Computer-Based Crimes: Identity Theft, Phishing and Pharming Scams - Essay Example

? Running Head: COMPUTER-BASED CRIMES Computer-Based Crimes: Identity Theft, Phishing and Pharming Scams School Computer-Based Crimes Modern information technology, such as the internet has initiated new forms of crimes and made perpetration of old felonies effortless. Computer crimes may involve identity theft, cyberstalking, scams and frauds, hacking, creation of malicious codes, child pornography, and violation of copyrights. Criminals use computers to facilitate the embezzlement of money and properties; theft of confidential records; and alteration and destruction of valuable files. The misuse of the computer may involve the falsification of computer signatures through unauthorized codes; the creation of false bank accounts; theft of personal information and misuse of the stolen information; the virus infection created on computers that can hamper the proper software operations and damage records. In the theft of personal information, victims may not even be aware of the crime perpetration until a very considerable damage on their assets, credit card, and societal status have already been inflicted. Criminals may use programs that would remove any evidence of the committed crime. Today, the biggest crime created through computer use is the electronic financial account transfer. Intellectual challenge is the most significant reason for creating computer crimes. Computer hackers commit such crimes for financial reasons and for personal motives, such as anger or revenge (Computer-Based Crime, 2011). Identity Theft To date, identity theft has the fastest growing crime rate in America. Identity theft is the pilfering and illegal use of private information from an unsuspecting individual to access personal financial accounts. The targeted personal data include a victim’s address, birth date, telephone number, social security number (SSN), bank account number, credit card number, or other valuable identification records to be used for the thief’s economic gain. Criminals use this information in opening new credit and depository accounts, applying for home or car loans, leasing homes, apartments or vehicles (Brody, Mulig & Kimball, 2007) applying for benefits, or filing fake tax returns (Palmer, 2006). In worst cases, perpetrators use the obtained private information to take over the victim’s identity, create enormous debts, or use in a criminal activity under the victim’s name. In businesses, criminals pilfer their financial accounts, confidential access codes of their computer systems, or restricted records of workers. In phishing scams, thieves of company identities carefully pick businesses that may seem appealing to their prospective victims. Banks and prestigious businesses, and the most visited sites, such as the eBay and PayPal are the favorite targets of identity thieves (Brody, Mulig & Kimball, 2007). The electronic exposure of private information in a majority of business deals attracts the interest of identity thieves. Thieves gain access to private information given out by credit card holders when purchasing goods online; using cards in restaurants and gasoline stations; or when withdrawing cash in ATM outlets. In 2005, there were reported incidences of around 10 million identity theft cases, equivalent to 4.6 percent of the U.S. annual population (How Many Identity Theft Victims Are There? What is the Impact on Victims?, 2006). Reports taken from the Chief Securities Officer (CSO) Perspectives Conference confirmed 53 million identity theft cases to date and a further 19,000 cases each day. On the average, a victim loses $40,000 to $92,000 per incident (Friedenberg, 2006). The American consumer group loses roughly $5billion per year, while U.S. businesses and banking institutions lose around $47.6 billion per year (How Many Identity Theft Victims Are There? What is the Impact on Victims?, 2006). Since hacking started in the middle of the 1990s, attacks have dramatically increased. Computer hacking attacks are now more supported and financed by big-time syndicates. Moreover, well-inspired perpetrators have become increasingly daring and destructive (Cyber Crime: Black-hat hacker problems worsen, 2005). Syndicates earn enormous amounts of money from this criminal activity and are willing to generously reward expert scammers who can successfully carry on these cyber attacks (Cyber Crime: Black-hat hacker problems worsen, 2005). Phishing Scam Phishing is a scam that uses volumes of electronic mail messages to attract innocent victims into disclosing private information. A phishing email illustrating a believable problem lures the victim to a fake link that is a replication of the victim’s bank web address; the victim then fixes the imaginary concern and verifies account information and divulges personal identification. Subsequently, the phisher uses the pilfered PIN number, secret code, and identity to drain the victim’s bank account (Brody, Mulig & Kimball, 2007). Another alternative for the phisher would be to market the information. Pilfered consumers’ valuable records are easily purchasable on the internet black market, in spite of the network’s upgrade on protection and the improvement of law enforcement. Purchasers, sellers, mediators and even service industries convene in cyberworld, mostly on web sites from computer servers in the former Soviet Union. Dealers actually earn recognition, scores and status for the worth of the stolen goods. Authors of malicious codes publicize their services to phishers who sequentially deal with spammers to distribute volumes of increasingly advanced hoax e-mails to entice unwary preys (Zeller, 2005). Spear-phishing is a new and dangerous adaptation of phishing that causes panic among computer users. This fusion form of phishing casts temptations for carefully chosen victims rather than casting a net across cyberspace to bait a multitude of unfamiliar victims. According to security experts, it is more difficult to detect spearphising scams than phishing. Phony messages may seem to be legally sent from recognized associations. Electronic mails are intended for prospects with an established affiliation with the replicated sender. Perpetrators use a key logger software that observes the prey’s web access and sequentially begins documenting information as soon as the prey goes into the sites eyed by the scam perpetrator, thus enabling them to directly victimize those individuals. Moreover, spear-phishing activities are more probably connected to higher big-time syndicates searching for financial gain, trade secrets or military information. Spear-phishing is one of the most dangerous computer crimes experienced by users (O'Brien, 2005). Pharming Scam Pharming is a technically higher form of phishing wherein a virus is unknowingly downloaded on the victim’s computer. The prey keys in a genuine web address but is instead redirected to a mock site. The pharmer then steals the financial account number, password, or other valuable information supplied at the phony web site (ID thieves preying on consumers with new phishing scam called pharming, 2005). Although the preferred web address is shown on the screen, in reality, the domain server system has forwarded the internet traffic to a mere replication of the desired location (Biersdorfer, 2005). A malware or malicious software is involuntarily installed to gain access to a computer system without the victim opening an attachment or clicking on a link. Simply opening a pharmer's electronic mail or email message will directly download the secret program, forwarding the internet browser to a mock location. Today, the latest pharming strategy directly installs a virus through Microsoft Messenger with the employment of a key logger and does not even necessitate opening a pharmer’s e-mail. This virus follows the victim’s every web movement and captures secret codes. Computer users using similar passwords on multiple sites are at risk of manifold scams (Hicks, 2005). Spelling errors in domain names are frequently exploited by pharmers. The pharmer creates a web site with one letter omitted from the genuine address to deceive the innocent prey into thinking that the address is real. One more popular pharming style is the unauthorized installation of malware that modifies the computer system causing an accurately keyed address to be conveyed to a counterfeit web site. Slamming is another pharming method that forwards internet traffic into a diverse route. Slamming occurs when a victim requests a domain name transfer to a different registrar. The new registrar is then controlled by the pharmer (Swann, 2005). Protective Measures in the Prevention and Mitigation of Identity Theft Crimes In today’s information era, threats such as identity theft, phishing and pharming, are urging businesses to constantly re-examine potential internet risks and reassess their current network security programs that guard the company, its workforce and clientele. Centering on security requires top priority to every entity in an organization. Companies and private individuals lacking network protection are at high risk from scammers, hackers, and thieves. Institutions must understand, on the other hand, that safety is not the only one in jeopardy. The cost linked with the actual scam, cyber attack and possible customer losses can consequentially create business instability, bankruptcy, and worst, may put institutions out of business, hence the need for proper network security measures to be implemented (Mitchell, 2005). Setting up an electronic certification that can effectively distinguish a legitimate web location from a pharming site can counterattack impending scams (Swann, 2005). Raising awareness is a primary tool in combating identity theft through phishing and pharming plots. Nevertheless, awareness and self-protection are not sufficient to safeguard the valuable information of companies and individuals. The employment of multi-factor authentication and mutual verification software can guarantee that the e-mails and correspondence between customers and institutions are genuine (Brody, Mulig & Kimball, 2007). There are many practical and doable ways of preventing identity theft. Passwords or secret codes should never be disclosed to suspicious-looking web sites; regular software upgrades of computer systems should be made; firewalls should be set up to secure the user’s system and block unnecessary files; anti-virus software must be installed to detect cyber bombs, Trojan horses and viruses (Information Systems Unit, n.d.). Conclusion There is no simple guaranteed solution to crimes committed in cyberworld; however, society is not entirely powerless against it. The U.S. legal system has become more technologically knowledgeable on such crimes and the law enforcement sector has formed cyber crime units specifically handling crimes connected with computers. At present, we have federal crime laws that safeguard individuals, businesses and the government from perpetrators who would steal, deny access to or alter or damage valuable information. These laws provide the internet a safe haven for business, study and fun (May, 2004). Computer Fraud and Abuse Act (CFAA) The Computer Fraud and Abuse Act (CFAA) prohibits the distribution of computer code or placement in the market stream if the purpose is to inflict destruction or financial loss. The CFAA centers on a code's destruction to computer systems and the accompanying financial losses, and it charges criminal punishments for either intentional or unintentional release of virus into a business computer system. When convicted of CFAA violation, the criminal faces imprisonment of up to 20 years and a fine of not more than $250,000 (Hackers: Who’s Responsible?, 2011). The Computer Fraud and Abuse Act prohibits: (1) intentional and unauthorized access of government computers to obtain confidential government information; (2) intentional and unauthorized access of records belonging to financial institutions, the federal government, or any protected computer engaging in interstate or foreign communications; (3) unauthorized entry into any computer connected to the internet; (4) access and fraudulent use of a protected computer; (5) intentional transmission of a program, data, or codes of any computer that intentionally causes destruction to the computer system; (6) unauthorized trafficking of computer passwords for the purpose of affecting interstate commerce or a government computer system; and (7) extortion threats against owners of computer or network (Hackers: Who’s Responsible?, 2011). Identity Theft and Assumption Deterrence Act of 1998 (ITADA) The U.S. Department of Justice acts against identity theft and fraud cases under the 1998 Identity Theft and Assumption Deterrence Act . This law makes identity theft a Federal crime with penalties up to 15 years imprisonment and a fine of up to $250,000 (Fraud: Identity Theft and Identity Fraud, n.d.). It prohibits intentional and unauthorized production or transfer of false or stolen identification documents; intentional possession or use of five or more false identification documents; intentional, production, transfer and possession of a document-making equipment that can make false documents; unauthorized or intentional use of stolen United States documents; and intentional and unauthorized use of another person’s identification documents to commit unlawful activity. This law permits the Federal Bureau of Investigation (FBI), the Secret Service, and other law enforcement agencies to fight identity theft crimes (Identity Theft and Assumption Deterrence Act of 1998, 2011). References Biersdorfer, J. D. (2005, November 3). As with phishing, shun pharming. New York Times. Retrieved 18 February 2011 from ProQuest database. Brody, R. G., Mulig, E., & Kimball, V. (2007, September 1). Phishing, Pharming and Identity Theft. Academy of Accounting and Financial Studies Journal. Computer-Based Crime. (2011). Idea Connection. Retrieved 18 February 2011 from: http://www.ideaconnection.com/solutions/505-Computer-based-crime.html Cyber Crime: Black-hat hacker problems worsen. (2005, August 23). Electronic Payments Week. Retrieved 18 February 2011 from ABI Inform database. Fraud: Identity Theft and Identity Fraud.( n.d.). U.S. Department of Justice. Retrieved 18 February 2011 from: http://www.justice.gov/criminal/fraud/websites/idtheft.html Friedenberg, M. (2006). The coming pandemic: No, not bird flu. Identity theft. CIO Magazine, 19(15). Retrieved 18 February 2011 from ProQuest database. Hackers: Who’s Responsible? (2011). WGBH Educational Foundation. Retrieved 18 February 2011 from: http://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/crime laws.html Hicks, D. (2005). Phishing and Pharming: Helping consumers avoid Internet fraud. Communities and Banking. Retrieved 18 February 2011 from ABI Inform database. How Many Identity Theft Victims Are There? What is the Impact on Victims? (2006, February). Privacy Rights. Retrieved 18 February 2011 from: http:www.privacyrights/ar/idtheftsurveys.htm#FTC Identity Theft and Assumption Deterrence Act of 1998. (2011). National Check Fraud Center. Retrieved 18 February 2011 from: http://www.ckfraud.org/title_18.html ID thieves preying on consumers with new phishing scam called pharming (2005, October). PRNewswire. Retrieved 18 February 2011 from: http://www.nclnet.org/news/2005/phishing_10132005.htm Information Systems Unit. (n.d.). Computer Crime Prevention. Retrieved 18 February 2011 from: http://www.nrps.com/isu/comprev.eht May, M. (2004, June 1). Federal Crime Computer Laws. SANS Institute InfoSec Reading Room. Retrieved 18 February 2011 from: http://www.sans.org/reading_room/whitepapers/legal/ federal-computer-crime-laws_1446 Mitchell, C. (2005, December). Taking Internet Security off the Backburner. Chief Executive. Retrieved 18 February 2011 from ProQuest database. O'Brien, T. L. (2005, December 4). For a new breed of hackers, this time it's personal. New York Times. Retrieved 18 February 2011 from ProQuest database. Palmer, S. (2006, January 10). IRS warns consumers of e-mail scam. St. Petersburg Times. Retrieved 18 February 2011 from ProQuest database. Swann, J. (2005, September). Banks need to protect themselves against pharming, says FDIC. Community Banker. Retrieved 18 February 2011 from ABI Inform database. Zeller, T., Jr. (2005, June 21). Black market in credit cards thrives on web. New York Times. Retrieved 18 February 2011 from ProQuest database. Read More