RSN™ Guide: Online Crime Type Definitions
Online Or CybercrimesCybercrimes Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. Come In Many Different Forms
This is a short overview of each.
419419 An advance fee scam or fraud (419 scam) is a form of fraud and is one of the most common types of online confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster claims will be used to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim or simply disappears. The 419 comes from the Nigerian law against this type of scam./Overpayment:
“419” refers to the section in Nigerian law regarding con artistry and fraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim. and is associated with requests for help facilitating the transfer of money. The sender of the “419” letter or email offers the recipient a commission or share in the profits of a transfer of money, but will first request the recipient send money to pay for some of the costs associated with the transfer. The recipient may be sent a payment and instructed to keep a portion of the payment, but send the rest on to another individual or business.
In advance fee schemes, the perpetrator informs a victim that the victim has qualified for a large financial loan or has won a large financial award, but must first pay the perpetrator taxes or fees in order to access the loan or award. The victim pays the advance fee, but never receives the promised money.
A fraudulent transaction or exchange that occurs in the context of an online auction site.
A network of computers — may be one of the machines is yours — that scammers have infected with hidden software to secretly send spam.
Business Email Compromise/Email Account Compromise:
BEC is a scamScam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments. EAC is a similar scam that targets individuals. These sophisticated scamsScams A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. are carried out by fraudsters compromising email accounts through social engineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests." or computer intrusion techniques to conduct unauthorized transfer of funds.
Perpetrators set up false charities, usually following natural disasters, and profit from individuals who believe they are making donations to legitimate charitable organizations.
Civil lawsuits are any disputes formally submitted to a court that is not criminalCriminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues..
A perpetrator deceives a victim into believing the perpetrator and the victim have a trust relationshipTrust Relationship What Is Trust In A Relationship? Trust is the faith you have in someone that they will always remain loyal to you, honest, reliable, or love you. To trust someone means that you can rely on them and are comfortable confiding in them because you feel safe with them. It is the building block for any relationship without which the foundation will always remain shaky., whether family, friendly or romantic. As a result of that belief, the victim is persuaded to send money, personal and financial information, or items of value to the perpetrator or to launder money on behalf of the perpetrator. Some variations of this scheme are romance/dating scams or the grandparent’s scam.
Corporate Data BreachData Breach Whenever private information is seen by someone who should not have access, this is known as data exposure. It may also sometimes be referred to as a data leak or data breach. It might happen by accident or be caused by hackers who do it to cause harm to the individual or organization involved. It can be especially damaging to companies that store the credit card details and personal information of their customers.:
A leak or spill of business data that is released from a secure location to an untrusted environment. It may also refer to a data breach within a corporation or business where sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
CrammingCramming Cramming is when phone companies or third-party billing companies place misleading, unauthorized, deceptive or poorly explained charges on a phone bill.:
The illegal placement of unauthorized charges on your telephone bill for unrequested services or calls not made.
Credit card fraudCard Fraud Card Fraud is one of the most commonly referenced fraud definitions. It occurs when a fraudster uses a card (debit or credit) to make a purchase without the authorization of the cardholder. Card fraud can occur in-person or through digital channels. is a wide-ranging term for fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction.
Crimes Against Children:
Anything related to the exploitation of children, including child abuse.
A medium where criminals exchange ideas and protocols relating to intrusion.
DenialDenial Denial is a refusal or unwillingness to accept something or to accept reality. Refusal to admit the truth or reality of something, refusal to acknowledge something unpleasant; And as a term of Psychology: denial is a defense mechanism in which confrontation with a personal problem or with reality is avoided by denying the existence of the problem or reality. of Service:
An interruption of an authorized user’s access to any system or network, typically caused with malicious intent.
An individual believes they are legitimately empoyed, and loses money or launders money/items during the course of their employment.
Unlawful extraction of money or property through intimidation or undue exercise of authority. It may include threats of physical harm, criminal prosecution, or public exposure.
Online gambling, also known as Internet gambling and iGambling, is a general term for gambling using the Internet.
GaslightingGaslighting Gaslighting is a form of psychological manipulation in which a person or a group creates the seeds of doubt in a targeted individual or group, making them question their own memory, perception, or judgment. It may evoke changes in them such as cognitive dissonance or low self-esteem, rendering the victim additionally dependent on the gaslighter for emotional support and validation. Using denial, misdirection, contradiction, and disinformation, gaslighting involves attempts to destabilize the victim and delegitimize the victim's beliefs. Once in this state the criminal can then more easily control the victim for their own purposes. Instances can range from the denial by a scammer that a scam has occurred, to belittling the victim's emotions and feelings, to the staging of bizarre events by the abuser with the intention of disorienting the victim. The goal of gaslighting is to gradually undermine the victim's confidence in their own ability to distinguish truth from falsehood, right from wrong, or reality from delusion, thereby rendering the individual or group pathologically dependent on the gaslighter for their thinking and feelings.:
A Form Of Psychological Manipulation To Destroy Your Sense Of Reality. Gaslighting manipulate (someone) by psychological means into questioning their own sanity or reality. Gaslighting is the systematic process of attempting to erode another person’s reality by consistently telling them that what they are experiencing is not true! And the gradual giving up on their reality; or by the suspension of disbelief by that person!
Government ImpersonationImpersonation An impersonator is someone who imitates or copies the behavior or actions of another. There are many reasons for impersonating someone, such as: part of a criminal act such as identity theft, online impersonation scam, or other fraud. This is usually where the criminal is trying to assume the identity of another, in order to commit fraud, such as accessing confidential information or to gain property not belonging to them. Also known as social engineering and impostors.:
A government official is impersonated in an attempt to collect money.
HackerHacker A computer hacker is a computer expert who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term hacker has become associated in popular culture with a security hacker – someone who utilizes their technical know-how of bugs or exploits to break into computer systems and access data which would otherwise be unavailable to them – hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques in order to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN, or the dark web) to mask their identities online, posing as criminals themselves. Likewise, covert world agencies can employ hacking techniques in the legal conduct of their work. Oppositely, hacking and cyber-attacks are used extra- and illegally by law enforcement and security agencies (conducting warrantless activities), and employed by State actors as a weapon of both legal and illegal warfare.:
Someone who uses the Internet to illegally break into computers. They use numerous software tools to gain access to a computer or a protected account on a computer network.
A computer hacker whose activity is aimed at promoting a social or political cause.
Harassment/Threats of Violence:
Harassment occurs when a perpetrator uses false accusations or statements of fact to intimidate a victim. Threats of Violence refers to an expression of an intention to inflict pain, injury, or punishment, which does not refer to the requirement of payment.
Health Care Related:
A scheme attempting to defraud private or government health care programs, usually involving health care providers, companies, or individuals. Schemes may include offers for fake insurance cards, health insurance marketplace assistance, stolen health information, or may involve medications, supplements, weight loss products, or diversion/pill mill practices. These scams are often initiated through spam email, Internet advertisements, links in forums or social media, and fraudulent websites.
IPR/Copyright and Counterfeit:
The theft and illegal use of others’ ideas, inventions, and creative expressions, to include everything from trade secrets and proprietary products to parts to movies, music, and software.
Identity TheftIdentity Theft Identity theft is when someone uses another person's personal identifying information, without their permission, to commit fraud or other crimes. In both the U.K. and the United States it is the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources./Account TakeoverAccount Takeover Account Takeover (ATO) are the unauthorized access of a user’s account in order to steal identity credentials, execute a fraudulent transaction or engage in varying types of abuse.:
Identify theft involves a perpetrator stealing another person’s personal identifying information, such as name or Social Security number, without permission to commit fraud. Account Takeover is when a perpetrator obtains account information to perpetrate a fraud on existing accounts.
Deceptive practice that induces investors to make purchases on the basis of false information. These scams usually offer the victims large returns with minimal risk. Variations of this scam include retirement schemes, Ponzi schemesPonzi Schemes A Ponzi scheme is a type of investment fraud. Use this information to identify, report, and protect yourself against this type of scam. and pyramid schemesPyramid Schemes Pyramid schemes are scams that need a constant flow of new participants to keep them going. They are marketed as multi-level marketing programs or other types of legitimate businesses. They use new recruits’ "investments" to pay “profits” to those participating longer. Pyramid schemes collapse when they can't recruit enough new participants to pay earlier investors. These scams always fail—it’s mathematically guaranteed..
Keystroke LoggerKeystroke Logger Hardware device or software program that records each key being struck on a keyboard. Marketed as a way for parents to monitor their children's activities on a computer, keystroke loggers are often downloaded unwittingly by users and operate in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. The keystroke logger then records the keystrokes and periodically uploads the information over the Internet. See also Spyware, Trojan horse.:
A usually covert program that tracks (or logs) sequential strokes on your keyboard to allow remote hackers to capture your passwords and online banking and credit card information.
An individual is contacted about winning a lottery or sweepstakes they never entered and are asked to pay a tax or fee in order to receive their winnings.
MalwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts.
Software intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds. Short for “malicious software,” this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts.
Merchandise or services were purchased or contracted by individuals online for which the purchasers provided payment. The goods or services received were of a measurably lesser quality or quantity than was described by the seller.
No Lead Value:
Incomplete complaints which do not allow a crime type to be determined. About 50% of all online scam reports fall into this type because of poor reporting by victims.
In non-payment situations, goods and services are shipped, but payment is never rendered. In non-delivery situations, payment is sent, but goods and services are never received.
Other types of fraud not listed.
Personal Data Breach:
A leak or spill of personal data that is released from a secure location to an untrusted environment. It may also refer to a security incident in which an individual’s sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual.
PharmingPharming When hackers use malicious programs to route you to their own sites — even though you've correctly typed in the address of a site you want to visit. The software stealthily diverts you to a look-alike destination, typically with the goal of gathering personal information for identity theft.:
When hackers use malicious programs to route you to their own sites — even though you’ve correctly typed in the address of a site you want to visit. The software stealthily diverts you to a look-alike destination, typically with the goal of gathering personal information for identity theft.
Phishing/VishingVishing What is a vishing attack? Vishing is the social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entice a victim to call a certain number and divulge sensitive information. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed, which can take advantage of the public’s misplaced trust in the security of phone services, especially landline services. Landline communication cannot be intercepted without physical access to the line; however, this trait is not beneficial when communicating directly with a malicious actor./SmishingSmishing What is a smishing attack? Smishing is a form of social engineering that exploits SMS, or text, messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically open a browser window or email message or dial a number. This integration of email, voice, text message, and web browser functionality increases the likelihood that users will fall victim to engineered malicious activity./Pharming:
Unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.
RansomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.:
A type of malicious software designed to blockBlock Blocking is a technical action usually on social media or messaging platforms that restricts or bans another profile from seeing or communicating with your profile. To block someone on social media, you can usually go to their profile and select it from a list of options - often labeled or identified with three dots ••• access to a computer system until money is paid.
Individuals (usually MULES) receive packages purchased through fraudulent means and subsequently repackage the merchandise for shipment, usually abroad.
Fraud involving real estate, rental or timeshare property.
ScarewareScareware A type of malware that displays on-screen warnings of nonexistent computer infections or generates constant pop-ups intended to trick you into buying useless or potentially dangerous "protection" software.:
A type of malware that displays on-screen warnings of nonexistent computer infections or generates constant pop-upsPop-ups Pop-up ads (also known as pop-ups) - Unsolicited advertising that appears as a "pop-up" window on a computer screen. Sometimes these can be created to look like a financial institution's request for personal information. intended to trick you into buying useless or potentially dangerous “protection” software.
SkimmingSkimming The capturing of information from the magnetic stripe on your ATM and credit card by use of portable "skimmer" devices that are secretly installed on card-reading machines.:
The capturing of information from the magnetic stripe on your ATM and credit card by use of portable “skimmer” devices that are secretly installed on card-reading machines.
Named for the SMS (short message service) technology used to send text messages, it means phishing attempts made on cellphones.
A complaint alleging the use of social networking or social media (Facebook, Twitter, Instagram, chat rooms, etc.) as a vector for fraud. Social Media does not include dating sites.
SpoofingSpoofing Spoofing occurs when a caller maliciously transmits false caller ID information to increase the likelihood that you'll answer. Scammers often spoof local numbers, private companies, government agencies and other institutions. It can also apply to pretending to be an email address, or through other media.:
Any situation in which scammers masquerade as a specific person, business or agency. The term is typically used to describe the manipulation of telephone Caller ID to display a false name or number for the caller.
SpywareSpyware A type of malware installed on computers or cellphones to track your actions and/or collect information without your knowledge. Some spyware can change computer settings for pharming redirection.:
A type of malware installed on computers or cellphones to track your actions and/or collect information without your knowledge. Some spyware can change computer settings for pharming redirection.
Attempts to gain access to a victim’s electronic device by falsely claiming to offer tech support, usually for a well-known company. ScammerScammer A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. asks for remote access to the victim’s device to clean-up viruses or malware or to facilitate a refund for prior support services.
Violent acts intended to create fear that is perpetrated for a religious, political, or ideological goal and deliberately target or disregard the safety of non-combatants.
Trojan HorseTrojan Horse Software that's hidden within apparently harmless data — or masquerades as a regular program — and when activated, can deliver such blows as corrupting data on your hard drive or sending files and account information to hackers. Unlike viruses and worms, Trojans do not self-replicate and spread to other computers.:
Software that’s hidden within apparently harmless data — or masquerades as a regular program — and when activated, can deliver such blows as corrupting data on your hard drive or sending files and account information to hackers. Unlike viruses and worms, Trojans do not self-replicate and spread to other computers.
Short for “voice phishing,” it’s the use of recorded messages to telephones — usually claiming to be from a bank — with the goal of tricking you into revealing personal or account information for identity theft.
VirusVirus A computer program that can replicate itself and spread from computer to computer or file to file. It comes to life only when you take a specific action, such as running a particular program.:
Code capable of copying itself and having a detrimental effect, such as corrupting the system or destroying data.
A complaint mentioning a form of virtual cryptocurrency, such as Bitcoin, Litecoin, or Potcoin.
WormWorm Like a virus, it can replicate itself and spread — but without any action by you.:
Like a virus, it can replicate itself and spread — but without any action by you.