Nowadays, high technology is widely used in human activities and determines the development of many areas of public life. Computers, the Internet, and the cellular communications are constantly being improved and getting more available to the general public. New services and opportunities including e-commerce and non-cash payment by plastic cards via the Internet have emerged. All this has given rise to the emergence of new types of crimes which are classified as computer crimes. Computer fraud is one of the types of cybercrime; its aim is to trick users. Theft of sensitive data can result in the situation where the hacker illegally gains access to information and somehow uses another person’s personal information, which involves fraud or deception.
Now high technology has become a tool in the hands of criminals, which allows them to commit fraud, theft, counterfeiting, steal information through remote computer hacking, distributing pornographic material, and so on. All of these socially dangerous acts may be carried out by a person who is at a considerable distance from the victim, without any direct contact. With the proliferation of high technology, the number of crimes in this area increases. There have appeared new ways of performing them. Computer fraud significantly exceeds the level of social danger of a “traditional” fraud. The use of high technologies in fraudulent activities can pose a threat of material injury to a bigger circle of victims, as the criminals are at a considerable distance from the subject of the criminal offense (Welch, Madison, & Welch, 2011, p. 206).
A survey on computer fraud that was carried out on 200 residents of Barnaul showed that all the 200 people had fallen victims to computer fraud. In particular, 20% of them have been victims of abuse who appealed to law enforcement agencies but did not receive any results. This indicates a high social danger of computer fraud because of its ease of execution.
The year 2009 can be called a turning point in terms of computer fraud in the financial sector. At the time, cybercriminals made a breakthrough in the area of theft and extortion of money from the major organizations, entities, and ordinary users. Globally, the cost of computer crime was more than $ 1 trillion, and this type of crime had become the most common type of illegal activities (Wiley, 2009, p. 17). High technology includes three main components: the Internet, cellular communications, and the mechanisms of non-cash payment. Therefore, people using even one of the three services should be very careful in order not to become victims of computer fraud.
Types of Computer Fraud
Phishing is a special type of computer fraud. Phishing attacks are organized as follows: Cybercriminals create a fake website that looks exactly like a banking site or a site that produces financial accounts online. Then scammers fraudulently try to make the user visit a fake website and make use of their sensitive data, for example, the login name, password or PIN-code. Having access to such information, criminals can steal money from the accounts of those users who have been caught in the trap.
As a rule, in order to attract users to a fake website, criminals use mass mailing e-mails that look as if they are from a bank or other financial institution actually existing, but provide a link to a fake website. Clicking the link, victims go to a fake website where they are prompted to enter their credentials. In phishing messages, the same logo and design are often used as in letters of the bank, as well as links similar to the real address of the bank on the Internet. In addition, the message can contain the user’s name, as if it really was a personal message. In scam letters, plausible reasons are usually given; therefore, they require users to type their data. For example, your bank has conducted a random security check on accounts or has made some changes in its computer infrastructure; thus, all clients must re-enter their details(Fundamentals of Computer and Internet Fraud, 2010).
For users who have received a message like this, it may seem difficult to distinguish a phishing email from a legitimate one, especially for those who are clients of a financial institution from which the alleged letter has arrived. The sender field displays the address that belongs to a legitimate company. However, for the scam, it is not difficult to replace the electronic address of the source that appears in any email client. The message includes logos and images from a legitimate company’s website. Despite the fact that the link included in the email supposedly leads to the original site of the company, it actually redirects the browser to a fake web page that requires the user to enter their data, passwords, and so on. These messages often contain grammatical errors, spelling errors, or special characters that are not normally found in reports of the company they claim to represent.
Each user of the e-mail service is a potential victim of this type of attack. Any email address posted on forums, newsgroups or web sites is potentially exposed to phishing attacks, as there are special mail robots that scour the Internet in search of active email addresses. Thus, the reason for the existence of such malware is clear: A phishing attack is very easy and cheap, and the resulting profit is high, even if it is not likely to work out well (Wiley, 2009, p. 310).
Spyware is software that collects and transmits information to anyone without their consent. Information may include their personal data, configuration of the computer, and operating system performance statistics on the Internet. As a rule, spyware programs are running on your computer secretly, without showing its presence. Modern versions of key loggers are not limited to intercept keystrokes. They can be saved and sent to a pre-set at a specified interval: information about open windows or used programs, clipboard contents or screenshots.
Spyware is used for a number of objectives, where the main target market is research and advertising. In this case, information about the configuration of a user’s computer, software, and visited sites can accurately determine the type of activity and the range of interests of the user. However, the information gathered can be used not only for advertising purposes. For example, information on the user’s PC can greatly simplify the hacker attack. In addition, if the program periodically updates itself on the Internet, it makes your computer very vulnerable. A simple attack on the DNS could spoof the source address to the address of the server upgrade hacker. This “update” will lead to the implementation of any foreign software into the user’s PC (Granville, 2003, p. 104).
Spyware software can get on your computer in two main ways (Jarrett, Bailie, Hagen & Eltringham, 2009, p.35-39):
- While visiting a web site. The most common entry spyware is caused by visiting hacker and wares sites, sites with free music, and porn sites. Typically, to install spyware ActiveX components or Trojans, TrojanDownloader category classification of Kaspersky Lab is used. Many hacker sites may issue a “crack” that contains spyware or TrojanDownloader for the download;
- The installation of freeware or shareware programs. There are a lot of similar programs that are distributed over the Internet or on pirated CDs. A classic example is codec DivX; it contains a utility for downloading and installing secretive SpyWare.Gator. Most programs that contain SpyWare-components do not notify the user.
There are a number of rules and conditions under which a program can be classified as SpyWare.
- The program secretly installs on the user’s computer. The intent of this program is that the installer of a regular program must notify the user of the fact of the installation (with the possibility of failure of the installation). In addition, after the installation, the installer should create a point in the “Add or Remove Programs”, which is a call that performs the uninstall process. Spyware is usually installed in an unusual way (often using Trojan module category). It is hidden from the user, and in most cases, it is impossible to uninstall. The second way to install SpyWare is through a unit hidden in a popular program (Chen, 2011).
- The program secretly loaded into computer memory during boot. It should be noted that developers have started to apply modern SpyWare Rootkit technology to mask the process in memory and files on the disk. It is also becoming popular to create double processes: running two processes, which restart in case one of them stops. In particular, this technology is used in SpyWare.WinAd (Jarrett, Bailie, Hagen & Eltringham, 2009, p.46-48).
- The program performs some operation without the user, for example, sending or receiving any information from the Internet.
- The program downloads and installs its updates, supplements, plug-ins or other software without the user’s knowledge or consent. This property is inherent in many spyware and extremely dangerous, because download and install updates and new modules can be hidden, which often leads to the system’s instability. Moreover, the auto-update mechanism can be exploited to implement the user’s PC Trojan modules (Kunz & Wilson, 2004, p. 6).
It should be noted that the program does not allow category SpyWare to remotely control the user’s computer and transmits passwords and similar information they need for their creators like other categories of some programs such as “Trojan” and “BackDoor.”. However, in many ways the program category SpyWare is similar to Trojans (Doyle, 2010, p. 37-39).
Frauds in Social Networks
Today, social networks are phenomenally popular in all corners of the globe. However, they have also become one of the most popular ways for criminals to commit their frauds. It should be noted that social networks provide a very large scope not only for scams, but also for off-line attacks. Information that can be found on social networks is enough to be used against a variety of victims of social engineering techniques. For example, it may lead to the fact that hackers can gain access to many accounts and even to bank accounts of the victim.
The most common fraud in social networks is spam. The term “spam” is usually used in the sense of “mail spam.” This message is sent to the user from unknown people or organizations without any permission on the user’s part. Typically, spam is a mass mailing to a large number of addresses that contain advertisements or offers, as well as chain letters, and so on. As a rule, these letters contain no personal appeal but have exciting titles such as “Earnings from home” or “Urgent! Unique offer.” Information sent in this way is not credible. Spam messages can contain viruses, making such messages extremely dangerous to read.
Another common type of spam is the so-called “search engine spam.” Sometimes, when the user is looking for something with a search engine (especially queries that consist of a single word), they are provided with search result pages of sites that have nothing to do with their request. The reason for this may be that owners of these sites are trying to “trick” the search engine so that their site appears on top of the most popular requests. The aim of this technique is to increase traffic of the site.
Tips for Protection
Adhering to following rules (as well as tips to protect your computer from malware and hacker attacks described previously in this section) will allow the user to successfully resist phishing attacks.
First of all, it is always necessary to check the source of information. Do not respond automatically to any email that asks for your personal or financial information. If you are not sure why the company actually needs the requested information, pick up the phone and call the contact person in the organization in order to check the source of information.
Secondly, it is necessary to climb to the web address in the address bar of the browser itself rather than go to the link in the email. You should type the Web address (URL) in your browser or use the created earlier bookmark. Even e-mails that may look right in the letter can lead to a fake website.
Thirdly, it is important to enhance the security of your computer. Users who perform transactions via the Internet must install a security solution that can block this type of threat when released into the computer. It is pivotal to apply the most current security patches available from all manufacturers and make sure that the work is done in a secure manner using digital certificates or such communication protocols as HTTPS.
Also, you should always check that you are using a secure web site: Web address should begin with //, and in the status bar of your browser, a small closed lock should be displayed. A double click on the lock should help to view the digital certificate of the site.
Moreover, you should regularly check your account. Monthly statements are very useful for keeping track of incorrect translations and transactions, transactions that you did not make but which are reflected in the statement, and operations performed on-line which are not in the statement.
Furthermore, if you need to use a social network from your Smartphone, you should use only the official application of the social network. If there are none of them, you should visit a social networking site via a normal mobile browser. Of course, applications that belong to Google Play, AppStore, or Windows Phone Marketplace platform vendors are carefully checked, but, unfortunately, they also do not have the opportunity to test the entire functionality of these programs.
Finally, you should not use standard methods to recover a forgotten password and, if possible, tie your page to your mobile phone. Scammers have access to the account of the victim very often through the use of the password reminder service. If the service requires, for example, your mother’s maiden name and the mother is also registered in the social network, it is obvious that access to the page will be a breeze. If the site allows, the best solution would be to come up with the “secret question” itself. It would be even better to bind the page to your “mobile phone.”