Computer fraud

Computer fraud is a type of crime that involves using computers, computers, networks, or digital systems to defraud businesses, governments, or individuals. This could include stealing money, identity theft, malware-based attacks, illegally accessing private information, or intentionally preventing revenue. It is primarily carried out through viruses, phishing, distributed denial-of-service (DDoS) attacks, and social engineering. Cryptocurrency fraud, social media and marketplace fraud, and fraud using artificial intelligence became more common in the twenty-first century as technology continued to evolve.

Background

In the United States, computer fraud is illegal under the Comprehensive Crime Control Act. The act was passed on October 12, 1984. It was updated in 2008. Other applicable laws include the Computer Fraud and Abuse Act (CFAA; 1986), which criminalizes unauthorized access to computer systems, and the Identity Theft and Assumption Deterrence Act, which prohibits identity theft-related crimes. Some international guidelines and rules also aim to prevent computer fraud, including Interpol and Europol Cybercrime Units and the Financial Action Task Force (FATF).

Computer fraud comes in many forms. These include phishing, malware, DDoS attacks, and social engineering. Computer users should be wary against attacks and take a number of precautions to keep their digital information safe from criminals. Operating systems and anti-malware software should be kept up to date, passwords should be crafted in a manner that makes both guessing and cracking them difficult, and anyone who asks for log-in information should be carefully scrutinized. Most legitimate businesses will never ask for a customer's username and password.

Overview

Phishing is a type of email scam perpetrated by a criminal intending to steal personal information, such as bank account numbers, usernames, passwords, or social security numbers. It involves creating a falsified email, usually claiming to belong to a reputable online store or banking institution. This email asks for the log-in or purchasing information of the user. Because users erroneously believe the email is from a reputable source, they are likely to enter their information into the email. In some cases, the email links to a false page designed to look like the impersonated website. Users then attempt to log into the fake website, and transmit their credentials to the criminal. This information can be used to steal money or perpetrate identity theft, or can be sold to other criminals.

Malware is malicious programming installed on individuals' computers without their knowledge or consent. It includes viruses, spyware, adware, and any other variety of malicious software. Viruses are computer programs or scripts that modify the files on computers in disadvantageous or unethical ways. The malware may steal information, delete files, display messages, send false emails, or cause a computer to run slowly. Viruses spread by copying themselves to other computers through emails or other forms of file sharing. Spyware is software designed to illegally spy on a computer user. It keeps a record of the user's activities, including keystrokes and browser history. This information is sent to a remote computer, where it can be used or sold. Adware is malware designed to show advertisements to a computer user. It is often coupled with spyware, allowing the malware to use an individual's search history to show targeted advertisements.

Malware can be extremely damaging to a computer. Users should run reputable antivirus or anti-malware software to stop infections before they occur. If computer users suspect their devices may be infected by malware, they should take the equipment to a professional for proper removal of the virus. Failure to remove malicious software could result in identity theft, loss of personal files, or monetary theft.

DDoS attacks are used to disrupt a website or digital service. They utilize a botnet, or a network of computers remotely controlled through software. In many cases, botnets are created by viruses. They infect computers without the knowledge of the users, allowing criminals to control the users' computers without their knowledge or consent.

To orchestrate a DDoS attack, botnet controllers order their botnets to attack a small number of servers or computers. The large botnet is able to overwhelm its target, disabling it. This is most commonly used to temporarily disable the web presence of certain news outlets, stores, businesses, and government agencies.

Social engineering involves tricking a person into providing important information used for cybercrime. For example, a criminal could trick an employee of a company into believing he is from the company's information technology division. The criminal could use this deception to convince the employee to allow the criminal to use his computer account, granting the criminal access to a company's computer network. Other common social engineering techniques include pretending to be a parent, spouse, or student to gain access to accounts or computer networks.

Computer fraud can be prevented in several ways. Proper cybersecurity measures will stop most attempts at computer fraud. These include regularly updating software, enabling firewalls and antivirus protection, backing up data regularly (to prevent losses in the case of ransomware attacks), monitoring financial transactions, and using multi-factor authentication. Creating difficult-to-crack passwords and changing them regularly is also important.

Two-factor authentication involves linking a cell phone with a specific computer account. If the computer fails to recognize a user's password, or suspects that someone may have hacked into the account, the computer can send a code to the linked cell phone. Without this code, the account cannot be accessed. While criminals can acquire a password, it is extremely unlikely that they also have access to the cell phone linked to it.

In addition to these steps, users should verify that important information being transmitted, such as passwords and credit card numbers, are only sent through encrypted channels. Encryption means that even if the information is intercepted by a third party, it will be extremely difficult for that party to unlock any important data.

Bibliography

"Computer Fraud." Computer Hope, 22 June 2024, www.computerhope.com/jargon/c/computer-fraud.htm. Accessed 6 Jan. 2025.

"Computer Internet Fraud." Cornell, Apr. 2023, www.law.cornell.edu/wex/computer‗and‗internet‗fraud. Accessed 6 Jan. 2025.

"Distributed Denial of Service Attacks." Imperva Capsula, www.incapsula.com/ddos/denial-of-service.html. Accessed 6 Jan. 2025.

"How to Protect Yourself While on the Internet." Computer Hope, 26 Dec. 2023, www.computerhope.com/issues/ch000507.htm. Accessed 6 Jan. 2025.

"Phishing." Computer Hope, 20 Dec. 2024, www.computerhope.com/jargon/p/phishing.htm. Accessed 6 Jan. 2025.

"Social Engineering Scams." Interpol, www.interpol.int/en/Crimes/Financial-crime/Social-engineering-scams. Accessed 6 Jan. 2025.

"Tech Support Scams." Federal Trade Commission, Sept. 2022, www.consumer.ftc.gov/articles/0346-tech-support-scams. Accessed 6 Jan. 2025.