Where do we stand with Cybercrime and White-Collar Crime?

Introduction

The continued swift development of high-tech access to the information highway is a sustained boom for businesses and individuals. It has also proved to be a rich field for forms of white-collar crime. This article explores the anomalies surrounding these new “hybrid” crimes – combining elements of cybercrimes and white-collar crimes – and their impact.

While most of us were celebrating the holiday season, criminals were planning their next wave of cybercrimes and white-collar. So what should the potential victims be planning to do? Buckle up! The menace of these crimes will continue to increase business costs and potentially disrupt services.

White-Collar Cybercrime: A Very Brief History

White-collar crime is an illegal or unethical act that violates an individual or company’s guardian responsibility of public trust, usually during legitimate occupational activity 1. The term was introduced in 1939 by the sociologist and criminologist Edwin Sutherland at his presidential address to the American Sociological Association. He used the phrase to describe types of crimes commonly committed by “persons of respectability”; in other words, individuals with high social standing 2. Today, white-collar crime is generally understood to be non-violent crimes that are financially motivated and committed by professional workers in connection with their work. 3

Edwin Sutherland did not mention cybercrime. Why? The term Cybernetics was not in the available lexicon at the time. Still, it took several more decades after he published his work for criminals to take advantage of advances in information technology to find new ways to commit crimes using new technologies, namely computers and the Internet. 4 Now, computers are a standard part of office furniture in most businesses. The potential to use those computers and the Internet to commit crimes are ever-present. As technology and cybercrimes continue to develop, the scope of cybercrimes and white-collar crimes has increasingly overlapped; this merging is often called “white-collar cybercrime” and presents a growing worldwide trend 5.

The Overlap Between White Collar and Cybercrimes

Given this overlap between white-collar crimes and cybercrimes, one might ask what characteristics mark these crimes and, drawing from those characteristics, what sorts of strategies could help companies or individuals prevent these types of crimes. 6

The significant difference between cybercrimes and white-collar relates to trust. At its core, many white-collar crimes involve offences based on violations of trust, including delegated or indirect trust in, for example, the medical, business, financial, or legal professions, among others. The role of trust in cybercrime is not the same. We do not trust others with our data, or that others will not spy on us. That is why we use multiple alphanumeric passwords and multi-factor authentication and protect our data through anti-virus protection, security applications and encryption.

The Overlap Between White Collar and Cybercrimes (continued)

Regarding similarities, criminals associated with cybercrimes and white-collar crimes focus on cheating and smokescreen rather than the application of force. The crimes often involve complex schemes, cover-ups, and the use of the latest technology.

Many crimes are challenging to detect because losses may not be immediately apparent to victims, with the consequences not surfacing until after the crime has occurred. Despite this, history shows us that there are often red flags that can highlight indicators of wrongdoing: employees not taking vacations, fake vendors, missing documents and inventory shortages, to name a few.

The primary point is that there is a significant and growing overlap between cybercrime and white-collar crime. Current whitecollar cybercrimes include fraud, extortion, identity theft, money laundering, counterfeiting currency, property and mortgage scams, and public corruption (although such crimes do not necessarily require a cyber component).

Looking Forward

What will these white-collar cybercrimes look like moving forward? For example, the white-collar crime of cheque fraud has been widespread for decades. 7

The modern-style cheque was introduced in England in the 17th century, and by the 18th century, cheques had become a widelyused and accepted form of payment. The first cheque was produced in England; its use quickly spread to other countries and has since become a widely-used form of payment worldwide 8.

As for the first recorded instance of cheque fraud, it is difficult to determine an exact date. However, as soon as cheques became widely used, they also became a target for fraudsters. Historically, cheque fraud has taken many forms, from counterfeiting and forgery to theft and exploitation of loopholes in the banking system. As cheque usage and technology have evolved, so have the methods of cheque fraud, but are such crimes and other scams being replaced with hybrid white-collar cybercrimes that use stolen data that criminals share?

Notably, we are witnessing explosive growth in new criminal marketplaces dedicated to advertising and selling victims’ data, likely leading to a proliferation of white-collar cybercrime. 9 The marketplaces are where criminals can share intelligence, expertise, and illegal resources. They exist in both the deep 10 and dark 11 web. On the deep web, criminal marketplaces sell illicit goods and services, such as stolen credit card information, counterfeit money, illegal drugs, and more. These marketplaces often operate on the surface web and use encryption and other techniques to conceal their activities from law enforcement and the public.

In the dark web, criminal marketplaces are even more prevalent and are often used to buy and sell illegal goods and services anonymously. The anonymity offered by the dark web, combined with the difficulty of tracking and prosecuting criminal activity, has made the dark web an attractive platform for criminal organisations to operate.

While confident that the data there may be stolen, other data may come from legitimate companies that specialise in selling personally identifiable information. Such companies can collect the data because we check the box at the beginning of a website/application/tool allowing our data to be stored for third-party use, or we freely forward our CVs to companies who use it for marketing purposes. Malicious actors can obtain that same information – in many instances legally – but then use it for illicit purposes or sell it to others in data markets. Such marketplaces have lowered the barrier of entry for less experienced/technical cybercriminals 12. As the global economy stutters, there is a risk that the supply of hackers-for-hire will grow, so expect a boom in white-collar cybercrime as a service.

Looking Forward (continued)

Two thousand and twenty-three could also be the year of “deep fake” 13 cybercrime, which has been on the scene for a few years, but the creation tools have become cheaper and more user-friendly 14. The cybercrime threat to business is that deep fakes could increase the effectiveness of ransomware, phishing and business email compromise attacks, make identity fraud more manageable, and manipulate business reputations to cause an unfounded downfall in share value.

Will such white-collar cybercrimes ever go mainstream? One example of how such deep fakes could be used for fraud comes from the chief communications officer at the cryptocurrency exchange Binance, Patrick Hillmann, who in August 2022 found himself the victim of a new approach to spoofing – using artificial intelligence (AI) generated video. He received several online messages from individuals claiming he had met with them regarding “potential opportunities to list their assets in Binance” – something he found strange because he did not oversee Binance’s listings. Moreover, he had never met anyone messaging him 15. The result is that social engineering will be easier with deep fakes. This highlights that cybercrime and white-collar crime already present significant business costs, and consumers bear them.

Especially when you consider that the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027 16, we can all but assume that white-collar crime is on the rise. It is also a more significant monetary problem than other types of crime. Businesses lose around five per cent of their revenue annually due to white-collar crime, and the average loss is $1.5 million per case. To make matters worse, nearly 90% of white-collar crime goes unreported 17, and the Department of Justice (DOJ) has in the past been more specific about cybercrime, stating that one in seven cyber crimes get reported, which means over 85% of cybercrime is left hidden in an organisation 18.

Difficulties with Unreported Crime

There are several reasons why it is difficult to establish accurate figures concerning unreported crimes, especially cybercrimes and white-collar crimes:

1. Underreporting: Many victims of cybercrimes and white-collar crimes do not report these incidents to the authorities because they are unaware of the crime or fear retaliation or embarrassment.
2. Complexity: These types of crimes often involve complex financial transactions or the use of advanced technology, making them difficult to detect and investigate.
3. Lack of awareness: Many victims of cybercrimes and white-collar crimes may not be aware that they have been victimised or may not understand the full extent of the damage done.
4. Difficulty in proving: Proving a cybercrime or white-collar crime can be difficult, as the evidence may be intangible or difficult to gather. In addition, these crimes often involve sophisticated techniques, making it difficult for law enforcement to detect and prosecute them.
5. Lack of resources: Law enforcement agencies and other organisations may lack the resources or expertise to investigate and prosecute cybercrimes and white-collar crimes effectively.

These factors can lead to significant underreporting of these crimes, making it difficult to establish accurate figures and develop effective strategies for combating them. However, many governments and organisations are working to improve their ability to detect, investigate, and prosecute cybercrimes and white-collar crimes and raise awareness of these crimes among the public.

What Companies Should Be Doing

As companies face growing regulatory, share and stakeholder scrutiny, they must establish strategies and investigate allegations of corporate wrongdoing early. Allegations of white-collar cybercrime can arise from external or internal auditors, whistle-blowers, regulators, or the media. Businesses, and their legal advisors, may find it necessary to conduct an investigation and take appropriate action to limit their exposure to formal proceedings.

Identifying the parallels and variances between the crimes and the requisite implications to keep up with the criminals must happen. For example, identifying white-collar cybercrime patterns will highlight appropriate prevention and responses for these offences. Such understanding is needed to determine whether we respond with white-collar, cybercrime, or hybrid strategies.

As a final point, to distinguish white-collar cybercrimes from other types of crime, do we need to establish public and private sector partnerships? That, in turn, will enable us to improve the current understanding of white-collar cybercrime; plus how technology will continue to shape crime in the office and cyberspace.

 

Notes
[1] Helmkamp, Ball, and Townsend 1996: page 351, https://www.ojp.gov/pdffiles1/Digitization/166244NCJRS.pdf
[2] “WHITE COLLAR OR CORPORATE CRIME”, The Lawyers and Jurists, 2.2 Definition of White Collar Crime,
https://www.lawyersnjurists.com/article/white-collar-crime/
[3] https://earthweb.com/cybercrime-statistics/
[4] The first cybercrime could be said to have occurred in France before the Internet came into existence in 1834. Those responsible stole financial market information by accessing the French telegraph system. Arctic Wolf, “A Brief History of Cybercrime”, November 2022, https://arcticwolf.com/resources/blog/decade-of-cybercrime/
[5] “How has technology impaced white collar crime?”, Beckham Solis, Attorneys at Law, April 2022,
https://www.duimiamilawyer.com/blog/2022/04/how-has-technology-impacted-white-collar-crime/
[6] However, it is safe to say that certain cybercrimes are not white-collar crimes, including cyberterrorism, cyberwarfare, and cybersex trafficking. Conversely, certain types of white-collar crimes may not (necessarily) be cybercrimes, including health care fraud, securities and commodities fraud, and mortgage fraud

[7] “WHAT DOES 2023 HAVE IN STORE FOR CYBERCRIME? HERE ARE 16 PREDICTIONS FOR A HACKY NEW YEAR”, Thales, December 2022, https://www.thalesgroup.com/en/worldwide-digital-identity-and- security/enterprise-cybersecurity/magazine/what-does-2023-have-store
[8] “A History of English Banking” by G. D. Gowland and R. S. Sayers, 1952
[9] Lawrence Abrams, “Data leak marketplaces aim to take over the extortion economy”, Bleeping Computer, May 2021, https://www.bleepingcomputer.com/news/security/data-leak-marketplaces-aim-to-take-over-the-extortion-economy/
[10] The deep web refers to parts of the internet that are not indexed by search engines and are not easily accessible to the general public. This includes things like password-protected databases, online banking systems, and other content that is not intended to be publicly accessible.
[11] The dark web, is a hidden network of websites that can only be accessed using special software, such as the Tor browser. These websites are often used for illegal activities, such as the sale of illegal goods and services
[12] Jeff White, “Ransomware as a Service: Criminal ‘Entrepreneurs’ Evolve Ransomware” paloalto, October 2021,
https://www.paloaltonetworks.com/blog/2021/10/ransomware-as-a-service/

[13] Deepfakes create a false story originating from trusted sources. The two main threats are spreading disinformation to influence opinion towards a desired affect, such as a particular election outcome, and against individuals or companies to obtain a financial return.
[14] “A Quick History of Deepfakes: How It All Began”, Q5id, November 2022, https://q5id.com/blog/a-quick-history-of-deepfakes-how-it-all-began
[15] Sophia Waterfield, “Will deepfake cybercrime ever go mainstream?” TECHMONITOR, October 2022,
https://techmonitor.ai/technology/cybersecurity/deepfake-cybercrime-mainstream
[16] Anna Fleck, “Cybercrime Expected To Skyrocket in Coming Years”, Statista, December 2022,
https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027/
[17] Counterpart, “30+ Interesting White-Collar Crime Statistics for 2022”, September 2022, https://yourcounterpart.com/blog/30-interestingwhite-collar-crime-statistics-for-2022/#:~:text=Organizations%20lose%20around%205%25%20of,is%20%241.5%20million%20per%20
case.
[18] AXIM, “If so much cybercrime is undetected and unreported, what’s the answer?”, November 2018,
https://www.aximglobal.com/if-so-much-cybercrime-is-undetected-and-unreported-whats-the-answer