What Is Internet Fraud? The Defenses? The Punishment?
Internet fraud is a general term meant to cover a variety of cybercrimes carried out over the Internet or e-mail, from identity theft (phishing), to health care fraud, to hacking onto a computer network or into someone’s personal computer, to “you’ve been identified as the only living survivor of billionaire Joe Jones” and “to claim your inheritance you must pay a nominal $625 processing fee by wire” (to Nigeria usually), work-at-home scams where one must pay a $49 registration fee (but then receives nothing in return) to sophisticated wire fraud scams.The Gist of this Article: Internet fraud is a term to include a broad array of crimes from identity theft (phishing), to health care fraud, to hacking into someone’s personal computer to steal personal identifying information to perpetrate more crimes or demand a ransom.
Such offenses can be prosecuted under both state and federal law, depending upon the facts.
Under federal law, the controlling statute is 18 U.S.C. § 1343, which covers wire fraud and has now been generally understood to also cover cyber fraud, or fraud perpetrated by e-mail or the Internet. It is an incredibly harsh law, with punishment up to twenty years in federal prison. If the fraud occurs in connection with any presidentially-declared natural disaster or emergency, or affects a financial institution, the penalty can increase to 30 years in federal prison and/or a fine of up to $1 million dollars.
A single e-mail can be sufficient for a conviction under this law. United States v. Selby (2009) 557 F.3d 968, 979. The statute only requires that defendant had a scheme or plan to commit fraud of another person or organization, that the defendant specifically intended this, and that defendant used electronic communication to further this plan. One can be convicted of this crime, yet be unsuccessful in actually tricking someone into giving over money or property.
Under California law, the use of the Internet or e-mail to commit a fraud are covered under Business & Professions Code § 22948 (anti-phishing law) and Penal Code §§ 484e (credit card fraud), 502 (unauthorized computer access) and 530.5 (identity theft).
Under Business & Professions Code § 22948, it is illegal to simply try to elicit personal identifying information through the use of the Internet, i.e. a website, or e-mail by pretending to be a company without that company’s permission or consent. This law, established in 2005, is called the Anti-Phishing Act of 2005. Such personal identifying information includes dates of birth, social security numbers, mother’s maiden name, credit card numbers, credit card passwords and places of birth, most commonly.
Curiously, there are no criminal penalties for violating this, but if someone does violate this law, this violation permits a civil suit by the damaged person, at which there is a lower burden of proof (preponderance of the evidence instead of beyond a reasonable doubt) and damages can be awarded up to $1,500,000.
Under Penal Code § 484e, also known as the law against credit card fraud, one is prosecuted simply for using another person’s credit card without the owner’s consent. The most common way this is attempted is by someone who sends out an e-mail to perhaps hundreds or even thousands of people, representing that the credit card one uses of Amazon is no longer current and must be re-entered, along with the three-digit PIN and the card’s expiration number. Sadly, some people recognize the e-mail as authentic and provide the information.
Once someone uses the credit card, the crime is considered either petty theft or grand theft, depending upon the amount of the unauthorized purchase. It therefore can be prosecuted as a misdemeanor, if the value is less than $950, or as a felony if the amount is over $950. If prosecuted as a misdemeanor, defendant can face up to six months in jail and a fine of up to $1,000. If prosecuted as a felony, defendant can face up to three years in state prison (to be served in county jail) and a fine of up to $1,000.
Under Penal Code § 502, unauthorized computer access, someone hacks into a computer and then alters, destroys copies or takes with them information that they then alter, destroy, or use in some way to further a scheme to defraud, deceive or extort or wrongfully obtain property or money. The offense is a wobbler, depending upon the defendant’s criminal history and the facts of the case.
If the crime is prosecuted as a misdemeanor, the maximum time in custody is one year in county jail and a fine of up to $10,000. If prosecuted as a felony, defendant faces up to three years in state prison and a fine of up to $5,000. Sentencing enhancements do apply if the defendant has a prior conviction for the same type of offense. Restitution is also mandatory to order for the victim to be repaid.
Identity theft, under Penal Code § 530.5, is the last most common form of Internet fraud or cybercrime. It involves the use of the Internet or e-mail to obtain the personal identifying information of another person with the specific intent to defraud that person of property or money or use it for any unlawful purpose.
Personal identifying information can include one’s date of birth, social security number, place of birth, mother’s maiden name, credit card number, credit card password, bank account number, driver’s license number or passport number.
Identity theft is a “wobbler” in California, meaning it can be prosecuted as either a misdemeanor or a felony, depending upon the facts of the case and the defendant’s prior criminal history. If prosecuted as a felony, defendant faces up to three years in state prison (most likely to be served in county jail), plus fines up to $5,000 and restitution to the victim, if any. If convicted of misdemeanor identity theft, the maximum time in custody is one year in county jail and a fine of $1,000.
For more information about fraud, please click on the following articles: