Stefano Grazioli Tom Cogill

The e-mail in your inbox promising a $10 million payout could cost you thousands of dollars—and possibly your identity.

Think you’re too savvy to fall victim to a cyberspace swindle? Think again. The FBI’s Internet Crime Complaint Center received more than 230,000 complaints in 2005, an 11.6 percent increase over 2004. Experts predict this number will grow once the final 2006 numbers are crunched. Many victims never report the fraud, and perpetrators are becoming more skilled at their crooked craft, says Stefano Grazioli, an assistant professor in the McIntire School of Commerce.

Consumers are becoming more aware of Internet fraud and some are protecting themselves. But that only spurs an arms race of sorts, Grazioli says. “The smarter the consumer becomes, the smarter the deceiver has to become to survive and support a life of crime,” Grazioli says. “If you can’t fool anybody, you can’t be in that line of business very long.”

Grazioli’s research focuses on Internet deceivers and the tactics they use to seduce, dupe and fleece consumers and companies. He joined the McIntire School in 2002 and teaches financial systems engineering.

Deceitful Internet tactics range from simple to complex. Auction fraud is a basic one, usually involving taking a photo of an item, uploading the photo to eBay and then convincing a potential buyer to send a check or, preferably, cash. The fraudulent seller never sends the item and pockets the money.

More complicated frauds include e-mail scams, “phishing”—masquerading as a company to collect personal and credit card information—and page-jacking, which involves the replication of a Web site to make users feel as if they’re in a trusted place when they’re not. After the user enters sensitive information, the page-jacker takes that information to the real site, where he or she steals money or the user’s identity.

Grazioli’s research indicates that the median loss for each victim of fraud is $720. The costs are not just monetary, he says, noting that victims of Internet fraud may also face identity theft and experience a loss of privacy, fear and discomfort over being victimized.

There are additional, and potentially far-reaching, consequences of Internet fraud. “If people start being afraid, they may refrain from conducting business on the Internet,” Grazioli says. “Merchants pay the price because of the existence of these problems.”

Justice is difficult to enforce. Many perpetrators operate from countries where U.S. prosecution is difficult to pursue. Deceivers are hard to catch, and in many cases, not worth prosecuting.

“The bottom line is that the cost of complete elimination of all forms of deception will be prohibitively high,” Grazioli says, “so we will always live with deception at all points in time.”

Grazioli, himself a victim of credit card fraud, says that anyone can be a victim, and recommends doing “all your due diligence.”

The language of deception

Masking: Failing to disclose to Internet newsletter readers that the publisher receives advertiseing money from companies whose stocks the newsletter recommends.

Dazzling: “Free trial” offers that do not make clear that consumers must cancel a service before the trial period ends. Consumers who fail to cancel are enrolled automatically and begin incurring monthly charges.

Decoying: “Free stock” offers that require consumers to register themselves as stockholders with the company, which entails revealing detailed personal information—the deceivers’ real aim.

Mimicking: The creation of a mirror bank site virtually identical to a legitimate site. The site induces bank customers to reveal private information such as account numbers and passwords.

Inventing: Electronic auction sellers who simply do not have the merchandise that they promise to sell.

Relabeling: Describing very risky or questionable investments as sound financial opportunities.

Double Play: E-mails designed to look like internal memos sent by mistake by well-known investment firms. These messages contain false insider information, fabricated to induce the recipient to invest in a certain stock.