Cyber Crime and Business: How to not Get Caught by the Online Phisherman
| Author | Nick Nykodym - Lisa Kahle-Piasecki - Sonny Ariss - Tracey A. Toussaint |
| Pages | 252-259 |
Journal of International Commercial Law and Technology Vol. 5, Issue 4 (2010)
252
Cybercrime and Business: How to not
Get Caught by the Online Phisherman
Nick Nykodym, Ph.D., Lisa Kahle-Piasecki, M.B.A., M.Ed.,
1
Sonny Ariss,
Ph.D. and Tracey A Toussaint, M.B.A.
Abstract. Throughout the history of modern business, management has dealt with the problem of
theft. Business es have a difficult time keeping money and in formation out of the wrong hands,
due t o external robberies and i nternal theft of both mon ey and c onfidential information
(Nykodym & Ariss, 2006 ). Apart from the ease of being able t o reach customers anywhere in the
world, the electro nic media has created a new wave of worries for companies, since theft of
information is becoming easier for criminals and harder to detect for businesses. Cyber crime,
called “phishing,” can be c haracterized by attackers using trusted Internet sites t o lure
information from unsuspecting consumers. It is now becoming a widespread problem for the
business world. Phishing attacks are one of the major elements of cyber crime and companies
have begun the arduous battle against phishers to keep their customers safe and their businesses
afloat.
1 Introduction
Phishing is a scam to steal valuable information b y sending out fake emails, or spam, written to appear as if
they have been sent by banks or other reputable organizations with the intent of luring the recipient into
revealing sensitive information such as usernames, passwords, social security numbers, account IDs, ATM
PIN’s or credit card details. Phishin g can also come in the form of a pop-up message. Typically, phishing
attacks will direct the recip ient to a web page designed to mimic a target organization’s own visual identity and
to harvest the user's person al information, often leaving the victim unaware of the att ack. Obtaining this type of
personal data is attractive b ecause it allows an attacker to impersonate their victims and make fraudulent
financial transactions. Victims often suffer significant financial losses or have t heir en tire identit y stolen,
usually for criminal purposes (Watson, Holz, & Mueller, 2005).
Phishing e-mails can be sent to people on selected lists or on any list, expecting that some percentage of
recipients will actually have an account with the real organization (TechWeb, n.d., para. 1). Once the
cybercriminals have gathe red personal data, they have to deci de how to use it. If the information comes from a
business or financial institution, cybercrimin als will research the best customers to attack. The best customers
will have large assets, a go od credit score, or other identifiers that make them a profitable victim.
Cybercriminals will also research the types of transactions that get more scrutiny or w ill set off alarms and
avoid those types of transactions (National Consumers League, 2006).
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal
identity data and financial account credentials. Attacks using social engineering rely on using social skills
through human interactio n, to obtain information about a company or individual in order to gain access to
sensitive information or personal data (United States Computer Emergency Readiness Team [US-CERT],
2009). Social-engineering schem es use 'spoofed' e-mails to lead consumers to counterfeit websites designed to
trick reci pients into di vulging financial data such as credit card numbers, account usernames, pass words and
social security num bers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often
convince recipients to respond. Technical subterfuge schemes plant crimeware onto personal computers (PCs)
1
Contact Author: Lisa Kahle-Piasecki, T
he University of Toledo, 2801 W. Bancroft Street, Toled o, Ohio 43606.
E-mail:
lisa.kahle@rockets.utoledo.edu
To continue reading
Request your trial