ISSC451 -Viruses, Exploitation and Stalking.

Description

You are encouraged to conduct research and use other sources to support your answers. Be sure to list your references at the end of your post. 1. Explain why or why not viruses and denial of service attacks should be punishable by law. 2. What is cyberstalking? What type of offenses can occur that could be defined as cyberstalking? 3. How can a person protect themselves from becoming a victim of cyberstalking or cyber exploitation?

Don't use plagiarized sources. Get Your Custom Assignment on
ISSC451 -Viruses, Exploitation and Stalking.
From as Little as $13/Page

Unformatted Attachment Preview

Copyright 2020. Routledge.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Chapter 5
Cyberdeception and Theft
Introduction
Cyberdeception and theft, as described by Wall, refers to “the different types of acquisitive
harm that can take place” in the digital environment (2001, 4). Acquisitive crimes are those in
which the offender gains materially from the crime. In a simpler sense, cyberdeception refers to
the act of lying (deception) and stealing (theft) in the digital environment. In theory the two phenomena are distinct. Lying is commonplace in human relationships and is usually not a criminal
offense, while theft is universally seen as a behavior that needs to be prohibited. However, the
two phenomena are often linked. Criminals lie, construct elaborate fantasies, and embark on all
types of subterfuges to steal money or information from a victim. Thus, for practical purposes,
we can combine cyberdeception and theft.
Cyberdeception is distinct from the other categories of cybercrime in the wider array of both
offenders and victims. Young people tend to be the perpetrators and victims of cyberviolence,
the disadvantaged and poor are victims of child trafficking, and businesses or wealthy individuals are the target of cybertrespass. Cyberdeception, on the other hand, is a crime experienced by
young and old, rich and poor.
There are at least two reasons for this. First, so much of commerce occurs through and by
Internet-enabled technologies. The use of a credit card means that you are potentially a victim
of credit card fraud or credit card skimming. Everyone who has an identification number of
some kind (registration number, credit card number) and inputs this number in a website is a
potential victim of identity theft. Buying goods online puts you in a position to be a victim of
many crimes, including Internet auction fraud or unwittingly buying counterfeit goods. Second,
there are numerous ways of deceiving someone in the digital environment, and these run from
highly technical to more psychological. This expands the range of perpetrators. If someone does
not have technical skill they can rely on social skills, and vice versa. It also expands the range of
victims. A person may be aware of phishing or spoofed emails, for example, but fall victim to a
romance scam because they are emotionally vulnerable.
EBSCO Publishing : eBook Collection (EBSCOhost) – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM
AN: 2141005 ; Roderick S. Graham, ‘Shawn K. Smith.; Cybercrime and Digital Deviance
Account: s7348467.main.ehost
92
5
Cyberdeception and Theft
Types of Cyberdeception and
Theft
The ways in which someone can be defrauded online are far too many to list. One way of analyzing cyberdeception and theft is to look at the motivations behind the criminal or deviant
behavior. Button and colleagues (2015) organize online frauds into two types—those motivated
by the desire for money and those motivated by the desire for information (see Table 5.1). Any
list is a tentative one, as individuals are continuously devising new schemes. However, the theft
of money or information is a main way of organizing current and new schemes.
Table 5.1 Money vs. Information Motivation
Money Seeking Frauds
419 scams: The victim is contacted by someone claiming to be an official with a large sum of money. They are
looking for someone to help them obtain the money, in return for which they offer to pay a substantial fee.
To start the venture, however, they require a payment in advance from the victim.
Bogus inheritance scams: Victims are contacted and told they have inherited a large sum of money from a
long-lost relative but need to pay fees in advance to release the money.
Bogus lottery: Victims are contacted and told they have won a lottery but need to pay a fee in advance to
release the funds.
Bogus products: Goods and services advertised on online markets that are either defective or nonexistent.
Career opportunity scams: Jobs and training are offered online, usually for lucrative jobs, but the reality is
there is no chance of work.
Clairvoyant and psychic scams: Victims are sent communications saying that something bad will happen to
them unless they pay money.
Loan scams: Victims are sent demands for debt repayment with threats if they do not pay for nonexistent loans
or scammers offer to renegotiate debts or amend adverse credit ratings.
Person in distress fraud: In some cases, people are targeted with a tragic story of a stranger and asked to send
money, or in a variation, a person’s email account is hacked and all their contacts
are mailed to say they are in distress in a foreign country and could monies be wired urgently. This is often
targeted at older computer users, and the fraudster purports to be a young relative in distress.
Romance frauds: There is a wide variety of different romance frauds, with the most common including
the victim falling in love with usually a fake person and being tricked into sending gifts or money for
emergencies or their costs of travel to meet them.
Share sale scams: Victims are convinced to buy worthless or overvalued shares using high pressure sales. The
buying of these shares increases the values of the shares, at which time the fraudsters then sell their shares.
This is also called a “pump and dump” scheme.
Personal Information Seeking Frauds
Fake websites and emails: The sending of fake emails (phishing) or the creation of fake websites (spoofing).
These fraudulent communications and spaces are designed to harvest personal information in order to steal
the identity of the computer users (identity theft).
Social networking: Fraudsters use fake identities to befriend individuals online and then harvest any online
personal data displayed or trick them into parting with the information.
Malware: More sophisticated fraudsters use programs, viruses, and hacking to secure the personal
information of a victim.
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
5 Cyberdeception and Theft
In this chapter we will narrow our focus to several well-known types of cyberdeception.
These are:
•• Identity Theft—Obtaining and using another person’s personal data in some way that
involves fraud or deception.
•• Phishing—Sending fraudulent communications to obtain personal information.
•• Advance Fee Frauds—Scams in which a fraudster leads a victim to believe that they
will receive a large payment in the future for some present action—usually an “advance
fee.”
•• Romance Scams—A fraudster develops a deceitful relationship with a victim to extract
favors from the victim, usually in the form of monetary payments.
•• Selling of Counterfeit Goods—The selling of merchandise that purports to be a product of a recognized brand company but is instead a copy of lesser value.
•• Pump and Dump Schemes—A fraudster or group of fraudsters urges a victim to buy
stocks to artificially inflate their value. They then sell the shares they own at the inflated
price. The victim is left holding shares that are decreasing in value.
•• Digital Piracy—The illegal acquisition of digital, copyrighted goods.
•• Cryptocurrency Fraud—The fraudulent buying or selling of cryptocurrencies.
Identity Theft
Identify theft, also called identity fraud, is understood as all types of crime in which someone
wrongfully obtains and uses another person’s personal data in some way that involves fraud
or deception. Most states have identity theft laws that prohibit the misuse of another person’s
identifying information. Although the term identity theft is of the 21st century, the process is
not new:
identity theft is as old as the concept of identity itself. As soon as identity acquired any sort of
value, someone was going to want to steal it for nefarious purposes. Someone else’s identity
in ancient Egypt could gain you access to the presence, and influence, of a Pharaoh. If you
were transported to the colonies in the 18th century, one way of getting back to England was
to steal the identity of a sailor and blag [persuade/lie] your way onto a returning ship.
(Kirk, 2014, 449)
In 2017, 17,636 people reported being victims of identity theft to the Internet Crime Complaint
Center (IC3).1 These victims reported a total loss of $66,815,298—an average loss of around
$3,800. IC3 provides some understanding of how much money is lost per incident reported.
However, the number of incidents reported is likely a low estimate because it is restricted to the
people who contacted the center.
A more accurate estimate of the number of victims is provided by the Bureau of Justice
Statistics National Crime Victimization Survey. The Bureau of Justice Statistics reported in 2014
that 17.6 million people were victims of identity theft.2 This is a large number in comparison to
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
93
94
5
Cyberdeception and Theft
other crimes. Consider that in the same year, 2014, the total number of people who were victims
of burglary, motor vehicle theft, and theft totaled together 10.4 million.3
According to respondents to a survey conducted by the Identity Theft Resource Center,4
victims lose not only money, but also time. Table 5.2 shows the most frequent actions taken by
a victim of identity theft. It is noticeable that many of the more common responses were about
the loss of time. Victims also experienced damages that extended beyond financial loss. Table
5.3 shows that victims of identity theft reported stress, lack of sleep, and headaches, and more.
In sum, the data presented in this section suggests that identity theft is a common crime that
has wide-ranging impacts on those who are victimized. In the next section we discuss exactly
what is “identity” in the digital environment.
PERSONALLY IDENTIFIABLE INFORMATION
Humans use observation to identify a person—usually their eyes to see physical features or
mannerisms. They also use their ears to hear a person’s voice, or their noses to smell. Individuals
without sight may also rely on touch to identify a person. Once someone is identified, we then
know how to interact with that person: to approach, to be guarded, to be friendly, etc. This happens at a subconscious level, and we are not necessarily cognizant of this process. We are only
Table 5.2 Most Frequent Responses to the Question: Did You Do Any of the Following as a Result of Your
Identity Theft Case?*
Closed existing financial accounts
Use online accounts less frequently or not at all
Spent time away from other life experiences, like hobbies or a vacation
Closed existing online accounts
Borrowed money from family/friends
Took time off from work
Spend time away from family
33%
33%
33%
27%
26%
22%
22%
*Modified from the Identity Theft and Resource Center’s “Identity Theft and Its Aftermath” 2017 report (www.​f tc.g​ov/sy​
stem/​f iles​/docu​ments​/publ​ic_co​m ment​s/201​7/10/​00004​-1414​44.pd​f )
Table 5.3 Most Frequent Physical Reactions Because of Identity Theft Victimization*
Stress
Sleep disturbances (unable to sleep, oversleeping, nightmares)
An inability to concentrate/lack of focus
Fatigue
Headaches
64%
48%
37%
35%
34%
*Modified from the Identity Theft and Resource Center’s “Identity Theft and Its Aftermath” 2017 report (www.​f tc.g​ov/sy​
stem/​f iles​/docu​ments​/publ​ic_co​m ment​s/201​7/10/​00004​-1414​44.pd​f )
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
5 Cyberdeception and Theft
aware of the process when our senses cannot help us. For example, someone hears noises on the
bottom floor of their home and call out to ask who it is. The response, or lack of one, will then
determine how one should proceed.
Computers use information unique to each user—numbers, letters, dates, biometric information—to identify a person and then decide how to interact with that user. This information is of one of three types: something you know, something you are, or something you own
(see Table 5.4). In a common scenario, a person goes to a banking website and is confronted with
a screen asking for identifying information—a username and a password. The response, or lack
of one, will then determine for the computer (the server owned by the bank) how to proceed.
This identifying information is called personally identifiable information, or PII. The act
of stealing one’s identity in the digital environment is ultimately the act of stealing a victim’s PII.
Some examples of PII include:
••
••
••
••
••
••
••
Social security number
Alien registration number
Numbers issued by government organizations such as a school or the military
Birthdate
Address
DNA
Eye signature (retina display)
The requirement for PII is that it can distinguish one person from another. Some PII are by design
meant to be unique, such as a social security number or military identification number. Other
types of PII are not as effective at distinguishing individuals. Someone’s name is technically a
type of PII but because two people can have the same name it is not an effective identifier.
The more information a computer network can require for privileges the less likely someone
will be able to steal the identity of a legitimate user. Thus, some computer networks use two
forms of identification. This is usually something you know like a password, and something you
own, like your mobile phone. This two-factor authentication is the norm at ATM machines,
where a person must provide something they know (a username and password) and something
they own (a credit card) to gain access.
As computer processing power and algorithms become more complex, computers are beginning to use other types of PII to distinguish people. For example, the ability of computers to
Table 5.4 Types and Examples of Personally Identifiable Information
Type of Personally Identifiable
Information
Something you know
Something you are (biometric data)
Something you own
Examples
Passwords, answer questions (e.g. your mother’s maiden name, the name
of your favorite dog), birthdate
Fingerprints, facial composition (through facial recognition software),
voice (through voice recognition software), DNA
Key, credit card, mobile phone
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
95
96
5
Cyberdeception and Theft
distinguish handwriting samples has improved to the point that handwriting is becoming an effective type of PII. Similarly, facial recognition software has become better at accurately identifying
faces, and as such facial images are another potential type of PII. At the time of this writing, all
new iPhones are equipped with Apple’s version of facial recognition technology—Face ID.
Phishing
One of the main ways PII is stolen is through phishing. Phishing can be described as sending
fraudulent communications—emails, text messages, and instant messages—to obtain personal
information. In 2014, the American security firm RSA published a report stating that 2013 was a
record year for phishing attacks globally. The report states that there were approximately 450,000
attacks with losses close to $6 billion.5
A common form of phishing is the sending of fraudulent emails that trick the receiver into
providing PII. An example of a fraudulent email would be an email that purports to be from the
victim’s bank, asking the victim to either reply with information directly or click on a link. The
email may use logos and wording that reminds the recipient of a prior legitimate communication
from the bank. The link will then send the victim to a site that looks legitimate but is a harvester
of PII. Although high-level coding skills are not needed, the fraudster must know how to design
an email or website so that it looks legitimate.
THE SYSTEM OF PHISHING FRAUD
One successful phishing attempt can deceive thousands of people into unwittingly providing PII.
Phishing is also, as discussed in Chapter 2, a means through which databases containing millions of customer entries are hacked. It is often the case that a successful phishing attempt may
produce too much PII for one fraudster to use before the company or the customers realize they
have been defrauded. Or, the individuals with the skills to develop convincing phishing communications are not always the individuals who are willing to use the stolen PII to steal money or
information. Under these conditions a phishing system has developed on the dark web where PII
is stolen, sold to third parties, and then used by those third parties to steal money or information.
There are at least four roles in this system—coders, fraudsters, brokers, and buyers. A model
of the relationships between these roles, modified from Konradt and colleagues (2016), is presented in Figure 5.1. The flow of goods moves from coders who produce the fraudulent code, to
fraudsters who then deploy the code and accumulate the PII, to brokers who arrange the space
for transactions, to the buyers who then purchase the PII. A well-known example of a broker was
the infamous Silk Road website on Tor, where buyers and sellers of a wide range of illegal goods
met to complete illegal transactions. The broker often ensures the transaction—as the money is
provided by the seller before the goods are shipped—and receives a small percentage of the sale
for this service. The flow of cash moves in the opposite direction. The brokers receive a transaction fee for their services, which is a cost of business that is shared by both fraudster and buyer.
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
5 Cyberdeception and Theft
Flow of
Goods
Coders
Malicious
Software
Fraudsters
Stolen PII
Brokers
(Intermediaries)
Transaction
Fee
Stolen PII
Buyers
Figure 5.1
Cash
Flow
Roles and relationships in phishing fraud.
For example, a bundle of credit card numbers may sell for $300, plus a transaction fee of 7%,
or $21. This fee is paid by the buyer; however, the fee is a “cost” for the fraudster as well as it
increases the price of their product.
Advance Fee Frauds
Advance fee frauds are scams in which a fraudster leads a victim to believe that they will receive
a large payment in the future if they perform some present action. The present action is usually
the sending of money, hence the label “advance fee.” However, fraudsters may sometimes ask for
PII. For instance, the fraudster may ask the target to supply bank information so that they can
wire a large sum of money into the target’s account. The money will supposedly then be shared
with the fraudster and target.
These frauds are also called confidence frauds as the fraudster must create a sense of confidence in the victim that the fraudster is being honest and truthful. These scams are most well
known as Nigerian 419 scams, after the section of Nigerian law that it violates. In the early days
of the public Internet, English-speaking scammers from West African nations were notorious for
sending emails to targets in Western, English-speaking nations. Computer users have become
warier of these scams; however, people are still defrauded on occasion.
Research done by Onyebadi and Park (2012) identified some common themes of advance
fee fraud emails. One theme is that the emails are addressed to an unknown recipient—“Dear
Sir/Madam.” Onyebadi and Park argue that while this should be a red flag, this is often
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
97
98
5
Cyberdeception and Theft
ignored by victims. Second, the fraudster attempts to establish credibility and engender trust
in the target by sharing (false) personal information. This includes contact information such
as email, telephone, or fax number. Third, each message details a circumstance in which a
large sum of money is available, but to receive this money help is needed. The money has
been gained through illegal dealings, an inheritance, or someone in a troubled circumstance
looking to leave the country. Another theme is that the victim is promised a large financial
reward for little or no investment. Here is an example of an email provided by Onyebadi and
Park (2012):
From ‘Princess Fustina karom’: ‘I am a female student from University of Burkina faso,
Ouagadougou. I am 23 yrs old … my father died and left I and my junior brother behind.
He was a king … He left the sum of USD 7, 350, 000.00 dollars … I am ready to pay 20% of
the total amount to you if you help us in this transaction and another 10% interest of Annual
After Income to you’.
A final theme identified by Onyebadi and Park is that the letters are not grammatically correct. At first glance, this would seem to be a clear indicator of the fraudulent nature of the
email. However, one explanation provided by the researchers is that while the poor grammar
may reveal the real handicaps in the scammer’s language, it makes it possible for the victims
to assume a sense of superiority: “the poor grammatical construction might be a part of the
scammers’ strategic deception of their potential victims, especially Europeans, into believing
that they (scammers) are naive, uneducated and less intelligent folks who need supposedly wiser
benefactors to help them” (195).
Romance Scams
Romance scams are scams in which online profiles are created or manipulated for developing
a fraudulent relationship with the intended victim. The relationship is built to extract favors
from the victim, usually in the form of monetary payments. In some cases, romance scams can
be for the purposes of convincing a victim to traffic drugs, as in the case of Sharon Armstrong
(see Table 5.5).
THE PROCESS OF ROMANCE SCAM VICTIMIZATION
Whitty (2013) used 20 semi-structured interviews with romance scam victims to develop a
model of the romance scam victimization process (see Figure 5.2). The process begins with
need or desire. The strong desire for companionship or love lowers the defenses of a potential
victim. While data has been difficult to gather on romance scams, most research and most public instances of romance scams suggest that older females are the prime target. This is likely
because as adults age, their romantic opportunities decrease, and this is especially so for women.
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
5 Cyberdeception and Theft
Table 5.5 The Story of Sharon Armstrong
In 2010, Sharon Armstrong, a high-ranking New Zealand government official, met a man named Frank on the
dating website Match.com. Over the next six months, she and Frank exchanged over 7000 emails. In 2011,
Ms. Armstrong and Frank agreed to meet in London, with Frank asking Ms. Armstrong to stop over in
Buenos Aires, Argentina. Ms. Armstrong was to collect some documents in a suitcase from a colleague, a
woman named Esperanza.
Ms. Armstrong was arrested by customs officers in the airport. She was transporting five kilograms of
cocaine with a street value of over 1 million dollars. Ms. Armstrong was sentenced to four years and ten
months in prison in Argentina and was released after two and a half years.
Since her release, Ms. Armstrong has become an advocate for more awareness of online fraudsters. She has
written a book describing her experiences entitled Organised Deception. Ms. Armstrong’s experiences are
not unique, as many people fall victim to romance scams in which they are defrauded of money or asked to
traffic drugs for drug cartels.
Source: www.sharonarmstrong.org/
The next steps involve social engineering. For instance, an “ideal profile” is constructed. This
ideal profile is what the fraudster believes will attract the greatest number of victims.
One of the more interesting aspects of Whitty’s study is the sales techniques used by fraudsters. For example, fraudsters test the waters, called the “foot in the door” technique, by asking the victim for small, trivial favors. If the victim complies, then larger sums of money are
requested. Fraudsters also present a crisis in which there is little time to evaluate the validity of
the request. This is analogous to salespersons offering a “limited time only” or “buy in the next
two hours” sales promotion. These sales techniques can be understood as social engineering.
Another aspect of note is the alternative strategy employed by scammers where they sexually abuse or exploit their victims. Victims are asked to undress or masturbate in front of a camera. This is done for the enjoyment of the fraudster, or for future blackmailing. Whitty’s study
also illuminates the reason why people remain in scams even when they suspect foul play or to be
re-victimized. Whitty argues that people may be aware that the person they are communicating
with may be a scammer, but they are willing to play the long odds in the chance that the person
is genuine. This is analogous to the person who plays the lottery, knowing the odds are exponentially long but is willing to risk a dollar or so.
Selling of Counterfeit Goods
One common type of cyberdeception is the sale of merchandise that purports to be a product of
a recognized brand company (e.g. Rolex or Hermes) but is instead a copy, or “knock-off.” For
the fraudster, the selling of counterfeit goods is attractive because of the low levels of perceived
risk and potentially high profits (D.S. Wall & Large, 2010). The primary victim in this fraud is
usually the purchaser of the counterfeit product. They assume that they are getting an original of
the same quality on discount, only to discover when the product arrives that their electronics or
fashion accessories are of low quality and not produced by the brand company. However, there
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
99
100
5
Cyberdeception and Theft
Stage 1
“Victim Motivation”
The victim must be
in need of a relationship
Stage 2
“Ideal Profile
Presentation”
The victim is presented with a profile
that is ideal for them
Stage 3
“Grooming”
Trust is gained through sharing
of personal, intimate details
Stage 4
“The Sting”
Fraudster asks for money using a variety
of techniques (e.g. crisis, “foot in the door”)
Stage 5
“Crisis Continuation”
Continuous requests are made until
victim ceases to comply
Stage 6
“Sexual Abuse”
In some cases, when no more money
is given the fraudster sexually exploits the victim
Stage 7
“Re-victimization”
After acknowledging a scam, the victim
either re-enters the same scam or becomes
a victim of a new fraudster
Figure 5.2 Whitty’s (2013) romance scam process.
are occasions where the purchaser is aware that the product is a knock-off, but are comfortable
with the low quality, especially for clothing, if they can convince others that it is the “real deal.”
Another victim is the company whose products are being counterfeited. They are losing profits
because customers are buying “knock-offs” that take advantage of the name value they have
produced.
Fraudsters contact victims in at least three ways. First, fraudsters may have their own website. Findings from research suggest that websites selling fakes were more likely registered in
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
5 Cyberdeception and Theft
China, and hosted in Estonia, Russia, or Sweden (Wadleigh, Drew, & Moore, 2015). Also, countries that have industries that are often the victims of counterfeiting are less likely to host counterfeit websites (Wadleigh et al., 2015). The hosting providers in France, a fashion capital, are less
likely to host counterfeit shops. A second way is through online auction sites like eBay. Sellers
can create fake accounts, or accounts not connected to their identity in the physical environment, and attempt to sell counterfeit goods. A third way is through direct emails or spamming.
Fraudsters can purchase email lists from email aggregators, and then send email blasts to targets.
Heinonen and colleagues (2012) examine complaints submitted to the Internet Crime
Complaint Center (IC3) for 2009 and 2010. They divide all complaints into auction fraud complaints (i.e. being defrauded on sites like eBay) and non-auction fraud complaints. Their study
found that most complaints were for non-auction fraud and victims were contacted via email or
through a website. Most of the fraudsters were from the United States, and most of the victims
were male and over 30 years old. Heinonen and colleagues’ study is informative but is limited.
Only victims from the United States and who reported incidents to IC3 were analyzed. However,
counterfeiting is a worldwide phenomenon and many victims do not report incidents to law
enforcement.
Pump and Dump Schemes
Another type of fraud is a stock manipulation scheme commonly called “pump and dump.” The
scheme begins with a fraudster contacting potential investors to “pump” the stock. The investors are then conned into purchasing the stock by the misleading claims from fraudsters. The
stock may be deemed the “next big thing” or “can’t miss.” When investors begin bidding for and
buying shares of the stock, the price of the stock rises. The fraudsters then sell or “dump” their
shares, netting a profit at the inflated value. This flooding of the market causes the value of the
stock to fall, often below the original purchase price.
A traditional approach to pump and dump has been to contact investors by telephone or
mail. However, the digital environment has made this scheme easier to execute because fraudsters have more means in which to communicate with investors. Social media platforms such as
Twitter and Facebook can be a means through which fraudsters spread false claims about a stock.
They can also spam potential investors through email.
Digital Piracy
Digital piracy can be described as “the purchase of counterfeit products at a discount to the price
of the copyrighted product, and illegal file sharing of copyright material over peer-to-peer computer networks” (Hill, 2007, 9). More simply, it refers to the illegal acquisition of digital, copyrighted goods. A common example of digital piracy is recording a movie playing in a theater,
and then selling “pirated” copies of the movie. The business can be profitable because, although
the quality is often lower, the price of purchasing the pirated copy is a fraction of what it takes
EBSCOhost – printed on 12/28/2023 3:29 PM via AMERICAN PUBLIC UNIVERSITY SYSTEM. All use subject to https://www.ebsco.com/terms-of-use
101
102
5
Cyberdeception and Theft
to purchase a movie ticket. Before internet usage became ubiquitous, pirated movies were often
reproduced as physical copies on VHS tapes and CDs and sold in the physical environment.
A modified version of this practice occurs in the digital environment, with pirates making
copies of a wide range of content, and then sharing it with millions of computer users through
peer-to-peer file-sharing networks. These copies are made through tested methods such as
recording movies in theaters, but more sophisticated thieves can rip content from subscription
services like iTunes or from live TV and on-demand services.
Digital piracy impacts at least three groups. The first group impacted is the content producers. Content producers—the recording artists and individuals in the movie industry—fund their
endeavors through selling their products to an audience. There is some disagreement as to how
much digital piracy impacts these sales, but there is no doubt that many people elect to download
illegal content instead of purchasing it for full price. Content distributors are also impacted by
digital piracy. While Netflix and Amazon produce their own original content, their core business model has been to make content available and deliver that content to a paid user. Here again,
there is some disagreement as to how much money these providers are losing, but many computer
users will decide to watch illegal downloads instead of paying for a subscription. A third group
may be the users who are consuming illegal content. There is some evidence that digital pirates
may allow hackers to place malware on their sites. A user’s computer will then be infected should
the