ITWorld reports that the U.S. Federal Trade Commission (FTC) has begun mailing refund checks totaling nearly US$2.3 million to consumers who were allegedly charged hidden fees by a fake work-at-home service that used Google's name to advertise. According to the FTC and court records, the operation promised that consumers could earn US $100,000 in six months after signing up to receive a work-at-home kit for a shipping fee of under US$4. The operation did not tell consumers, however, that they were disclosing their account information and would be charged an additional US$72.21 each month.
According to the FTC's website, Internet-related fraud and crime has been the fastest growing segment the commission deals with under its consumer protection mandate. In 2010, 1.3 million complaints were filed in the United States, and 315,000 of those were related to identity theft and Internet services.
Whether it concerns a consumer, business, or government, being a victim of Internet-related fraud carries a range of negative effects, including financial losses, damaged reputation, loss of trust or investor confidence, lowered staff morale, and legal costs. One of the more worrisome types of Internet scams involves the use of rogue websites that pass themselves off as well-known and trusted companies or imply — through use of trademarks, logos, and other copyrighted material — that they have legitimate ties to them, as was the case with the work-at-home scheme.
Internal auditors can help prevent their organizations and its employees and customers from becoming a victim of Internet-related fraud by:
Updating audit plans to include fraud risk assessments that broadly focus on Internet fraud. The audit plan also should include more specific fraud risks related to identity theft such as phishing, "pagejacking" (i.e., someone steals part of a legitimate website and uses enough of it in a fake site to trick Internet search engines), advance fee and bad check scams, fake money orders, and Internet-based money transfers.
Making online intellectual property theft a fraud risk priority. Organizations — and individuals — own intellectual property rights to any material they have created, which means they own exclusive rights to use, publish, or sell that material. But when this material is in electronic form on the Internet, it can be copied and used without permission. An organization's text, images, and multimedia could turn up on someone else's site, as in this FTC case.
Staying vigilant for possible negative option transaction schemes. These types of schemes may include prechecked boxes and other similar kinds of tricky "fine print." It could be a work-at-home scheme or anything else where money or accounts are involved, so internal auditors should watch for these, as they may give the organization the green light to charge for otherwise hidden and unnecessary services or costs, including for a protracted time period
Researching online companies. See what others are saying about the company's offers and services. Negative feedback or complaints can indicate potential fraudulent behavior. It's also important to note who is behind the offer.
Verifying the offer's terms and conditions. If the terms are difficult to locate or understand, this may indicate a fraudulent offer.
Examining all transactions and bank statements. In addition to reviewing hard copies of bank statements, organizations should have a process in place for examining electronic credit, debit, and other transactions and statements as well as the related financial controls over them. Doing so may help identify fraudulent charges more quickly than during a month-end review.