Wire fraud is defined as the financial fraud involving the use of information technology or telecommunications for material or financial gain. A person commits this fraud by either using a computer, fax, cell phone, wire, radio, television, or any electronic communications device that has the ability to cross state lines in an attempt to defraud an individual(s). This crime occurs when an individual intentionally and voluntarily utilizes any sort of interstate communications devices such as a telephone or computer to defraud another person of his or her property or money. Wire fraud is in a distinct category of fraud from other categories such as mail or telemarketing fraud and is defined in its own category under federal law statute 18 USC 1343. This is a "white collar" federal offense with the potential for severe punishment. Being that it is a white collar offense, the prosecution does not require the scheme be carried out. Prosecutors must only need to prove the intention and ability to defraud others. In addition to laws which cover the general acts of wire fraud, the federal government has made special provisions for any type of wire fraud that involves the direct effect of any United States financial institution, a state of emergency, or disaster.
Elements of Wire Fraud
According to the United States Department of Justice Attorneys Office, Federal law 18 U.S.C 1343 states the elements of wire fraud are directly parallel to those of the mail fraud statute, but require the use of an interstate telephone call or electronic communication made in furtherance of the scheme. This law also states there are four essential elements to support the crime of wire fraud.
These elements include:
(1) that the defendant voluntarily and intentionally devised or participated in a scheme to defraud another out of money;
(2) that the defendant did so with the intent to defraud;
(3) that it was reasonably foreseeable that interstate wire communications would be used; and
(4) that interstate wire communications were in fact used.
Methods of Compromise
Personal information and credentials needed to compromise accounts are easily available to criminals working in the online wire fraud marketplace. Account holders do not realize they are making things easier for these criminals by using the same passwords and/or usernames for different accounts such as online banking accounts, credit card accounts, email accounts, and even voicemail accounts. Because of this, when a fraudster decides to compromise an account, chances are he or she will gain access to other accounts the victim has established. In essence, account holders should not use the same password/username for different online accounts in order to protect themselves from wire fraud. If a fraudster does not have the ability to gain access to an individual's account, he or she can use other resources such as email compromise, vishing and smishing, phishing, malware, and/or social engineering.
Email compromise- Email compromise can work two ways: by either gaining access to an email that leads to online banking access or by gaining access to online banking which will lead to email access. No matter how the act is committed, the fraudster will gain access to both accounts. Compromising an email account will provide the criminal access to the victim's personal information such as username and password, which will authenticate him or her to a wide range of the victims online services and accounts. This information can include passwords, credit card numbers, bank account numbers, pin numbers, and even social security numbers. Generally, if the criminal has manipulated a victim's email password, chances are he or she will gain access to other passwords. Once this occurs, the account holder will become a victim of wire fraud because the fraudster will steal money and information from those accounts possibly leaving the victim penniless.
Vishing and Smishing- Voice mail attacks, also known as vishing occurs when the criminal calls the victim claiming to be a credit card company, bank, or similar entity. The criminal will ask the victim to confirm personal information such as account number(s) or social security number(s) over a voicemail message. Many times the fraudster will fix the caller identification name to show a bank or company name, thus making the call more believable. Typically, vishing comes from a criminal representing as either a live agent or automated voice synthesizer , often in an urgent sound, urging the victim to call back and leave a voicemail of the personal information requested to avoid dire results. Smishing derives from criminals using phishing attacks on mobile devices and tablets. This occurs by delivering mass texts with a sense of urgency of similar contexts as the vishing. Typically the texts will contain links to a call back number or malicious payload. If or when the victim calls the phone number back, an automated voice response system will ask the victim to leave the personal and financial information.
Phishing- Phishing is the traditional attack which starts with an email that looks authentic from a financial institution such as the IRS, credit card company, or bank asking the victim to provide personal or financial information. Generally, the victim will click on the link provided which will go to a fake site. When this happens, the site will either collect personal information or install malware on the victim's computer. It is important to not reply to emails, texts, or pop-up messages asking for personal and/or financial information. Do not click on links provided even if the email looks authentic. A legitimate business or financial institution will never ask for personal or financial information via email or text.
Phishing messages can be seen as:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
Malware- Malware includes a variety of malicious and intrusive software's to include computer viruses, Trojan horses, worms, spyware, adware, ransom-ware, and scare-ware and can take the form of scripts, codes, and active content. Criminals will use malware to steal personal information from the victim, send spam, and commit wire fraud. Malware can also destroy the victim's computer if the victim does not have the correct virus protection on their computer. A common form of malware fraudsters use is financial malware which has been designed to scan the victim's computer and/or entire network for information related to financial transactions. Extracted information is then transmitted to a third party which controls the malicious software program. One example of financial malware is Cridex which is a sophisticated strain of banking malware. The Cridex Trojan spreads by copying itself to removable and mapped drives on infected computers. Cridex creates a backdoor entry point on infected systems, enabling the possibility for additional malware to be downloaded and run as well as conduct operations such as opening rogue websites. Cridex capability allows the capture of banking credentials of users on an infected system when the user attempts to visit and log into a financial website. Cridex will secretly redirect the user to a fraudulent version of the financial site and record the login credentials as they are entered. To avoid malware infection, make sure to install firewall and security software, do not click on links inside emails, do not click on pop-ups, pay attention to browser settings and security warnings, and regularly back up data onto a USB, CD, DVD, backup recovery program such as the cloud. Cloud services have become more common, easier to store data, and are free to the user. Cloud services include Google Drive, Drop Box, AppleiCloud, and Microsoft SkyDrive. Be aware and prevent malware!
Social Engineering- This crime entices the art of manipulation. Criminal use manipulation towards their victims in hopes to gain personal and/or confidential information such as passwords and bank information. They will try to trick you into giving personal information or access to the victims computers to secretly install malicious software. This installation will give the criminal easy access to passwords and bank information. The fraudsters will also trick innocent third parties such as customer service representatives to help complete a wire fraud crime. Social engineering tactics are used by criminals because it is much easier to gain people's trust by natural inclination than it is for someone to think about discovering ways to hack someone's computer software. A trusting person would not consider the possibility of a nice or charming person hacking their computer to gain information. Additionally, it is much easier to trick or manipulate someone into giving out information rather than trying to hack a password. One common social engineering example is an email from a friend. This occurs when a hacker manages to hack an email password and gain access to the victims contact and social networking list (since most people have the same passwords for several accounts.) Once the criminal has control over the victim's account, they send emails to the victim's contacts, leave messages on the friends social pages, and even leave messages on friends of friends social pages. Typically, these email messages will contain a link or download to click on. If the victim clicks on the link or download, the malware infection process begins. Furthermore, phishers will send messages of compelling (fake) stories or scenarios asking for dire need of financial help, or stating there is a problem with a financial account , or notifying you that you have won some extravagant vacation. Criminals will also use "baiting" to gain access to personal information. This can include a link to the next hot movie for free, or pop-ups of great deals on special websites. Make sure to always research before opening a suspicious link or download. Once a malicious link has been opened, the malicious software will seek your personal information and destroy your computer system.
Prosecution and Penalties of Wire Fraud
Wire fraud is a white collar crime and is considered a form of government fraud. Many cases have been prosecuted under the Racketeering Influenced and Corrupt Organizations Act (RICO) of 1970. This act was originally meant to fight organized crime but has been found to be right the tool need by prosecutors to convict wire fraud criminals as well. If RICO is invoked, any property used by the defendant(s) in the commission of the wire fraud may be seized by the government, including vehicles,computers,and houses. To convict a criminal of wire fraud, the prosecutor must prove the defendant had the intention and ability to set forth and carry out the fraudulent scheme to defraud others. Prosecution does not need to prove the scheme was actually carried out and may build a criminal case with as little as one person and up to a group of persons which contain information and/.or materials in their possession that can prove the defendant had a plan of intention to carry out wire fraud. Furthermore, in a wire fraud case, prosecutors must prove beyond a shadow of a doubt that (1) the defendant willfully and knowingly created a scheme or plan to defraud a person, group, association, or business for the sole purpose of obtaining property or money by means of false promises, representations, or pretenses, and (2) the defendant willfully and knowingly delivered communications by means of interstate wire transmission for the sole purpose of defrauding person, group, association, or business. Wire fraud is a federal offense with possible severe penalties. Penalties may include fines, probation and imprisonment. If convicted of wire fraud, the offender will face up to a 20 to 30-year federal prison sentence and up to a $1 million dollar fine. Generally, the punishment is for wire fraud is no more than 20 years and possible fines depending on the amount and material gains. The penalty will be at the higher range if the wire fraud has involved a financial institution or has a connection with a federally declared disaster area.