear indication that you might be a victim of identity theft.

4. If your state has online driving records, then check yours once per year. If you see driving infractions that you did not commit, this evidence is a clear sign that your identity is being used by someone else. In an upcoming chapter on cyber detective work, we will explore in detail how to obtain such records online, often for less than $5.

To summarize, the first step in preventing identity theft is restricting the amount of personal information you make available. The next step is simply monitoring your credit and driving records so that you will be aware if someone attempts to use your identity.

Another part of protecting your identity is protecting your privacy in general. That task means preventing others from gaining information about you that you don’t explicitly provide them. That preventive method includes keeping websites from gathering information about you without your knowledge. Many websites store information about you and your visit to their site in small files called cookies. These cookie files are stored on your machine. The problem with cookies is that any website can read any cookie on your machine—even ones that the website you are currently visiting did not create. So if you visit one website and it stores items like your name, the site you visited, and the time you were there, then another website could potentially read that cookie and know where you have been on the Internet. One of the best ways to stop cookies you don’t want is anti-spyware software. We will discuss such software in more detail in a later chapter. Right now, let’s see how to change your Internet settings to help reduce exposures to your privacy.

When you select that Privacy tab, you will see the screen shown in Figure 3.2. Notice the sliding bar on the left that lets you select various levels of general protection against cookies. It is recommended that you select Medium High as your level.

Note the Advanced button at the bottom of the screen. This button allows you to block or allow individual websites from creating cookies on your computer’s hard drive. Altering cookie settings on your machine is just one part of protecting your privacy, but it is an important part.

You probably also want to ensure that you have selected the InPrivate Browsing option, shown in Figure 3.2.

If you are working with Firefox, the process is similar. You select Tools from the drop-down menu and then select Options. You will see the screen shown in Figure 3.3.

Notice the Privacy option, and you will see a screen much like the one shown in Figure 3.4.

As you can see from Figure 3.4, there are a number of privacy settings for you to select, and they are self-explanatory. You can also select the Security tab and see the screen in Figure 3.5.

I recommend selecting High Security. Also, I would only allow first-party cookies. Third-party cookies are notorious for behaving in ways that violate user privacy. We will discuss cookies and spyware in much more detail in a later chapter, but the simple steps just examined can go a long way toward helping to secure your privacy.

Dealing with auction fraud involves a different set of precautions; here are four good ideas.

1. Only use reputable auction sites. The most well-known site is eBay, but any widely known, reputable site will be a safer gamble. Such auction sites tend to take precautions to prevent fraud and abuse.

2. If it sounds too good to be true, don’t bid.

3. Some sites actually allow you to read feedback other buyers have provided on a given seller. Read the feedback, and only work with reputable sellers.

4. When possible use a separate credit card, one with a low limit, for online auctions. That way, should your credit card be compromised, your liability is limited. Using your debit card is simply inviting trouble.

Online auctions can be a very good way to get valuable merchandise at low prices. However, one must exercise some degree of caution when using these services.

Protecting yourself from online harassment also has its own guidelines:

1. If you use chat rooms, discussion boards, and so forth, do not use your real name. Set up a separate email account with an anonymous service, such as Yahoo!, Gmail, or Hotmail. Then use that account and a fake name online. This makes it very hard for an online stalker to trace back to you personally.

2. If you are the victim of online harassment, keep all the emails in both digital and printed format. Use some of the investigative techniques we will explore later in this book to try to identify the perpetrator. If you are successful, then you can take the emails and the information on the perpetrator to law enforcement officials.

3. Do not, in any case, ignore cyber stalking. According to the Working to Halt Online Abuse website, 19% of cyber stalking cases escalate to stalking in the real world.

It is not the intent of this chapter or of this book to make you frightened about using the Internet. I routinely use the Internet for entertainment, commerce, and informational purposes. One simply needs to exercise some caution when using the Internet.

Cyber stalking is one area that is often new to both civilians and law enforcement. It is very important that both groups have a clear understanding of what is, and is not, cyber stalking. Unfortunately, cyber stalking cases can escalate into real-world violence.

A. The Nigerian fraud

B. The Manhattan fraud

C. The pump and dump

D. The bait and switch

2. What is the most likely problem with unsolicited investment advice?

A. You might not earn as much as claimed.

B. The advice might not be truly unbiased.

C. The advice might not be from a legitimate firm.

D. You might lose money.

3. Artificially inflating a stock in order to sell it at a higher value is referred to as what?

A. Bait and switch

B. The Nigerian fraud

C. Pump and dump

D. The Wall Street fraud

4. What is the top rule for avoiding Internet fraud?

A. If it seems too good to be true, it probably is.

B. Never use your bank account numbers.

C. Only work with people who have verifiable email addresses.

D. Don’t invest in foreign deals.

5. Which of the following is not one of the Security and Exchange Commission’s tips for avoiding investment fraud?

A. Don’t invest online.

B. Consider the source of the offer.

C. Always be skeptical.

D. Always research the investment.

6. What are the four categories of auction fraud?

A. Failure to send, failure to disclose, sending to wrong address, failure to deliver

B. Failure to send, failure to disclose, sending something of lesser value, failure to deliver

C. Failure to disclose, sending something to wrong address, failure to send, failure to deliver

D. Failure to disclose, sending something of lesser value, failure to send, sending something of greater value

7. A seller bidding on her own item to drive up the price is referred to as what?

A. Bid siphoning

B. Bid shielding

C. Shill bidding

D. Ghost bidding

8. Submitting a fake but very high bid to deter other bidders is referred to as what?

A. Bid siphoning

B. Bid shielding

C. Shill bidding

D. Ghost bidding

9. Identity theft is most often attempted in order to accomplish what goal?

A. To make illicit purchases

B. To discredit the victim

C. To avoid criminal prosecution

D. To invade privacy

10. According to the U.S. Department of Justice, identity theft is generally motivated by what?

A. Malicious intent

B. Personal hostility toward the victim

C. Economic gain

D. Thrill seeking

11. Why is cyber stalking a serious crime?

A. It is frightening to the victim.

B. It can be a prelude to violent crime.

C. It is using interstate communication.

D. It can be a prelude to identity theft.

12. What is cyber stalking?

A. Any use of the Internet to send or post threats

B. Any use of electronic communications to stalk a person

C. Only use of email to send threats

D. Only the use of email to stalk a person

13. What will law enforcement officials usually require of the victim in order to pursue harassment allegations?

A. A verifiable threat of death or serious injury

B. A credible threat of death or serious injury

C. A verifiable threat of harm

D. A credible threat of harm

14. If you are posting anonymously in a chat room and another anonymous poster threatens you with assault or even death, is this person’s post harassment?

A. Yes; any threat of violence is harassment.

B. Probably not because both parties are anonymous, so the threat is not credible.

C. Yes; chat room threats are no different from threats in person.

D. Probably not because making a chat room threat is not the same as making a threat in person.

15. What must exist for cyber stalking to be illegal in a state or territory?

A. Specific laws against cyber stalking in that state or territory.

B. Specific laws against cyber stalking in that nation.

C. Nothing; existing stalking laws can apply.

D. Nothing; existing international cyber stalking laws apply.

16. What is the first step in protecting yourself from identity theft?

A. Never provide personal data about yourself unless absolutely necessary.

B. Routinely check your records for signs of identity theft.

C. Never use your real name on the Internet.

D. Routinely check for spyware on your computer.

17. What can you do on your local computer to protect your privacy?

A. Install a virus scanner.

B. Install a firewall.

C. Set your browser’s security settings.

D. Set your computer’s filter settings.

18. What is a cookie?

A. A piece of data that web servers gather about you

B. A small file made that contains data and then is stored on your computer

C. A piece of data that your web browser gathers about you

D. A small file made that contains data and then is stored on the web server

19. Which of the following is not an efficient method of protecting yourself from auction fraud?

A. Only use auctions for inexpensive items.

B. Only use reputable auction sites.

C. Only work with well-rated sellers.

D. Only bid on items that seem realistic.

20. The top rule for chat room safety is what?

A. Make certain you have antivirus software installed.

B. Never use your real name or any real personally identifying characteristics.

C. Only use chat rooms that encrypt transmissions.

D. Use chat rooms that are sponsored by well-known websites or companies.

21. Why is it useful to have a separate credit card dedicated to online purchases?

A. If the credit card number is used illegally, you will limit your financial liability.

B. You can keep better track of your auction activities.

C. If you are defrauded, you can possibly get the credit card company to handle the problem.

D. You can easily cancel that single card, if you need to do so.

22. What percentage of cyber stalking cases escalate to real-world violence?

A. Less than 1%

B. 25%

C. 90% or more

D. About 19%

23. If you are a victim of cyber stalking, what should you do to assist the police?

A. Nothing; it is their job and you should stay out of it.

B. Attempt to lure the stalker into a public place.

C. Keep electronic and hard copies of all harassing communications.

D. Try to provoke the stalker into revealing personal information about himself.

24. What is the top way to protect yourself from cyber stalking?

A. Do not use your real identity online.

B. Always use a firewall.

C. Always use a virus scanner.

D. Do not give out email addresses.

1. This process was described in detail with images in the chapter, but we will walk through the process here:

Select Tools from the drop-down menu at the top of Internet Explorer, and then choose Internet Options.

Select the third tab, which is labeled Privacy.

Click the Advanced button.

Set your browser to accept first-party cookies, prompt for third-party cookies, and accept session cookies.

EXERCISE 3.2: Using Alternative Web Browsers

1. Download the Firefox browser from www.mozilla.org.

2. Set privacy and security settings.

1. Using the Web or other resources, find out what your state, country, or province’s laws are regarding cyber stalking.

2. Write a brief paper describing those laws and what they mean. You may select to do a quick summary of several laws or a more in-depth examination of one law. If you choose the former, then simply list the laws and write a brief paragraph explaining what they cover. If you choose the latter option, then discuss the law’s authors, why it was written, and possible ramifications of the law.

PROJECT 3.2: Looking for Auction Fraud

Go to any auction site and try to identify if there are any sellers you feel might be fraudulent. Write a brief paper explaining what about that seller indicated that he may not be dealing honestly.

PROJECT 3.3: Examining Cyber Stalking Case Studies

1. Using the Web, find a case of cyber stalking not mentioned in this chapter. You may find some of the following websites helpful:

www.safetyed.org/help/stalking/

www.cyber-stalking.net/

www.technomom.com/harassed/index.shtml

2. Write a brief paper discussing this case, with particular attention to steps you think might have helped avoid or ameliorate the situation.