RSN™ Guide: Online Crime Type Definitions

Online Or Cybercrimes Come In Many Different Forms

This is a short overview of each.


“419” refers to the section in Nigerian law regarding con artistry and fraud and is associated with requests for help facilitating the transfer of money. The sender of the “419” letter or email offers the recipient a commission or share in the profits of a transfer of money, but will first request the recipient send money to pay for some of the costs associated with the transfer. The recipient may be sent a payment and instructed to keep a portion of the payment, but send the rest on to another individual or business.

Advanced Fee:

In advance fee schemes, the perpetrator informs a victim that the victim has qualified for a large financial loan or has won a large financial award, but must first pay the perpetrator taxes or fees in order to access the loan or award. The victim pays the advance fee, but never receives the promised money.


A fraudulent transaction or exchange that occurs in the context of an online auction site.


A network of computers — may be one of the machines is yours — that scammers have infected with hidden software to secretly send spam.

Business Email Compromise/Email Account Compromise:

BEC is a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments. EAC is a similar scam that targets individuals. These sophisticated scams are carried out by fraudsters compromising email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfer of funds.


Perpetrators set up false charities, usually following natural disasters, and profit from individuals who believe they are making donations to legitimate charitable organizations.

Civil Matter:

Civil lawsuits are any disputes formally submitted to a court that is not criminal.

Confidence/Romance Fraud:

A perpetrator deceives a victim into believing the perpetrator and the victim have a trust relationship, whether family, friendly or romantic. As a result of that belief, the victim is persuaded to send money, personal and financial information, or items of value to the perpetrator or to launder money on behalf of the perpetrator. Some variations of this scheme are romance/dating scams or the grandparent’s scam.

Corporate Data Breach:

A leak or spill of business data that is released from a secure location to an untrusted environment. It may also refer to a data breach within a corporation or business where sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.


The illegal placement of unauthorized charges on your telephone bill for unrequested services or calls not made.

Credit Card:

Credit card fraud is a wide-ranging term for fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction.

Crimes Against Children:

Anything related to the exploitation of children, including child abuse.

Criminal Forums:

A medium where criminals exchange ideas and protocols relating to intrusion.

Denial of Service:

An interruption of an authorized user’s access to any system or network, typically caused with malicious intent.

Employment Fraud:

An individual believes they are legitimately empoyed, and loses money or launders money/items during the course of their employment.


Unlawful extraction of money or property through intimidation or undue exercise of authority. It may include threats of physical harm, criminal prosecution, or public exposure.


Online gambling, also known as Internet gambling and iGambling, is a general term for gambling using the Internet.


A Form Of Psychological Manipulation To Destroy Your Sense Of Reality. Gaslighting manipulate (someone) by psychological means into questioning their own sanity or reality. Gaslighting is the systematic process of attempting to erode another person’s reality by consistently telling them that what they are experiencing is not true! And the gradual giving up on their reality; or by the suspension of disbelief by that person!

Government Impersonation:

A government official is impersonated in an attempt to collect money.


Someone who uses the Internet to illegally break into computers. They use numerous software tools to gain access to a computer or a protected account on a computer network.


A computer hacker whose activity is aimed at promoting a social or political cause.

Harassment/Threats of Violence:

Harassment occurs when a perpetrator uses false accusations or statements of fact to intimidate a victim. Threats of Violence refers to an expression of an intention to inflict pain, injury, or punishment, which does not refer to the requirement of payment.

A scheme attempting to defraud private or government health care programs, usually involving health care providers, companies, or individuals. Schemes may include offers for fake insurance cards, health insurance marketplace assistance, stolen health information, or may involve medications, supplements, weight loss products, or diversion/pill mill practices. These scams are often initiated through spam email, Internet advertisements, links in forums or social media, and fraudulent websites.

The theft and illegal use of others’ ideas, inventions, and creative expressions, to include everything from trade secrets and proprietary products to parts to movies, music, and software.

Identity Theft/Account Takeover:

Identify theft involves a perpetrator stealing another person’s personal identifying information, such as name or Social Security number, without permission to commit fraud. Account Takeover is when a perpetrator obtains account information to perpetrate a fraud on existing accounts.


Deceptive practice that induces investors to make purchases on the basis of false information. These scams usually offer the victims large returns with minimal risk. Variations of this scam include retirement schemes, Ponzi schemes and pyramid schemes.

Keystroke Logger:

A usually covert program that tracks (or logs) sequential strokes on your keyboard to allow remote hackers to capture your passwords and online banking and credit card information.


An individual is contacted about winning a lottery or sweepstakes they never entered and are asked to pay a tax or fee in order to receive their winnings.


Software intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds. Short for “malicious software,” this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts.


Merchandise or services were purchased or contracted by individuals online for which the purchasers provided payment. The goods or services received were of a measurably lesser quality or quantity than was described by the seller.

No Lead Value:

Incomplete complaints which do not allow a crime type to be determined. About 50% of all online scam reports fall into this type because of poor reporting by victims.


In non-payment situations, goods and services are shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received.


Other types of fraud not listed.

Personal Data Breach:

A leak or spill of personal data that is released from a secure location to an untrusted environment. It may also refer to a security incident in which an individual’s sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual.


When hackers use malicious programs to route you to their own sites — even though you’ve correctly typed in the address of a site you want to visit. The software stealthily diverts you to a look-alike destination, typically with the goal of gathering personal information for identity theft.


Unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.


A type of malicious software designed to block access to a computer system until money is paid.


Individuals (usually MULES) receive packages purchased through fraudulent means and subsequently repackage the merchandise for shipment, usually abroad.

Real Estate/Rental:

Fraud involving real estate, rental or timeshare property.


A type of malware that displays on-screen warnings of nonexistent computer infections or generates constant pop-ups intended to trick you into buying useless or potentially dangerous “protection” software.


The capturing of information from the magnetic stripe on your ATM and credit card by use of portable “skimmer” devices that are secretly installed on card-reading machines.


Named for the SMS (short message service) technology used to send text messages, it means phishing attempts made on cellphones.

Social Media:

A complaint alleging the use of social networking or social media (Facebook, Twitter, Instagram, chat rooms, etc.) as a vector for fraud. Social Media does not include dating sites.


Any situation in which scammers masquerade as a specific person, business or agency. The term is typically used to describe the manipulation of telephone Caller ID to display a false name or number for the caller.


A type of malware installed on computers or cellphones to track your actions and/or collect information without your knowledge. Some spyware can change computer settings for pharming redirection.

Tech Support:

Attempts to gain access to a victim’s electronic device by falsely claiming to offer tech support, usually for a well-known company. Scammer asks for remote access to the victim’s device to clean-up viruses or malware or to facilitate a refund for prior support services.


Violent acts intended to create fear that is perpetrated for a religious, political, or ideological goal and deliberately target or disregard the safety of non-combatants.

Trojan Horse:

Software that’s hidden within apparently harmless data — or masquerades as a regular program — and when activated, can deliver such blows as corrupting data on your hard drive or sending files and account information to hackers. Unlike viruses and worms, Trojans do not self-replicate and spread to other computers.


Short for “voice phishing,” it’s the use of recorded messages to telephones — usually claiming to be from a bank — with the goal of tricking you into revealing personal or account information for identity theft.


Code capable of copying itself and having a detrimental effect, such as corrupting the system or destroying data.

Virtual Currency:

A complaint mentioning a form of virtual cryptocurrency, such as Bitcoin, Litecoin, or Potcoin.


Like a virus, it can replicate itself and spread — but without any action by you.