Money is to be made with computer fraud. While this statement seems to be shocking, it is nonetheless a very real indication of the seriousness of the nature. As we are becoming more dependent on technology for our information and convenience, and the lack of process being made in stopping computer fraud, we are increasing the risk we place on ourselves. Computer fraud is often perpetuated by computer professionals who have an understanding of information technology. They have an advantage over the normal computer user, and due to the anonymous nature of the Internet, it is often difficult to catch and try suspects (Lynch, 2003).
Key Terms in this Chapter
Social engineering: An activity that is conducted by perpetrators on individuals in the hopes of gaining some personal information, such as credit card numbers, banking information, user names, passwords, and so forth. Social engineering can take the form of e-mails, mail, and phone calls. The authors of social engineering activities exploit individuals willing to trust, often with bad consequences. It often relies on non-technical means and involves tricking individuals to give up personal information. Social engineering perpetrators often rely on the goodness and natural tendency of people to help others.
U.S. Patriot Act: The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, also known as the U.S. Patriot Act, was passed by Congress and signed into law by President George W. Bush in October of 2001. It was designed after the September 11, 2001 attacks to allow law enforcement quicker access to information and to share information in the hopes of stopping future attacks. It expanded and clarified rules regarding the seizure of digital evidence and the authority to intercept electronic, oral, and wire communications when it relates to computer fraud and abuse offenses, and expanded on the use of search warrants for electronic data.
Computer Fraud Activities: An activity where an individual would gain knowledge of someone’s personal information, for example, phishing and pharming. Activities are also directed at the corporations, for example, theft of computer time, theft of computer resources, and software modifications or copying of software. It is typically considered an act where a computer is used to commit fraud.
Computer Fraud and Abuse Act: The federal Computer Fraud and Abuse Act, 18, (USC1030) (CFAA) of 1986, created and passed by Congress to reduce the hacking incidence of computer systems. It was last updated as part of the Patriot Act in 2001, raising penalties, increasing jail time, expanding the definition of loss, and making it easier to show damage Organizations can make use of CFAA against employees who wrongfully use data that was on their computer systems, for example, to give to competitors, or start a business. The CFAA is a federal statute which authorizes penalties, terms of imprisonment, and civil actions.
Computer Fraud: An activity conducted for financial gain by an individual. Computer fraud can be a malicious attack to steal data, or a type of social engineering where the goal is to gain someone’s personal information. Computer fraud can be considered an inside or outside threat. Identify loss, data modifications, and data theft are all forms of computer fraud.
Identity theft: An activity where a perpetrator uses someone else’s personal information without their permission for financial gain. Examples could be credit card and mortgage fraud, where credit is issued to the perpetrator based upon the financial rating of the victim. Perpetrators steal identities in numerous ways: e-mails, key loggers, impersonations, phone calls, and stealing trash from an individual’s home.