1.0 Introduction - Internet Fraud, Scam and Crime

Statistics regarding internet scams and frauds are presented here as snapshots in time January 2008, but below are links to archived statistics from previous years. Web crime statistics are notoriously difficult to obtain, with many sources each calculating them in a different manner and different time frame, using a different source.

To provide the most reliable picture, we use the Internet Crime Complaint Center’s

(IC3) statistics as a baseline.  The IC3 began operation on May 8, 2000, as the Internet Fraud Complaint Center and was established as a partnership between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI) to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime.

Background

The statistics for the current Top 10 frauds and scams list can be found below. The greatest challenge in assembling a list and statistics of the frauds is that most fall into several categories. Consumers may characterize crime problems withan easier “broad” character, which may be misleading. For instance, a consumer that gets lured to an auction site which appears to be eBay may later find that they were victimized through a cyber scheme. The scheme may in fact have involved SPAM, unsolicited e-mail inviting them to a site, and a “spoofed” website which only imitated the true legitimate site. The aforementioned crime problem could be characterized as SPAM, phishing, possible identity theft, credit card fraud or auction fraud. In such scenarios, many complainants have depicted schemes suchas auction fraud even though that label may be incomplete or misleading.

The IC3 website received 207,492 complaint submissions during 2006, their most recent reporting year.  That was a 10.4% decrease compared to 2005 (when 231,493 complaints were received.) ConsumerFraudReporting.org (CFR) received 20,000 complaints during 2007, its startup year for receiving complaints.From the submissions, IC3 referred 86,279 complaints of crime to federal, state, and local law enforcement agencies around the country for further consideration. The vast majority of cases were fraudulent in nature and involved a financial loss on the part of the complainant. The total dollar loss from all referred cases of fraud

1

was $198.44 million with a median dollar loss of $724.00 per complaint. This is up from $183.12 million in total reported losses in 2005.

Other significant findings related to an analysis of referrals include: Internet auction fraud was by far the most reported offense, comprising

44.9% of referred complaints. Non-delivered merchandise and/or payment accounted for 19.0% of complaints. Check fraud made up 4.9% of complaints. Credit/debit card fraud, computer fraud, confidence fraud, and financial institutions fraud round out the top seven categories of complaints referred to law enforcement during the year.

Of those individuals who reported a dollar loss, the highest median losses were found among Nigerian letter fraud ($5,100), check fraud ($3,744), and other investment fraud ($2,695) complainants.

Among perpetrators, 75.2% were male and half resided in one of the following states: California, New York, Florida, Texas, Illinois, Pennsylvania and Tennessee. The majority of reported perpetrators were from the United States. However, a significant number of perpetrators where also located in United Kingdom, Nigeria, Canada, Romania, and Italy.

During 2006, Internet auction fraud was by far the most reported offense, comprising 44.9% of referred crime complaints. This represents a 28.4% decrease from the 2005 levels of auction fraud reported to IC3. In addition, during 2006, the non-delivery of merchandise and/or payment represented 19.0% of complaints (up 21.0% from 2005), Check fraud made up an additional 4.9% of complaints which is up 2.1% from 2005 levels. Credit and debit card fraud, computer fraud, and confidence fraud complaints represented 9.8% of all remaining complaints. Otherfinancial institutions fraud, identity theft, investment fraud, and child pornography confidence fraud complaints together represented less than 5.5% of all complaints.

2

3

How much money do victims typically lose?

Where are the scammers located?

The greatest concentration (per capita) of internet scammers in the United States are concentrated in the District of Columbia (Washington, D.C.) and Nevada. By sheer numbers, California, NY and Florida take the top three positions, based on their population sizes.

4

Globally, in 2006, most scammers operated from the United States.  The U.S. still held a huge lead in active internet users then, a gap that has since closed considerably.  In 2008, China and the U.S. each have approximately 200 million internet users, and most of the world has grown commensurately.  As the user populations have grown abroad, so have their scammer populations.  Several countries stand out in 2008 as have disproportionately huge populations of scammers: Nigeria, Romania, the Netherlands and China. Lottery and fake money transfer (AFF) frauds seem to be the specialty of the Nigerians. The United States still leads in Identity Theft and Phishing/Spoofing frauds.

Who is being victimized?

 

5

People who know about the advent of a fraud are age groups from 30-60 years, while the age below is not even aware of the frauds and whether they are being struck by one.

 

 

 

6

2.0 Patterns of Frauds in 2008

In 2008, that ranking has changed considerably - Lottery scams are number one, followed by Auction scams, non delivery and check fraud.

1. LOTTERY SCAMS  

2. INTERNET AUCTION FRAUDS 

3. CONFIDENCE - NIGERIAN ADVANCE FEE FRAUDs (AFF)  

4. PHISHING AND PHARMING FOR IDENTITY THEFT  

5. "PASSIVE RESIDUAL INCOME" SCAMS 

6. CHECK (COUNTERFEIT) FRAUDS 

7. WORK-AT-HOME SCAMS

8. MATRIX / MULTI-LEVEL MARKETING AND PYRAMID SCHEMES 

9. PROPERTY INVESTMENT SCHEMES 

10.FINANCIAL INSTITUTIONS SCAMS 

7

3.0 HOW CYBERCROOKS STEAL YOUR DATA AND TURN INTO MONEY

1. You receive am email from an unknown address with an enticing subject line like “Chinese missiles attack Korea”, “A job opportunity”, “Early look at Pentium V” with an attachment that supposedly includes the news story.

2. You open the file. Instead of a news story, a piece of malicious code/software secretly installs itself on your computer.

3. The software absorbs the PC into a botnet, a network of infected computers that does the bidding of a cyber criminal, begins sending spam emails to thousands of other people; you don’t notice, other than may be thinking that your PC may be slowing down.

4. The Software also logs your keystrokes without your knowledge.

5. When you visit your banks website and type in your username and password, the software captures them character by character and sends them back to the criminal.

6. The criminals use the stolen account, username and password to log into your online banking account.

7. Money is transferred from your account to the personal bank account of the assistants who have been recruited to work for companies, which could be fronts for the criminal.

8. The assistant, a so called ‘money mule’, gets an email saying the money has been credited to his bank account.

9. The mule withdraws the cash and wires the money, less a commission, back to the employer.

10.The criminal, often on the other side of the globe, picks up the cash.

8

4.0 LOTTERY SCAMS

What is a Lottery?

Unlike a sweepstakes, a lottery is a promotional device by which items of value (prizes) are awarded to members of the public by chance, but which requires some form of payment to participate. In other words, if you did not buy a ticket, YOU COULD NOT HAVE WON a lottery - no matter what anyone tells you!

Lotteries in the United States, Canada, Australia and Great Britain, and most developed countries, are illegal, except when conducted by states and certain exempt licensed charitable organizations.

How does a lottery scam work?

Victims typically are notified they have won a lottery, yet have to pay transfer fees, taxes or provide proof of their identity and/or details of their bank accounts or credit cards in order to receive the "winnings". The names of these organizations change all the time (they just make up a new name when one is exposed as a fraud), although many of the notifications use similar wording.

A lottery is a promotional device by which items of value are awarded to members of the public by chance, but which requires some form of payment to participate.

Here are key points for avoiding scam lotteries:1. You cannot win a legitimate lottery if you have not entered it.2. In almost all cases you must purchase a ticket to enter a legitimate lottery.3. You never have to pay to collect winnings from a legitimate lottery. You pay

taxes AFTER you receive the winnings.  There are no other fees.

9

4. If you hold a winning lottery ticket, you notify the lottery (they do not notify you; not by email, not by phone, not by mail).

5. It is illegal under U.S. federal law to play ANY foreign lottery from the United States. Many other countries have similar laws.  For example, you must be a Spanish resident to play the El Gordo lottery.

6. Since scammers simply invent new names for their fake lottery scams, it is more accurate to say that if you do not see the lottery on the list of legitimate lotteries, it is probably a scam.

7. If it isn't conducted by a government or government-authorized charitable organization, it can't be a legitimate lottery

But how did they get my name, if not through a lottery I entered?

Names and addresses of potential victims are harvested by spyware, viruses and other tools and obtained through various trade journals, business directories, magazine and newspaper advertisements, chambers of commerce, and anywhere your name appears on the internet (such as in chat rooms, forums, etc.). They could simply use a phonebook for your country, either online or the paper variety.

But it COULD be a legal lottery, right?

Legitimate lotteries do NOT use email to notify their winners.  In almost ALL cases, it is up to the holder of the ticket to contact the lottery. And even if these were legitimate, these lottery solicitations violate U.S. law, which prohibits the cross-border sale or purchase of lottery tickets by phone or mail. And in the United States, if it isn't run by a state government or authorized charitable organization, it can't be a legitimate lottery!

Online lotteries are illegal in many other countries, too: All lotteries, including foreign lotteries operating in Great Britain, are unlawful in the UK (except those provided for by the 1976 Lotteries and Amusements Act; meaning government run lotteries). Some of these lottery schemes say that the Gaming Board for Great Britain has approved them, but this is not true. The Gaming Board has a list of these companies and lotteries on its website, and warns people not to take part in them. The Irish Lottery, also operates in a similar manner, and has also been the victim of email scams.

10

A lottery is a promotional device by which items of value are awarded to members of the public by chance, but which requires some form of payment to participate. Even lotteries which aren't conducted over the internet are illegal in the United States, except when conducted by states and certain exempt charitable organizations. If you believe you have received a solicitation in the guise of a sweepstakes which is an illegal lottery.

What are lottery and prize scams?

These are notifications that advise people that they have won a prize (often for a competition they didn't even enter).  The notification could arrive through the mail, by email or from an unsolicited telephone call.

How to spot a prize or lottery scam

1. Check the name of the lottery or sweepstakes against our list of scammer names, with the letter that corresponds to the first letter in the name of the lottery. Some of the names are links to samples of the actual scams to compare against what you received. But remember, they just make up the names, so once they see their name on our list, they will just invent a new name to use.

2. Keep the following warning signs in mind:If the prize or lottery notification has any of the following elements, we strongly suggest you do not respond to it: The information advises that you have won a prize - but you did not enter

any competition run by the prize promoters. The mail may be personally addressed to you but it has been posted using

bulk mail - thousands of others around the world may have received the exact same notification.

You are often asked for money up front to release your 'win'. The prize promoters ask for a fee (for administration or "processing") to be paid in advance.

You are asked for your bank account, credit card details or other confidential information

The caller is more excited than you or the stranger who phones wants to be your best friend

11

You are told you must reply straight away or the money will be given to someone else.

Other schemes pretend to be legitimate lotteries, or offer you the opportunity to buy shares in a fund that purports to purchase tickets in legitimate overseas lotteries.

The scheme offers bait prizes that, if they are real, are often substandard, over-priced, or falsely represented.  Or, as part of the prize you can purchase "exclusive items" which may also be over-priced or substandard.

To get your prize might require travel overseas at your own cost to receive it.

Key Tips:

1. You can't win a prize in a lottery you haven't bought or been given a ticket for.

2. Legitimate lotteries don't ask for funds in advance of paying out prize money.

3. Never provide personal identity information to a company or person you do not know.

12

5.0 Auction Frauds: Scams Used on Auction Sites, like eBay.

Auction fraud involves fraud via the misrepresentation of a product advertised for sale through an Internet auction site (like eBay) or the non-delivery of products purchased through an Internet auction site. In other words, either the product you ordered isn't what the seller claimed it was, or the seller fails to deliver it, or the seller lies about some other aspect of the transaction.

Auction fraud is the most prevalent of Internet crimes associated with Romania. Romanians, long famous in crime circles for gypsies and conmen, have saturated the Internet auctions and offer almost every in-demand product. Typically, they act more flexible than most sellers, allowing victims to send half the funds now, and the other half when the item arrives.

The FBI published these statistics:"Internet auction fraud was by far the most reported offense, comprising 44.9% of referred complaints. Non-delivered merchandise and/or payment accounted for 19.0% of complaints. Check fraud made up 4.9% of complaints. Credit/debit card fraud, computer fraud, confidence fraud, and financial institutions fraud round out the top seven categories of complaints referred to law enforcement during the year."

In a typical scam, the auctions are often posted as if the seller is a United States citizen, then the subject advises the victim to send the money to a business partner, associate, sick relative, a family member, etc., usually in a European country. The money is usually requested to be transferred via MoneyGram or Western Union wire. But the seller will often say that the buyer's funds can not be released until the buyer provides the money transfer control number (MTCN) or the answer to a

13

"secret question"; and therefore the buyer can wait until he receives the product before releasing the money.  That is nonsense.

In order to receive funds via Western Union, the receiver need only provide the complete information of the sender (buyer) and the receiver's (seller's) full name and address. The funds can be picked up anywhere in the world using this information. There is no need to provide the any other information. Once you have wired the money, it is gone. Money sent via wire transfer leaves little recourse for the victim.

The most recent trend is a large increase in bank-to-bank wire transfers. Most significantly, these wire transfers go through large United States banks and are then routed to Bucharest, Romania or Riga, Latvia.

Similarly, the sellers also occasionally direct the victims to pay using phony escrow services. You may think it is a real, legitimate service, but, usually the site is a spoof, a fake, that resembles the real one and is created and controlled by the scam artist. Once the funds are wire transferred to the escrow website, the seller disappears.

Warning signs

Some clues that a fraud is about to be committed against you are the following behaviors:If you are the buyer:

Whoops! I'm no longer in the U.S. - The seller posts the auction as if he resides in the United States, then responds to victims with a congratulatory email stating he is outside the United States for business reasons, family emergency, etc. Similarly, beware of sellers who post the auction under one name, and ask for the funds to be transferred to another individual.

Wire me the money! - The seller requests funds to be wired directly to him/her via Western Union, MoneyGram, or bank-to-bank wire transfer. By using these services, the money is virtually unrecoverable with no recourse for the victim.

I'm the manufacturer's dealer in ____ - Sellers acting as authorized dealers or factory representatives in countries where there would be no such dealers should be avoided.

14

If you are the seller Oh, ship it to me this way, so I can avoid customs - Buyers who ask for

the purchase to be shipped using a certain method to avoid customs or taxes inside another country should be avoided.

Ship it to me here - Be suspect of any credit card purchases where the address of the card holder does not match the shipping address. Of course, it may just be that the buyer uses a bill paying service or is traveling. In any case, always receive the card holder's authorization before shipping any products.

What to do if you are scammed

Steps to take if victimized:1. File a complaint with the online auction company. In order to be considered

for eBay’s Fraud Protection Program, you should submit an online Fraud Complaint with 90 days after the listing end-date.

2. File a complaint with the Internet Crime Complaint Center.3. Contact law enforcement officials at the local and state level (your local and

state police departments).4. Also contact law enforcement officials in the perpetrator's town & state.5. File a complaint with the shipper USPS, UPS, Fed-Ex, etc.6. File a complaint with the National Fraud Information Center7. File a complaint with the Better Business Bureau.8. Send copies of the correspondence, emails, etc. to Consumer Fraud

Reporting. 

Tips for buyers - Avoiding Internet Auction Frauds

Listed below are tips to protect yourself and your family from various forms of Internet fraud:

Determine what method of payment the seller is asking from the buyer and where he/she is asking to send payment.

When purchasing products over the Internet, it’s best to use your credit card rather than PayPal or your debit card. That way, if you have any problems, you have recourse to dispute the charges through your credit-card company before the payment is actually made.

Examine the feedback on the seller. Learn as much as possible about the seller, especially if the only information

you have is an e-mail address. If it is a business, check the Better Business Bureau where the seller/business is located.

15

Understand as much as possible about how the auction works, what your obligations are as a buyer, and what the seller's obligations are before you bid.

Find out what actions the web site/company takes if a problem occurs and consider insuring the transaction and shipment.

If a problem occurs with the auction transaction, it could be much more difficult if the seller is located outside the US because of the difference in laws.

Ask the seller about when delivery can be expected and if there is a problem with the merchandise is it covered by a warranty or can you exchange it.

Find out if shipping and delivery are included in the auction price or are additional costs so there are no unexpected costs.

There should be no reason to ever give out your social security number or driver’s license number to the seller.

Visit eBay and PayPal for additional security alerts and fraud prevention tips.

16

6.0 Money Transfer and Bank Account Frauds - So-called Advance Fee Fraud, "Nigerian", "419" and "Dutch" Scams

What is the "Nigerian letter" scam?

The Nigerian letter scam, as it is commonly called, is an "advanced fee" type of fraud. The Advance Fee Fraud (AFF) email is also known as “419”, named for the violation of Section 419 of the Nigerian Criminal Code. It is sent unsolicited by mail, fax, or most commonly by email, in the form of a letter. Although letters come from around the world, the most common advance fee fraud letters relate to funds held in or taken from West African nations such as Nigeria.

Con artists claim to be officials, businesspeople, lottery officials or the surviving spouses of former government honchos in Nigeria or another country whose money is somehow tied up for a limited time. They offer to transfer lots of money into your bank account if you will pay a fee or “taxes” to help them access their money. If you respond to the initial offer, you may receive documents that look “official.” Then they ask you to send money to cover transaction and transfer costs and attorney's fees, as well as blank letterhead, your bank account numbers, or other information. They may even encourage you to travel to Nigeria or a border country to complete the transaction. Some fraudsters have even produced trunks of dyed or stamped money to verify their claims.

The letter explains that the writer needs to access a foreign bank account that can be used to transfer money through. The amount of money usually mentioned is upwards of US$10 million. All that's needed are details of your bank account and a few blank pages of letterhead if you're a company. In return you are offered an

17

opportunity to share in the millions. Many refer to political events or major disasters, which is often how the writer came to have access to such funds.

The letter is allegedly written by a Prince, a top officer from a company or a quasi government corporation in an African state (the most common is Nigeria) or is from a family member of a deceased senior person from the government, business or military.

The emails are actually from crooks trying to steal your money or perpetrate identity theft. Inevitably, emergencies come up, requiring more of your money and delaying the “transfer” of funds to your account; in the end, there aren't any profits for you, and the scam artist vanishes with your money. According to U.S. State Department reports, people who have responded to “pay in advance” solicitations have been beaten, subjected to threats and extortion, and in some cases, even murdered.

Variations of the Scam1. Barristers with Disbursement of Money from Wills (Benefactor of a Will) 2. Clearinghouse 3. Contract Fraud (C.O.D. of Goods and Services) 4. Conversion of Hard Currency (Black-Money) 5. Fake business proposal.  It follows much the same protocol, but the writer

claims he just needs an established contact in your country.  6. Fake Grants 7. Orphans and Widows of wealthy men 8. Purchase of Real Estate 9. Religious person wants to invest in your country10.Sale of Crude Oil at Below Market Prices 11.Transfer of Funds From Over-Invoiced Contracts 12.Threat Scams or Extortion

Besides email, how to the scammers contact their victims?

We're discussing AFF scam emails, but the scammers will use any method to reach their victims, including:

Mail / Post Fax Phone Chat rooms Dating web sites

18

Matchmaking web sites Mobile phone SMS (new) Internet phone - VOIP (new) Internet gaming (new) Personal introduction Web sites publishing general business contacts or for specific industries Call centre / boiler-room Door-to-door - in countries were an internet connection or sometimes phone

or fax connections are not yet common circumstances.

What happens next?

Nigerian fake lottery scams usually involve a pair, consisting of a fake lottery and a fake bank (or attorney, securities company or courier service). In the fake bank scheme, the victim is notified of a lottery win and told the prize will be paid into a bank account at a private bank in London (or other city). The victim is told he or she must open an account there, usually with a minimum deposit of $5000. The victim is told he/she will be able to access his/her account with the winnings and the deposit in it within 24 hours of setting up the account and the "winnings" being sent.

Of course, that never happens. Once the victim opens an account and makes a deposit, the criminals simply pick up the cash wired to the UK as a deposit at a Western Union agent (such as a major post office) and move on to the next victim. There really was no bank account, or even bank, just as there was no lottery prize to start with. Except for the gang member who picks up the cash in London or other city, most of the members of the gang are based in Nigeria.

Avoid responding to these letters

If you do respond you will be asked to pay a processing fee of tens of thousands of US dollars before the "funds" can be lodged in your account. That's the last you will see of your money, or the promised share of $30 million.

We also do not recommend responding in jest. Responding merely confirms that your email account is active, and may mean you will continue to received such solicitations.

If you're tempted to respond to an offer, we suggest you stop and ask yourself two important questions:

19

1. Why would a perfect stranger pick you — also a perfect stranger — to share a fortune with, and

2. Why would you share your personal or business information, including your bank account numbers or your company letterhead, with someone you don't know?

And the U.S. Department of State cautions against traveling to the destination mentioned in the letters. According to State Department reports, people who have responded to these "advance-fee" solicitations have been beaten, subjected to threats and extortion, and in some cases, murdered.

20

7.0 Phishing - Fake Requests for Personal Financial Information

What is Phishing?

Phishing is a method thieves and con men used to get personal information from you in order to steal your identity and then your money or benefits. Pretending to be from a legitimate retailer, bank, or government agency, the sender asks to “confirm” your personal information for some made-up reason: your account is about to be closed an order for something has been placed in your name, or your information has been lost because of a computer problem. Typically, you receive an email from a bank asking you to go to its site (with the link provided) to reenter your most personal information. The link takes you to a bogus website! Another tactic phishers use is to say they’re from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft! In one case, a phisher claimed to be from a state lottery commission and requested people’s banking information to deposit their “winnings” in their accounts.

Gartner Group reports that, from May, 2005, over 1.8m consumers have been conned by phishing attacks into revealing sensitive information. The majority of that was in 2004 to present. Phishing emails have increased by 4000 % in the past 6 months. The average consumer victim loses $1200 when his bank account is taken over. The United States Treasury even has a warning about phishing scams.

21

In short, Phishing almost always involves sending out fake e-mail messages that

ask the recipients to enter personal financial information, such as bank account numbers, credit card numbers, passport numbers, etc. into forms on Web sites that are designed to resemble the bank, credit card, or other company who they are claiming to be.

Phishing can also happen by phone. You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.

Phishing attacks are brief - they normally last than a week, and often fake sites are active for only 2 or 3 days.

And don't think for a moment that the "sent from" or "reply to" addresses are real or really who sent it. 

History of Phishing

Phishing scams began in the mid-1990s not to obtain bank or credit card information, but to get free online access. In those days, ISPs like AOL charged by the minute. Phishers would try to obtain AOL members login user id and passwords by sending e-mails appearing to come from AOL's member services department.  The fake email would ask recipients to verify their user names and passwords. The scammers would then log on, using the victims' accounts, and run up a bill.Phishers target a variety of customers: from CitiBank (which is currently used in 54 per cent of phishing messages) to AOL, Amazon.com, Ebay, PayPal and others.

What do Phishers do with the Information Today?

Now the criminals use the information they obtain to apply for new credit cards in the victim's name, withdraw money directly from victims' bank accounts, and spend, spend, spend... the victim's money

In some cases, the scammers act as a clearinghouse, selling stolen credit card numbers in online forums to others who use the information.  Amazingly, the stolen account numbers usually only bring a dollar or two each!

What Can you Do to Protect Yourself from Phishing Theft

First, DON'T click on the link in an email that asks for your personal information. It will take you to a phony Web site that looks just like the Web

22

site of the real company or agency. Following the instructions, you enter your personal information on the Web site – and into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site. If you don’t have the telephone number, get it from the phone book, the Internet, or directory assistance. Use a search engine to find the official Web site. Banks wouldn't ask for your mother's maiden name.  Also, look for misspellings in the bogus e-mail. If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.

If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Then get the main number (see tip above) and call to find out if the person is legitimate.

Job seekers should also be careful. Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. Follow the advice above and verify the person’s identity before providing any personal information.

Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.

Act immediately if you’ve been hooked by a phisher. If you provided account numbers, PINs, or passwords to a phisher, notify the companies with whom you have the accounts right away.

Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.

23

Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Even if you didn’t get hooked, report phishing. Tell the company or agency that the phisher was impersonating. Send the actual spam to

and spam@uce.gov. You can also report the problem to law enforcement agencies through the National Fraud Information Center/Internet Fraud Watch, www.fraud.org. The information you provide helps to stop identity theft.    

Reporting a Possible Phishing Attack

To report to the organization impersonated in the email you received, write directly to the company or organization.  Here are the real websites, email addresses and phone numbers of some of the more common targets of spoofing / phishing:

Company name and link to their website

Email address to report spoofing and phishing

Phone

Amazon.com stop-spoofing@amazon.com  

AmSouth Bank fraud@amsouth.com 1-800-267-6884

Bank Of America abuse@bankofamerica.com  

Bank Of The West abuse@bankofthewest.com 1-949-622-0525

Barclays internetsecurity@barclays.co.uk  

Chase abuse@chase.com  

CitiBank emailspoof@citigroup.com  

EBay spoof@ebay.com  

EBay.co.uk spoof@ebay.co.uk  

Federal Trade Commission

spam@uce.gov 

Fifth Third Bank 53investigation@security.53.com 1-800-927-0395

FlagStar Bank abuse@flagstar.com  

24

LaSalle Bank emailhoax@abnamro.com 1-866-904-7500

PayPal spoof@paypal.com  

PayPal.co.uk spoof@paypal.co.uk  

Star service@star.com  

SunTrust reportfraud@suntrust.com 1-800-227-3782

TCF Bank emailfraud@tcfbank.com  

US Bank fraud_help@usbank.com  

Washington Mutual spoof@wamu.com 1-800-788-7000

Wells Fargo reportphish@wellsfargo.com 1-866-867-5568

   

25

8.0 YOU WON A LOTTERY, GOT AN AWARD, OR A MYSTERY SHOPPER JOB AND THEY SENT YOU A CHECK! COUNTERFEIT CASHIERS CHECKS

If you receive an email or letter in the post / regular mail saying you won a lottery and they send you a check? Or you sold something on Ebay and the buyer paid with a check? Or you took out a loan from a distant or online bank and they sent you a check? You can just take the check to your bank and cash it right?WRONG!  And what is worse, if you cash it, in most states in the US, you may be guilty of passing a counterfeit check, money laundering or worse. Clark Howard did a piece on his radio show about a man in California who was arrested for cashing a bogus check. In other words, by merely attempting to cash the check, you could go to federal prison!

Here is an actual example: I got a letter in the today from Imperial Foundation Lotto, apparently in Canada, claiming that I have won, an enclosed check for, $2,998.60. The check is from a sponsoring company named "Aaron Industries, Inc., 11865 South Alemeda Street, Lynwood CA, 90262". In the letter it goes on to explain that I need to call for check verification and other details to claim my "prize money". This is an obvious scam and I wanted to bring this to your attention so no one gets caught up in this. The Imperial Foundation Lotto does not have an email address any where the net that I can find. Please let me know if I can give you any more info.

And here is another report, received February 20, 2008: I got a letter from a "Security Capital Market Research" requesting that I be a secret shopper.  They mailed a check in the amount of $3,800 to cover my pay, moneygram evaluation, the service charge and fees for shopping.  I deposited

26

check and once my bank cleared it I moneygramed money to them and a week later their check bounced.  Now I have to repay back my bank!Usually, the scammers will claim that you have to use the money from the first check to pay "fees" and "taxes" before you get the big payout. Gullible people assume that since they receive a real check (counterfeit) it must be legitimate.  Remember, ANYONE can print a check, that doesn't mean that the account is real or the money is there! The "you won our lottery" scam is the most common means used by these scammers, but you must be suspicious of ANY check your receive from an unknown or unexpected source.The counterfeit cashier's check scheme also targets individuals that use Internet classified advertisements, such as Ebay, to sell merchandise.

Quick Summary: What Can you Do?

You can check the name of the issuing bank on the check with the names of banks that have reported stolen checks and you can call the bank to

verify that the account number on the check is legitimate and Matches the name on the check and has sufficient funds.

You can the routing number on the check and get the bank's phone number, then call the bank to verify that the account is real and the check is real. If you believe you may have fallen victim to this type of scam and wish to report it, please file a complaint with the U.S. government Internet Fraud Complaints Center.

How do the fake check / cheque scam work?

The check is no good, even though it appears to be a legitimate cashier’s check. The lottery or Ebay seller or "payment transfer" job angle is a trick to get you to wire (Western Union or MoneyGram) money to someone you don’t know. If you deposit the check and wire the money, your bank would soon (several days to as long as 6 weeks) learn that the check was a fake. And when the check finally clears the system and bounces, you’re out the money because

the money you wired can’t be retrieved, and You’re responsible for any check you deposit — even though you can’t

know whether they're fake or genuine.

These are very important points.  The checks may look real and even have real account numbers on them.  Your bank may be able to confirm that the bank it is

27

drawn against is real and the account is also real.  But that does not mean that the check itself is genuine.

For example, it could be a simple forgery. Someone stole the blank checkbook and write forged checks.  Or a criminal stole checks that were delivered to a person's mailbox. Or a criminal, working as a clerk in a store, copied down your account

number and bank when you paid by check, and used this information to make forgeries.

See the movie "Catch Me If You Can", starring Leonardo DiCaprio, for a good example of how this was done even 40 years ago.  Modern computer, scanner and printer technologies make it very easy for criminals to make real looking forged checks.

Many fake checks look so real that bank tellers are reporting being fooled. The scammers use high quality printers and scanners to make the checks look real. Some of the checks contain authentic-looking watermarks. These counterfeit checks are printed with the names and addresses of legitimate financial institutions. And even though the bank and account and routing numbers listed on a counterfeit check may be real, the check still can be a fake.

These fakes come in many forms: cashier’s checks money orders corporate personal checks.

This is just one example of a counterfeit check scam that could leave you scratching your head. The Federal Trade Commission, the nation’s consumer protection agency, wants you to know that counterfeit check scams are on the rise.

Fake Checks: Variations on a SchemeCounterfeit or fake checks are being used in a growing number of fraudulent schemes, such as:

foreign lottery scams (as described above), check overpayment scams, Work from home scammers (eg. payment transfer manager) Internet auction scams, and Secret shopper scams.

28

Check overpayment scams

These target consumers selling cars or other valuable items through classified ads or online auction sites. Unsuspecting sellers get stuck when scammers pass off bogus cashier’s checks, corporate checks, or personal checks. Here’s how it happens:A scam artist replies to a classified ad or auction posting, offers to pay for the item with a check, and then comes up with a reason for writing the check for more than the purchase price. The scammer asks the seller to wire back the difference after depositing the check. The seller does it, and later, when the scammer’s check bounces, the seller is left liable for the entire amount.

Secret shopper scamsThe consumer, hired to be a secret shopper, is asked to evaluate the effectiveness of a money transfer service. The consumer is given a check, told to deposit it in their bank account, and withdraw the amount in cash. Then, the consumer is told to take the cash to the money transfer service specified, and typically, send the transfer to a person in a Canadian city. Then, the consumer is supposed to evaluate their experience — but no one collects the evaluation. The secret shopper scenario is just a scam to get the consumer’s money.Con artists who use these schemes can easily avoid detection. When funds are sent through wire transfer services, like Western Union, the recipients can pick up the money at other locations within the same country; it is nearly impossible for the sender to identify or locate the recipient.

Isn't the Bank Responsible to Verify the Checks?

Under federal law, banks must make funds available to you from U.S. Treasury checks, official bank checks (cashier’s checks, certified checks, and teller’s checks), and checks paid by government agencies at the opening of business the day after you deposit the check. For other checks, banks must similarly make the first $100 available the day after you deposit the check. Remaining funds must be made available on the second day after the deposit if payable by a local bank, and within five days if drawn on distant banks.However, just because funds are available on a check you’ve deposited doesn’t mean the check is good. It’s best not to rely on money from any type of check (cashier, business or personal check, or money order) unless you know and trust the person you’re dealing with or, better yet — until the bank confirms that the check has cleared. Forgeries can take weeks to be discovered and untangled. The

29

bottom line is that until the bank confirms that the funds from the check have been deposited into your account, you are responsible for any funds you withdraw against that check.

Actions to Protect Yourself

Here’s how to avoid a counterfeit check scam: Don't pay by check! Credit cards are much safer. Never pay any "fees" for prizes. Throw away any offer that asks you to

pay for a prize or a gift. If it’s free or a gift, you shouldn’t have to pay for it. Free is free.

Do NOT to enter foreign lotteries. It’s illegal to play a foreign lottery through the mail or the telephone, and most foreign lottery solicitations are phony.

Never wire money to strangers.  If a "lottery", "promotion" or buyer insists that you wire back funds, end the transaction immediately. Legitimate buyers don’t pressure you to send money by wire transfer services. In addition, you have little recourse if there’s a problem with a wire transaction.

If you’re selling something, don’t accept a check for more than the selling price, no matter how tempting the offer or how convincing the story. Ask the buyer to write the check for the correct amount. If the buyer refuses to send the correct amount, return the check. Don’t send the merchandise.

Use Escrow Services: As a seller, you can suggest an alternative way for the buyer to pay, like an escrow service or online payment service. There may be a charge for an escrow service. If the buyer insists on using a particular escrow or online payment service you’ve never heard of, check it out. Visit its website, and read its terms of agreement and privacy policy. Call the customer service line. If there isn’t one — or if you call and can’t get answers about the service’s reliability — don’t use the service. To learn more about escrow services and online payment systems.

Only take checks from local banks - If you accept payment by check, ask for a check drawn on a local bank, or a bank with a local branch. That way, you can make a personal visit to make sure the check is valid. If that’s not possible, call the bank where the check was purchased, and ask if it is valid. Get the bank’s phone number from directory assistance or an Internet site that you know and trust, not from the check or from the person who gave you the check.

Resist any pressure to “act now.” If the lottery is real or the buyer’s offer is good now, it should be good after the check clears.

30

9.0 WORK FROM HOME SCAMS

What are “work from home” scams?

"Imagine owning your own business, being your own boss, working only a few hours a week, but still making lots of money - all from your own home ..." "Are they crazy?  Yes, crazy like a fox!""This billionaire spent months researching his next big investment!  Go here next!"These advertisements are bombarding TV, radio and the internet. Be wary of ‘work from home’ schemes where people are offered the possibility of working from home with the potential of earning thousands of dollars. An employment opportunity to work from your own home earning a great wage which may be no more than stuffing envelopes, but to get the material to stuff the envelopes you have to send money away, often to nothing more than a PO Box address. In return you receive the information that you have to photocopy at your own expense and then stuff the envelopes. Recently reported work from home schemes offers you the opportunity to earn thousands processing emails.

Work from home schemes may also be promoted through newspaper advertisements, direct mail drops or through unsolicited emails asking you to visit a website for more information.

Types of home-based business schemes

Common work-from-home schemes are: stuffing envelopes medical transcription Buy and selling real estate, "with no money down!" Investment schemes

31

data entry, processing applications selling or reselling the schemes themselves

Other work from home type schemes require you to: make gift items from home or grow flowers for the export market,

but then require you to also sell these products yourself.

One characteristic common to these schemes is that you are required to invest or send away money before you can start work. As good as the "wages" sound, the promoters don't give the full story. The schemes are often no more than phony get-rich quick schemes - where you're not the one getting rich!  In fact, our own investigations show that almost ALL work-from-home schemes, "passive residual income", make-money-in-your-spare-time and other get-rich schemes are pyramid schemes, scams or simply worthless.

How to check out a work from home scam Ask for a street address, not just a PO Box, and find out as much as you can

about the company and its operations. Ask to talk to other employees - and to ensure they are for real, visit them to

see what type of work is involved and how they are organized. Ask to see examples of the final product and the work required. Ask what materials are supplied, or not supplied. Ask how you will be paid - and in what currency. Ask where the business is incorporated and where it's business license is

filed. Research the product - is it a viable money-maker, and are the proposed

returns achievable? Do your sums - ask yourself whether the time required to do the job, in

conjunction with the start up or material costs, match the returns to be expected.

Use common-sense: if you have never heard of the product or their products are very expensive or there is a fee to sign up as a "distributor" or "consultant", those are tips that it is a multi-level-marketing scam.

Questions to AskLegitimate work-at-home program sponsors should tell you - in writing - what's involved in the program they are selling. Here are some questions you might ask a promoter:

32

What tasks will I have to perform? (Ask the program sponsor to list every step of the job.)

Will I be paid a salary or will my pay be based on commission? Who will pay me? Will I be expected to send money via Western Union? When will I get my first paycheck? What is the total cost of the work-at-home program, including supplies,

equipment and membership fees? What will I get for my money? The answers to these questions may help you determine whether a work-at-home program is appropriate for your circumstances, and whether it is legitimate or simply a scam. You also might want to check out the company with your local consumer protection agency. These organizations can tell you whether they have received complaints about the work-at-home program that interests you. But be wary: the absence of complaints doesn't necessarily mean the company is legitimate. Unscrupulous companies may settle complaints, change their names or move to avoid detection.

Read the fine print on the commercials!

Almost all of the scam work-from-home schemes advertised on television have fine print briefly superimposed along the bottom of the screen, usually while something distracting is being shown, like a pretty blond in a bathing suit talking about how she bought the mansion behind her with the money she earned. Crazyfox.com and other commercials typically say:

"There are no guarantees of specific income nor are there any representations of actual income.

Amounts stated are for illustrative purposes only and are not typical.

Persons depicted are paid actors."The Crazyfox31.com website has this at the bottom:

The incomes depicted are not typical and represent a small percentage of actual participants. There are no guarantees that participants will be able to achieve the income levels depicted. Each individual's success will be determined by his or her desire, dedication, effort, ability to follow directions and personal talent. The actual contents of success kit may vary than what is depicted.

Those statements ought to be a BIG clue that they are selling you an illusion... in other words, a scam.  Generally, you're paying for a pretty worthless booklet which

33

tells you how wonderful it would be to be your own boss and make big money, set your own hours, etc., but no plan or details on how to achieve that.Of course, when you ordered the "kit" you gave the scammers your name, phone number and address; which they will promptly sell to many other companies who will then start calling you to sell more services and schemes.

34

10.0 GET RICH SCHEMES AND FAKE REVIEW WEBSITES

Some websites are themselves scams; claiming to offer you a good deal, a warning about scam business plans or reviews of other websites and get-rich schemes. The overwhelming majority of the time, Get-Rich-Quick Schemes are shams, actually promoting their own (or others) prices or products, which are terrible and at worst, some are identity thieves! Some use a variety of convoluted businesses to skirt the laws and regulations, as many, if not most Multi-Level Marketing companies do, some are blatant rip-offs.

What Defines a Get Rich Scheme or a Scam WebSite?

We all intuitively know when we are being conned or scammed, but there are some clear warning signs to watch for, that we use to define scam websites:

1. Hyperbole - The first and most obvious clue to this type of scam is hype. If the website uses exaggerated claims and hype phrases like "earn passive residual income", "for only pennies a day", "now you can get slim in just minutes" or "Get rich now!", "Earn big bucks in minutes per day!" you can bet it is a scam. A simple rule of thumb is if you see multiple dollar signs like "$$$", you can be certain that a scam is at work!

2. Hidden charges - When they offer something for free, but you have to enter a credit card to pay for "shipping and handling", watch out!  Once they have your credit card number, they can bill anything they want to it. Of course, you can dispute it, but they've prepared for that; the fine print usually says that you have also agreed to try their product or service, and if you don't

35

follow their complicate return rules exactly, then you've bought it.. something you don't need, didn't want and doesn't work, often for hundreds of dollars.

3. No details - They won't give, up-front, you the slightest clue about HOW you'll make all this money in no time and for almost no effort.  Guess what?  You have to buy their magic book of their secrets or sign up to their program!  Ooh!

4. Bait-and-Switch: If the website's advertising, or domain name are clearly different from the intent of the website once you get there, it's a scam. 

5. Misdirection - if you type in a web address, but it redirects to a different web address, that is usually a sign of a scammer.

Is is a scam, or just terrible web design?

At first glance you might think this is a legitimate website for a legitimate business.  But compare the images, text and links.  What does this ubiquitous photo of a young college aged blond woman with a backpack have to do with anything related to shipping cargo?  And you've probably seen that photo many times before; it seems to grace many scam websites.Where is the link to contact information?

Why does a quick search in Google for "basecargo.com scam" turn up 10 results, such as:

Online Shipping Worldwide (www.basecargo.com) - ScamFraudAlert www.basecargo.com is fraud

Evidently, there had been a scam on that domain; they folded, and now the domain is hosting nothing more than sponsored listings, web-speak for advertisements.The present website is more a simple waste of time than a scam.

36

11.0 Internet Money-Making Pyramid Scams

The internet is filled with various forms of multi-level marketing schemes, selling cosmetics, investments, prepaid legal services, diet plans, diet pills, energy boosters; anything that is part of the latest fad. To lure people into the scam the websites use "make money now", Earn $$$ in a few hours per day" and similar hype. The websites continue to become slicker.  Some even try to make themselves look more legitimate or credible by warning you about OTHER scams!

Multi-level Marketing Schemes

Multilevel marketing plans, also known as "network" or "matrix" marketing, are a way of selling goods or services through distributors. These plans typically promise that if you sign up as a distributor, you will receive commissions -- for both your sales of the plan's goods or services and those of other people you recruit to join the distributors. Multilevel marketing plans usually promise to pay commissions through two or more levels of recruits, known as the distributor's "downline."

Pyramid schemes

The most common form of the MLM scam is a pyramid scheme, although all MLM's insist that their plan isn't a pyramid scheme.  You can not believe what they say! If a plan offers to pay commissions for recruiting new distributors, watch out! Most states outlaw this practice, which is known as "pyramiding." State laws against pyramiding say that a multilevel marketing plan should only pay commissions for retail sales of goods or services, not for recruiting new distributors. Pyramid schemes offer a return on a financial investment based on the number of new recruits to the scheme. Investors are misled about the likely returns. There are simply not enough people to support the scheme indefinitely. Pyramid schemes and Ponzi schemes are illegal in the United States.Why is pyramiding prohibited? Because plans that pay commissions for recruiting new distributors inevitably collapse when no new distributors can be recruited. And when a plan collapses, most people -- except perhaps those at the very top of the pyramid -- lose their money.

37

The government (through the Federal Trade Commission) cannot tell you whether a particular multilevel marketing plan is legal. Nor can it give you advice about whether to join such a plan. You must make that decision yourself. However, both CFR and the FTC suggest that you use common sense, and consider these seven tips when you make your decision:

1. Avoid any plan that includes commissions for recruiting additional distributors. It may be an illegal pyramid.  

2. Beware of plans that ask new distributors to purchase expensive inventory. These plans can collapse quickly -- and also may be thinly-disguised pyramids.  

3. Be cautious of plans that claim you will make money through continued growth of your "downline" -- the commissions on sales made by new distributors you recruit -- rather than through sales of products you make yourself.  

4. Beware of plans that claim to sell miracle products or promise enormous earnings. Just because a promoter of a plan makes a claim doesn't mean it's true! Ask the promoter of the plan to substantiate claims with hard evidence.

 5. Beware of shills -- "decoy" references paid by a plan's promoter to describe

their fictional success in earning money through the plan.  

6. Don't pay or sign any contracts in an "opportunity meeting" or any other high-pressure situation. Insist on taking your time to think over a decision to join. Talk it over with your spouse, a knowledgeable friend, an accountant or lawyer.  

7. Do your homework! Check with your local Better Business Bureau and state Attorney General about any plan you're considering -- especially when the claims about the product or your potential earnings seem too good to be true.

PYRAMID SCHEMES

In other cases, schemes are promoted through websites offering expensive electronic gadgets as free gifts in return for spending about $25 on an inexpensive product, such as a mobile phone signal booster.  Consumers who buy the product

38

then join a waiting list to receive their free gift. The person at the top of the list receives his/her gift only after a prescribed number of new members join up. The majority of those on the list will never receive the item.

12.0 SCENARIO IN INDIA (An ALERT !! for the Nation)

Internet usage is catching on among young users in Asia. In January 2008, the Asia Pacific region had more than 300 million Internet users at least 15 years of age accessing the Internet from work and home computers. This represents an increase of 14 percent versus year ago and makes Asia-Pacific the largest of the five worldwide regions.

Worldwide Internet Audience (000)January 2008 vs. January 2007

Region Jan-07 Jan-08 Percent ChangeWorldwide 746,934 824,435 10.4%Asia Pacific 271,192 308,817 13.9%Europe 218,063 232,866 6.8%North America 173,839 183,823 5.7%Latin America 50,641 59,025 16.6%MiddleEast- Africa 33,199 39,904 20.2%

The first Indian phishing case was between NASSCOM and a member of a placement firm, who used NASSCOM trademark in e-mails to IT companies to get personal data and CVs.

In India 339 Phishing incidents were reported in 2006, 392 phishing incidents in 2007 while 576 password-stealing malicious code urls were reported in 2006. India is more prone to Phishing type of Internet Frauds.

Phishing is an online means of fraudulently getting usernames, passwords, credit card details by masquerading as a trustworthy entity.

Frauds send requests through e-mails and ads on recruitment websites, SMS, newspaper advertisements and social networking sites. These would ask you to confirm, update or verify your bank account data. The victim is taken to a mirror site where account details are captured.

39

As more and more busy citizens opt to do their banking and credit card transactions online, a Nigerian’s arrest in Surat and Jitesh Kishan Gavit’s arrest from Mumbai’s western suburb of Nalasopara on February 8 – they have allegedly phished at least 25 HDFC Bank accounts – sent out a strong warning. With an estimated 35.4 million internet users in India, we are a good market for phishers. Internet users in India rank among the top social networking users, and global agencies that monitor phishing have sounded an alert to those hooked to such websites. There is more bad news. When it comes to hosting phishing websites, India ranks third at 9.39 percent, China at the top with 24.21 percent, followed by United States at 23.85 percent according to APWG (Anti Phishing Working Group), a global pan-industrial and law enforcement association focused on eliminating fraud and identity theft due to phishing, pharming and email-spoofing of all types.

Internet users in India Vulnerable

Internet users in India are at high risk as the country is yet to have a dedicated agency that monitors cyber frauds. Neither the Government not the Information Technology industry has taken measures to establish an agency that will monitor, track down and curb the growing number of cyber frauds cases in the country.Gartner Inc, a global IT research and advisory firm, reports that phishers are collecting personal data from social networking websites. This data is collected from online social networks such as MySpace, Facebook and Orkut, and then integrated into very personal and targeted e-mails. The phishing message may be delivered through email, instant messaging, SMS, or a message on your social networking website using a scrap.

Specific India-based information from the Indian Computer Emergency Response Team (CERT), in its last report published in 2006 revealed that phishing attack against the e-commerce sector, which includes online retailers, auction sites and recruitment services, amounts to 76%. The remaining 24% of the attacks target banks and Financial Institutions.

40

13.0 RECOMMENDATIONS

In order to avoid the following recommendations are suggested:

An awareness campaign needs to be launched through Media to make people realize the consequences of phishing and related frauds educating masses from school level to industry level.

Disclosing Security breaches also helps. It educates consumers about the risk involved in online commerce, puts pressure on companies to improve security and gives the government an indication of the true level of crime. Corporations must disclose security breaches to the public.

Indian IT industry and Government should focus on a need to have a dedicated agency that monitors Cyber Frauds. This agency should be established to monitor, track down and curb the growing number of cyber fraud cases in the country.

India should ban the use of Social Networking websites just like in China to prevent further leakage of Personal user information to the cyber-criminals.

Be wary of e-mails that ask for your customer id and PIN details or sensitive information.

Do not click on any links inside and email. Instead type out, for instance, the website address. Eg: http://www.hdfcbank.com

One indication that a Web Address is secure is if it starts with “HTTPS” rather than “HTTP”. Another indication is a padlock icon at the bottom of the screen.

Turn off you computer when not in use, to avoid criminals gaining access.

41

14.0 REFERENCES AND BIBLIOGRAPHY

http://www.consumerfraudreporting.org

http://www.hdfcbank.com

http://www.fraud.org

http://www.hindustantimes.com

http://www.crime-research.org

42