Introduction
The rapid development of technologies in today’s world has led to both positive and adverse outcomes. Cybercrimes, which could not be possible centuries ago, are now a significant public concern. In the contemporary world, this type of criminal offense is punishable like the more traditional ones, including burglary, homicides, and thefts. It is crucial to study cybercrimes to be aware of their mechanisms, possible outcomes, and related legislation. This paper will provide an in-depth analysis of a cybercrime, addressing its evolution, relation to technological advancements, legal implications, and possible technological solutions. In particular, it will present the issues related to phishing, the motivation of attackers, and the ways law enforcement may utilize to protect the population from this type of cybercrime.
Phishing
The cybercrime selected for this paper is phishing; it can be considered one of the most significant offenses the world’s population encounters daily while using the Internet. Phishing is designed to steal valuable users’ data, including passwords and credit card numbers (“Phishing attacks,” 2020). This cybercrime may result in unauthorized purchases and identity theft. The way phishing works may be illustrated by the following example, although there are various scenarios scammers may use. For instance, an attacker may deceive a victim into clicking a link that leads to the freezing of the system of the installation of malware (“Phishing attacks,” 2020). The link may be included in a text message or an email. When a victim clicks it, their sensitive information may be stolen, or a ransomware attack may occur. There are various types of sensitive information scammers may steal through phishing. They include account numbers, passwords, login credentials, Social Security numbers, and data related to banking. Access to this information may allow offenders to use an individual’s credit card, social media, email, and other accounts.
There are several reasons why attackers may engage in phishing. The first one is entertainment, as many criminals perform cyberattacks to test their abilities (Brar & Kumar, 2018). Successful phishing attempts may be sources of joy for them; they allow offenders to feel superior. The second possible reason is so-called hacktivism, which implies that some attackers are motivated by social, political, or religious causes (Brar & Kumar, 2018). For instance, some criminals may want to discourage the users of a particular website from using it or extend their political beliefs, making them known among the masses using phishing.
The third potential reason is financial gain, as offenders often steal credit card credentials or money from their victims. Notably, even large organizations may become victims of phishing; moreover, some offenders do not act on their behalf but are hired by companies, countries, or other individuals (Brar & Kumar, 2018). Another reason for engaging in phishing is spying, which means that criminals may steal confidential information and transfer it to the interested party. In this case, offenders work to achieve their client’s aims and may receive money or other profit for their actions. Finally, revenge is also one of the possible motivations for phishing attacks. Often, the individuals participating in such cyber crimes are expelled or humiliated employees acting out of hate (Brar & Kumar, 2018). Their possible goal, in this case, is to cause financial loss and damage to the reputation or the social image of their former employers.
The Evolution of Phishing
Phishing has been a highly popular cybercrime scheme for several decades now. Some of the earliest recorded phishing cases occurred more than twenty years ago (“Evolution of phishing attacks,” 2020). Currently, it may be challenging to detect that an email or a text message contains a malicious link due to the advancements of technology. However, it was easier in the beginning because scammers did not have enough knowledge or experience in cybercrimes. In the 1990th, attackers targeted the users of AOL primarily, but as the Internet became more popular, the number of phishing scams increased (“Evolution of phishing attacks,” 2020). At that time, the attacks involved sending automated campaigns to users, which helped offenders to steal individuals’ personal information and login credentials. Later, hackers started to work on creating engaging emails or sending messages from familiar companies or contacts to trick users.
It is possible to say that phishing gained national attention when AOL users became scammed regularly. As a result, the Internet provider had to enforce policies aimed at preventing phishing attempts from increasing (“Evolution of phishing attacks,” 2020). Today, phishing continues to be a national concern, as the use of this type of criminal scheme has resulted in a loss of around $30 million annually (Federal Trade Commission, 2019). Thus, it is crucial to work on mitigating the outcomes of this cybercrime and finding ways to stop criminals from attacking Internet users.
Technology and the Evolution of Phishing
Technology has affected the evolution of cybercrimes, especially phishing, significantly. For instance, the development of software that allows for creating fake email accounts has made it easier for offenders to make people think that they interact with the people or companies they know. Proxy servers help scammers to remain anonymous, and simple algorithms can create high-quality content for emails and enable messaging to a large group of people simultaneously. Moreover, it is crucial to note that the number of strategies criminals use is growing, while there is still a lack of awareness and proper cybersecurity training among the public (Gershwin, 2019). As a result, many people may not even realize that phishing exists and that offenders may trick users into sharing their sensitive information.
Another technological factor that has affected the evolution of phishing is the development of social networks. For the attack to be successful, scammers should create convincing emails or messages, forcing an individual to take action or click a link (Gershwin, 2019). It can be done by including the user’s personal information into the text so that the person could believe the data presented in an email. The rise of social media has allowed offenders to research the victim’s full name and address, in addition to other personal information. As a result, many phishing messages contain indicators that can be mistaken for real ones.
Legislation Related to Phishing
Phishing-Related Legislation
In the United States, there are state laws related to phishing. Currently, 23 states and Guam have legislation targeting phishing schemes specifically, while other states’ laws address computer crime and identity theft, which may also be related to cybercrime (National Conference of State Legislatures, 2018). The primary regulation that has been suggested was the Anti-Phishing Act of 2005; however, the bill did not pass (“Anti-phishing laws & regulations,” 2020). The bill proposed a five-year sentence in prison and a fine for attackers engaging in identity theft using falsified emails or corporate websites.
Although there is no nationwide legislation addressing phishing specifically, there are other regulations covering related topics. For instance, the Health Insurance Portability and Accountability Act states that organizations working with patient health records must protect individuals’ data and execute security awareness programs (“Anti-phishing laws & regulations,” 2020). It means that if an offender tries to steal a person’s health-related information, insurance companies and medical facilities are responsible for preventing them from doing so. Another regulation helping to eliminate phishing indirectly is the Sarbanes-Oxley Act addressing the use and storage of customers’ financial information (“Anti-phishing laws & regulations,” 2020). The act implies that business organizations should develop security policies to eliminate their vulnerabilities to phishing attacks, although email security is not mentioned in the regulation specifically.
Finally, the Payment Card Industry Data Security Standard, also known as PCI-DSS, is another legislation that can address and mitigate phishing. It is an industry regulation applicable to businesses accepting debit and credit cards or working with individuals’ credit card information (“Anti-phishing laws & regulations,” 2020). Like the acts presented above, PCI-DSS requires organizations to protect clients’ data by developing educational programs on security awareness, aiming at preventing possible theft of financial information in the future.
Limitations and Gaps of the Legislation
It is possible to say that the primary gap of the current legislation related to phishing in the United States is that there is no nationwide law protecting Internet users and individuals utilizing credit cards. Although many states have regulations that can prevent this cybercrime, the groups of the population not living in these states may be at risk. Moreover, it is crucial to note that the existing programs, including PCI-DSS, the Health Insurance Portability and Accountability Act, and the Sarbanes-Oxley Act do not address phishing attacks directly. It means that offenders may still find ways to engage in cybercrime and evade responsibility for it.
One of the limitations of phishing-related legislation is that it cannot address the main factor making this cybercrime successful. This factor is the human element, which means that even if the most effective laws and punishments are implemented, they cannot prevent individuals from trusting unauthorized sources or making poor decisions affecting their privacy. It is possible to minimize the impact of this issue, too, by offering security awareness training, including hands-on sessions that use phishing templates derived from the real cases of scamming (“Anti-phishing laws & regulations,” 2020). However, the human element cannot be eliminated completely even if proper legislation regarding phishing is in force.
Penalties for Phishing in Florida
The statute regulating phishing in Florida is the Florida Computer Crimes Act. It prohibits introducing computer contaminants, modification, and rendering of data, destroying programs or data, and disclosing confidential information (“Florida computer crimes laws,” 2020). Moreover, the act prevents unauthorized access to data, damage of computer- or network-related equipment, disruption of the ability to transmit data, and injury of a computer, system, or network. In other words, the law addresses offenders’ attempts to steal sensitive information using any means of phishing.
In Florida, offenses against intellectual property are charged as third- and second-degree felonies, depending on the severity of particular cases. Offenses against computer users, in turn, may be considered third, second, and first-degree felonies, especially when they endanger human life or disrupt a computer network that affects medical equipment (“Florida computer crimes laws,” 2020). The factors that can be considered defenses to the charges include the lack of knowing and willful participation in the cybercrime and the fact that the owner of the computer system provided authorization.
All of the presented charges may result in significant punishment for offenders in Florida. For instance, felonies of the third degree are the least serious ones; however, the attacker may be forced to spend five years in prison and pay a fine of up to $5,000 (Mince-Didier, 2020). Second-degree cases can result in a term of fifteen years and a fine that can reach up to $10,000. Finally, felonies of the first degree, which are the most serious ones, are punishable by up to thirty years in prison and a fine of $10,000 or less (Mince-Didier, 2020). Possible prior felony convictions can also play a role in punishment. For example, a person that has been previously convicted of two or more offenses of this type may receive a lengthy-term under one of the state’s recidivist sentencing schemes (Mince-Didier, 2020). Thus, phishing attempts can result in severe consequences for attackers.
Analysis of the Penalties
It is possible to say that the identified penalties are adequate for penalizing an offender. As mentioned above, phishing may result in adverse outcomes for the victims of this cybercrime; their identity may be stolen, or they may lose much money and experience a high level of stress. Various types of phishing attacks are categorized differently in Florida, which is significant because some of them may have more severe results than other ones. For instance, it is crucial that phishing attempts that may endanger human life are considered first-degree felonies. It means that potential offenders may question their decision to engage in this type of crime, as they are likely to be imprisoned for thirty years and pay a large fee as the result.
It is vital to note that the fees attackers are to pay may be higher. The reason for it is that phishing attempts, and, especially, those considered first-degree felonies, are significant offenses that should be associated with corresponding punitive measures. The analysis reveals that, currently, attackers are charged with the same fee for first- and second-degree crimes of this type. It may be feasible to raise the fee for felonies of the first degree, as this offense may result in more severe outcomes. All in all, the penalties for phishing in Florida are adequate and can prevent potential criminals from engaging in this cybercrime.
Challenges Law Enforcement Might Encounter
One of the major possible challenges law enforcement may encounter in efforts to address and prevent phishing attacks is identifying potential offenders. With the rapid development of technology, it may be challenging for law-enforcement authorities to de-anonymize criminals and track their activity. Moreover, as mentioned above, there are no nationwide laws aimed at controlling phishing specifically, which means that potential attackers may use this legal technicality for their own benefit.
Another challenge that can be outlined is the lack of awareness regarding cybercrimes and phishing, in particular, among the population of the United States. Brar and Kumar (2018) report that, as a result of this issue, many users do not handle their sensitive information correctly. For instance, they tend to enter personal data in fraudulent websites and fail to distinguish them from authorized sources. Moreover, the population may be unaware of the activities that may potentially result in identity theft or other types of offenses. Many Internet users, especially inexperienced ones, may not understand how their data may be stolen or what measures they can take to avoid it. Notably, even experienced users may become victims of phishing, which means that the lack of awareness of cybercrimes and their mechanisms can be a significant issue for all groups of the population.
Conclusion
Using Technological Solution to Prevent and Address Cybercrimes
There are several strategies and technological solutions law enforcement may utilize to prevent and address phishing attacks. First, it is crucial for the country’s authorities to educate the public about this type of cybercrime, its features, and possible outcomes. Second, law-enforcement agencies can implement several technological solutions and teach the population to use them, too. Some of these solutions include measures related to data encryption, biometric verification, and the use of strong passwords and IDs (Brar & Kumar, 2018). Even changing a password to a stronger one may protect individuals from phishing attacks, which means that it is crucial to introduce at least small steps that could help Internet users to protect their data. Thus, it is crucial to teach the population to use all the available technological tools to prepare them for possible attacks.
Law-enforcement authorities should remind individuals and companies that the more significant the information, the higher the risk of phishing attacks (Brar & Kumar, 2018). For organizations, this point is particularly significant, as they may be more valuable to phishing because they operate much sensitive information, including the data of their users. Some of the technological solutions law enforcement may suggest are those that can increase integrity. They include the implementation of digital signatures, user access controls, and file permissions (Brar & Kumar, 2018). Moreover, cryptographic checksums and backups may also serve as ways to ensure security. Thus, the combination of technological solutions and educational sessions can help to prevent this type of cybercrime.
Using Technology to Benefit Society
The information presented above reveals that the use of technology can minimize the occurrence of phishing attacks, which can benefit society significantly. However, law enforcement may utilize other strategies to affect the population and overall social change positively. For instance, law-enforcement authorities may use rapid identification systems, which can help the police to analyze individuals’ criminal history, along with tracking systems and cutting-edge software. This way, they can identify the potential attackers quicker and analyze the possible gaps in the public awareness that may lead to the development of phishing.
Notably, some types of technology law enforcement may use may not be related to cybercrimes specifically. For instance, police officers may implement programs to track vehicle license plates, which may help them to find potential offenders quicker. The use of technology may make it challenging for attackers to evade responsibility, which is a significant achievement because the anonymity associated with the Internet is the primary contributor to the spread of phishing. As a result, social change may also be affected positively, as fewer individuals may want to engage in this type of cybercrime due to possible adverse outcomes.
References
Anti-phishing laws & regulations. (2020). Web.
Brar, H. S., & Kumar, G. (2018). Cybercrimes: A proposed taxonomy and challenges. Journal of Computer Networks and Communications, 2018. Web.
Evolution of phishing attacks. (2020).
Federal Trade Commission. (2019). How to recognize and avoid phishing scams.
Florida computer crimes laws. (2020).
Gershwin, A. (2019). The evolution of phishing attacks: Why are they still effective?
Mince-Didier, A. (2020). Florida felony crimes by class and sentences.
National Conference of State Legislatures. (2018). State laws addressing “phishing”. Web.
Phishing attacks. (2020).