Fraud is a lucrative business.

By the middle of last year, the Internal Revenue Service reported more than 90,000 complaints, 1,100 victims, and an estimated $5 million lost from fraud, according to the IRS website.

Every year thousands of victims and millions of dollars are subjected to a growing number of scams, said Computer Science and Cyber Security Professor Al Heitkamper. And, he said, the types of scams increase greatly each year.

Heitkamper said one of the biggest scams racking up the most victim numbers is called phishing — an attempt to get information such as usernames, passwords and credit card information by using a form of electronic communications.

The IRS scam is an example of that, he said.

Victims of this scam receive calls from people claiming to be from the IRS and saying a lawsuit has been filed from the previous tax year. The caller threatens the target with arrest unless they pay the amount specified over the phone.

Heitkamper said spoofing phone numbers is easily done over the Internet and allows scammers to show the call is coming from somewhere else.

“I can go on a webpage and type in the number I’m calling from — this is the number I want to be displayed — and the name will pop up on the caller ID.” he said.

“Then you pick it up thinking it’s a valid call — and it might not be.”

Heitkamper said the Internet is a treasure trove for scammers with the increasing amount of personal information being put up on social media sites.

He said it’s one of the largest research grounds for scammers for spear phishing.

“Social media is a way to gather information on you, and go after you and lie to you,” he said. “If you have a social media page, like Facebook, and you talk about your kids or how you go to school at OCCC or anything, they take all that information and build a whole scenario around [the information] and target you specifically.

“That’s called spear phishing because they’re targeting an individual. (With) phishing you’ll usually get an email saying ‘dear sir’ or ‘ma’am’ or whatever. They won’t know your name.

“In this case they would know who you were and know things about you.”

In addition to phishing, Heitkamper said, emails and texting open people up for receiving malware — a term that refers to a variety of forms of hostile or intrusive software, including viruses, trojan horses, ransomware, spyware and other malicious programs.

Some scams can do serious harm such as stealing identities, and obtaining usernames and passwords.

He said a keylogger is one such way for others to acquire personal information without a person’s knowledge.

“A keylogger is a piece of hardware, like a USB drive, someone can stick in the back of your computer and everything you type in will [be recorded],” he said.

“They come back and take the device away and they’d be able to get all your passwords and everything.

“There’s a keylogger software and a lot of times they will put a keylogger on your computer so they can log everything that you do out there.”

Heitkamper said before purchasing anything online, take steps to make sure the website is secure.

“When you go [online,] in the browser it says http:// but sometimes it’ll say https.”

“The s is for secure. There used to be little locks, but that’s not necessarily a guarantee.”

Heitkamper said sites that show banners stating they are secure or verified by Verisign can still pose a security problem as anyone can put a picture up stating their site is secure.

He said to protect yourself from becoming a victim to online scams and to provide more protection, users should always make sure their software is updated including applications, operating systems, and good antivirus and antispyware.

Cleaning computers by deleting cookies and history also can help as well, he said.

Heitkamper also warns against opening emails from unknown sources.

“If you get an email from your bank, call them,” he said. “Go directly to your bank. Don’t click that link because you don’t know if you’re going to your bank’s website or not.”

No one is immune to falling prey to scammers, Heitkamper said.

“Ninety percent [of the web] is used by businesses and criminals. It’s called the dark web. You don’t know what actually takes place online.

“It’s almost impossible to protect yourself as an average user. Even as a professional you have to be careful.”

Heitkamper said to report any scam or fraud at the Federal Trade Commission’s website at ftc.gov or at ic3.gov.