An Analysis of E-Commerce: E-Risk, Global Trade, and Cybercrime

Dr. Katherine T. Smith

Department of Marketing
Texas A&M University
4112 TAMU
College Station, TX 77843-4112
Tel: 979-845-1062
Fax: 979-862-2811
Email: Ksmith@mays.tamu.edu

Electronic copy available at: http://ssrn.com/abstract=1315423

 An Analysis of E-Commerce: E-Risk, Global Trade, and Cybercrime

Abstract

E-commerce is extensively used in all types of business, including manufacturing

companies, retail stores, and service firms. This paper reviews prior research, examines
the origins of e-commerce, identifies e-risks, describes retail trade on the Internet, defines
virtual business, identifies aspects of website design, and describes types of cybercrime
that hamper e-commerce. E-commerce has made business processes more reliable and
efficient. Participating in e-commerce is essential for businesses to be able to market their
products and services in the global marketplace.

Electronic copy available at: http://ssrn.com/abstract=1315423

 An Analysis of E-Commerce: E-Risk, Global Trade, and Cybercrime

Introduction

Electronic commerce, also called e-commerce, is increasing around the globe. E-

commerce mostly consists of electronic business transactions related to the purchase and

delivery of goods and services. Some people define e-commerce as including only

transactions that involve the electronic transfer of money; however, e-commerce is

generally regarded as including any electronic transaction concerning a purchase by

check, phone, or some other means. E-commerce includes retail trade between business

and consumers (B2C) as well as business-to-business (B2B) trade. Businesses use the

Internet, extranets, or electronic data interchange (EDI) in carrying out e-commerce.

E-commerce is now being used in all types of business, including manufacturing

companies, retail stores, and service firms. E-commerce has made business processes

more reliable and efficient. Consequently, e-commerce is now essential for businesses to

be able to compete in the global marketplace. The purpose of this paper is to review prior

research, examine the origins of e-commerce, identify e-risks, describe retail trade on the

Internet, define virtual business, identify aspects of website design, and describe types of

cybercrime that hamper e-commerce.

Prior Research

Academic researchers have examined various aspects of e-commerce. For

example, Runyan et al. (2008) examine the impact of Web assurance services on e-

commerce. They conclude that doing business online has become a necessity, not an

option. However, not all consumers are completely comfortable using the Internet for

transacting business because of concerns regarding security of their transactions. For

1
these situations, consumer trust and confidence can be enhanced by a Web assurance

service such as AICPA Trust Services. Efendi et al. (2008) examine the financial

performance of firms that are early adopters of business-to-business (B2B) buy-side e-

commerce systems. Their analysis reveals that early adopters outperform their non-

adopting industry peers.

E-commerce is one of the major factors in the globalization of business. Other

factors include decreases in trade barriers, globalization of capital markets, the movement

toward International Financial Reporting Standards (IFRSs), and Internet financial

reporting. Internet financial reporting has been particularly helpful to companies in

developing countries (Hunter and Smith 2008). IFRSs provide a global standard for

accounting and financial reporting (Smith 2008a, Smith et al. 2008). In the past several

years, the IFRSs went from use in few countries to what is now the world’s dominant set

of accounting standards.

Spekman and Springer (2008) illustrate how alternative forms of business

alliances can facilitate both market-entry and market-development strategies, within the

context of a burgeoning e-commerce market. In a study of B2B e-commerce in Ireland,

Onofrei and Nedelea (2007) found that supply chain B2B e-commerce helps minimize

complexity and increases flexibility while enhancing a higher degree of communication

and operational efficiency. Kanungo (2004) examined synchronization of e-commerce

and corporate strategy within the pharmaceutical industry. After reviewing application of

e-commerce and its significance in the pharmaceutical industry, the conclusion reached

was e-commerce has created cogent value for the industry.

2
 Pathak (2004) examines risk associated with e-commerce. His study concludes

that e-commerce requires auditors to identify risks and show their impact on the

information system. Pathak also describes the American Institute of CPAs and Canadian

Institute of Chartered Accountants Web assurance programs. In a study regarding

agricultural markets, Thompson and Kunda (2000) conclude that e-commerce will have a

profound effect on these markets. As a result of lower transactions costs, more businesses

throughout the agricultural value chain will be able to participate in B2B e-commerce.

Thompson and Kunda also expect that products and services will be increasingly

unbundled throughout the marketing channel.

Origins of E-Commerce and E-Risk

The origins of e-commerce can be traced to the early computers of the 1950s.

However, not until development of the World Wide Web in the 1990s did e-commerce

gain widespread popularity. A historical timeline of events regarding the Internet and e-

commerce is shown in Exhibit 1.

[Insert Exhibit 1 here]

The Internet consists of thousands of computer networks built by various

government agencies, universities, and business firms. Consequently, the Internet is a

network of computer networks. The Internet is linked together via a high-speed, long haul

"framework" initially paid for largely by the US National Science Foundation. A diverse

and complex structure makes it impossible to precisely determine the number of Internet

users (Crumbley et al. 1998).

Only a few decades ago, using the Internet as a primary way to carry out business

transactions was considered too risky. That has dramatically changed. The young

3
generation cannot even remember a world without computers, email, and cell phones.

One of the most rapidly growing groups of computer-users is senior citizens, which

demonstrates how technology has permeated all age groups of society. E-commerce is

simply commerce; it’s the way commerce is done in the twenty-first century.

E-commerce is Internet-based. The Internet is the information super-highway, on

which e-commerce for B2B as well as B2C transactions are completed. Estimates are that

the B2B market is about five to seven times larger than B2C. The B2B market is

predicted to exceed $5 trillion in the early 21st century. At the same time, the B2C

market is fast expanding, but its average transaction size is much smaller than average

B2B transactions.

Originally the Internet was limited to researchers for sharing computing and

communication resources. The key event that profoundly changed the use of the Internet

was the creation of the user-friendly, graphical World Wide Web in the early 1990s.

Using the Web to carry out financial and other transactions made the Internet exceedingly

popular. Business activity on the Internet includes market research, information

management, product selection, production, ordering, payment, and delivery.

E-risk is the potential for financial and technology problems to result from doing

e-commerce. Developments in economic, industrial, and regulatory conditions create new

challenges for business. Cyberspace is open to villains who look for computer networks

to exploit. Some people try to hack into a business firm’s computer system just to see if

they can. If access to the system is acquired, hackers can potentially cause major

problems by deleting or modifying data.

4
 Rather than hacking into systems, some people create problems by writing

computer programs that replicate themselves and sometimes carry out malicious

programming instructions such as erasing files. These programs, computer viruses, can

cause major difficulties for computer systems. Information systems must be able to

defend against computer viruses and other threats. Some of the e-risks associated with e-

commerce include the following:

The changing e-commerce environment alters risks, so old solutions may no

longer work.

International business activity expands the scale and scope of risks.

Computing power, connectivity, and speed can spread viruses, facilitate

system compromise, and compound errors in seconds, potentially affecting

interconnected parties.

Hackers never stop devising new techniques; thus, new tools mean new

vulnerabilities.

The Internet was not initially designed for business, and thus was not designed to

control and manage business risks. E-commerce websites generally include various types

of controls to safeguard transaction processing and protect the related information

systems.

E-Commerce: Using the Internet for Retail Trade

The worldwide annual growth rate of e-commerce has been estimated as high as

28%, while some individual countries have much higher growth rates. For example, in

India, which has a younger market, the e-commerce growth rate has been projected as

high as 51%. Major e-commerce shopping sites in India include businesses such as

5
Fabmall, Rediff, Indiatimes and Sify (Bhardwaj 2006). E-commerce in India has been

estimated, by eMarketer, to be about $1.9 billion in 2008 (Marvist Consulting 2008).

The Internet is an excellent medium for advertising. E-commerce has been

heavily promoted via Internet advertising. Research indicates that when people read an

online ad they are more likely to buy online. Estimates from various sources indicate that

advertisers spend hundreds of millions of dollars to put their messages on high-traffic

websites. An advertising banner on the Internet potentially levels the playing field

between large and small companies.

Virtual stores operate 24 hours a day, 7 days a week. Many, such as the e-

commerce retailer Amazon, represent a single company while others, such as

ComputerESP, represent a consortium of companies. Amazon (www.amazon.com)

identifies itself as “the earth’s biggest bookstore.” The company lists over 2.5 million

titles including most of the 1.5 million books currently in print as well as many out-of-

print books. With the use of a powerful, efficient search engine, competitive pricing, and

online reviews of many of the books it carries, customers find Amazon to be an easy and

convenient place to shop for books.

One consortium of companies, ComputerESP (www.uvision.com), represents

products of hundreds of computer vendors. ComputerESP provides comparisons of over a

million prices from major computer cyberstores and updates over 100,000 prices a day on

average. Customers can purchase products over the Internet by credit card, using secure

protocols, or by electronic cash.

An e-cash customer uses electronic cash by setting up an account with a bank that

sends electronic cash. The customer transfers money from his or her account to a

6
personal computer. In the personal computer this electronic cash is stored as virtual coins,

specially coded serial numbers known only to the bank. Paying for a purchase requires

the customer to send these coins to the merchant who checks their validity with the bank

before completing the transaction. The company subsequently redeems the coins at the

bank, which deposits the money in the company’s account. At this time, relatively few

companies accept e-cash, but its use is expected to grow (Smith et al. 2003).

Virtual Businesses

A virtual business is a modular structure of several individual business firms tied

together by computer technology, as shown in Exhibit 2. Individual business firms within

the virtual business are networked, which enables sharing of skills, costs, and access to

markets. Each participating individual business firm contributes only its core

competencies. The ability to regroup individual business firms into virtual a virtual

business enables the flexibility required to seize new opportunities and remain

competitive.

[Insert Exhibit 2 here]

A virtual business has five key features. The first is an absence of borders. A

virtual business has no traditional corporate borders because the extent of cooperation

among competitors, suppliers, and customers overlaps normal borders. The second key

feature is technology. Electronic networks link distant companies, which may use

electronic contracts to form partnerships.

The third key feature of a virtual business is excellence. Each partner in the

virtual business provides its core competencies to the virtual business, thereby enabling

creation of a “best-of-everything” company. The fourth key feature is opportunism. A

7
virtual business is relatively transitory, informal, and more opportunistic because an

individual business joins to meet a specific market opportunity and then leaves after

meeting it. The fifth and final key feature is trust. Relationships in a virtual business

require mutual trust because of their great interdependency. A virtual business has

intensive information needs because it exists essentially as a function of shared

information. Information systems link the individual business firms, providing current,

complete, and compatible information.

Agile Web, Inc. is an example of a virtual business comprised of 21 small

manufacturing companies that possess complementary expertise and capabilities. By use

of specialized software, these companies are able to combine their resources to bid on

contracts that none of the individual members could win on their own. Agile Web was

able to acquire a contract to produce a forklift handle that required one of its member

companies to produce the plastic parts, another company to shape and mold metal parts,

and a third company to solder the handle together and test its circuits and switches (Smith

et al. 2003).

Developing and Managing Websites for E-Commerce

Creating and managing websites involves essentially the same steps as any other

type of business application. A crucial difference between Web applications and most

other applications is that the end user of a Web application is much more likely to be a

customer of the company rather than an employee. Creating Web applications follows

approximately the same life cycle, pathways, methodologies, and stages as most other

systems.

8
 A company’s website presents a public view of the company that, like any other

piece of marketing, needs to be controlled carefully to ensure that it conforms to and

supports the image that the company hopes to convey. Information, structure, design, and

performance of a company’s website all contribute to this image. A company should

consider its website as an extension of its brand. A company’s marketing or public

relations department often, but not always, controls the website. Policies should be

established to ensure the protection of the company image. Exhibit 3 shows some of the

policies that a company might apply to its website.

[Insert Exhibit 3 here]

An e-commerce website can include all types of information. Some of the specific

information that can be included on a website is shown in Exhibit 4. Most websites will

contain at least a description of the company, a list of the company’s products and

services, and an e-mail link to contact the company.

[Insert Exhibit 4 here]

Cyberspace and Cybercrime

Cyberspace is a term that refers to the electronic medium of computer networks,

principally the Internet, in which online communication, including e-commerce takes

place. Cybercrime is a criminal act that involves computers and networks. This means

that cybercrime includes criminal acts such as hacking, phishing, and denial of service

attacks that cause e-commerce websites to lose money. A basic knowledge of cybercrime

is essential to e-commerce companies.

Each year, companies lose billions of dollars in stolen assets, lost business, and

damaged reputations as a result of cybercrime. Money is stolen, literally with the push of

9
a button. When a company website goes down, e-commerce stops. The company’s

customers often take their business to a different website. When a company becomes the

victim of cybercrime, this hurts the company’s reputation. Perceived vulnerability to

cybercrime may cause customers to lose trust in a company’s ability to effectively

process sales transactions and safeguard customer information. As a result, companies

must strive to defend against cybercrime.

In nations around the world, cybercrime has become a major concern. Defending

against cybercrime is crucial to any nation’s economic progress, as e-commerce is now a

major part of economic activity. In the US, for example, cybercrime is regarded as a

major national security issue. The newly elected president has been called upon to

provide a comprehensive and nationwide strategy (Albanesius 2008). A list of some

common cyber crimes is shown in Exhibit 5.

[Insert Exhibit 5 here]

Cybercrimes are new versions of age-old crime. An illustration of this is the con

artist. Before the new information technologies existed, a con artist would go from house-

to-house and use his communication skills to gain the confidence of his victims. In the

current day, a con artist makes use of the Internet and online communications to

perpetrate his crimes (Kratchman et al. 2008).

The most prolific type of cybercrime is the computer virus, a program that may

attach itself to other programs. At a later time, the virus activates, often resulting in

considerable harm to computer systems or files. In one six-month study conducted by the

Computer Virus Industry Association of its members, a total of 61,795 infected

10
computers were reported. From five to 816 computers were infected at individual

organizations (Smith 2008b).

The perpetrator of the computer virus generally does not know whose computers

will be affected. The perpetrator of this cybercrime does not steal assets but instead

creates havoc within the victim’s computer system. In this way, a computer virus is much

like the manual crime of vandalism, in which the perpetrator does not steal assets, but

rather harms the victim’s property. Key steps in the computer virus cybercrime are shown

in Exhibit 6.

[Insert Exhibit 6 about here]

Incidents of computer virus infections are decreasing. This might be explained by

more advanced anti-viral software and anti-viral procedures. Furthermore, computer virus

incidents may have decreased due to new laws against computer viruses and criminal

prosecution of perpetrators of computer viruses.

The cybercrime of phishing occurs when a perpetrator distributes fictitious emails

to people, which include links to fraudulent websites that appear official and cause the

victims to provide personal information to the perpetrator. The deceptively obtained

information is later used for unauthorized purposes such as fraudulent purchases,

acquiring fraudulent loans, or identity theft. Phishing reduces e-commerce because it

causes people to question the legitimacy of genuine e-commerce websites. Key steps in

the cybercrime of phishing are illustrated in Exhibit 7.

[Insert Exhibit 7 about here]

The cybercrime of botnet infection takes place when a hacker transmits

instructions to other computers in order to control them. The hacker who sends out the

11
“bot” program is designated as the “herder.” Numerous computers can be controlled in a

botnet. Computers controlled in a botnet can be used for nefarious activities such as spam

distribution or phishing. Actual owners of computers in the botnet typically are unaware

that their computer is part of a botnet. Key steps in the botnet cybercrime are shown in

Exhibit 8.

[Insert Exhibit 8 about here]

The cybercrime referred to as cyber terrorism is defined as acts by terrorists that

cause damage to online computer systems such as shutting down e-commerce websites or

destroying files. After the 9-11 terrorist attack on the World Trade Center in the US,

cyber terrorism became of greater concern in the US and worldwide. A cyber terrorist

carries out cybercrimes such as computer viruses and online denial of service. A major

objective of a cyber terrorist could be to incapacitate or significantly reduce the

capabilities of an organization’s computer resources. In the case of a private company,

cyber terrorism causes a loss of the company’s business; in the case of a government

entity, cyber terrorism causes the government entity to be unable to fulfill its

government-mandated mission.

Conclusions

This paper reviews the origins of e-commerce, defines e-risk, examines use of the

Internet for retail trade, describes virtual business, identifies aspects of website design,

and describes types of cybercrime. Origins of e-commerce can be traced to the early

computers of the 1950s, but creation of the World Wide Web in the 1990s was the key

event causing e-commerce to achieve dramatic popularity. E-commerce is now essential

for businesses to be able to market their products and services in the global marketplace.

12
 E-commerce is Internet-based; the Internet is extensively used for both business-

to-business (B2B) transactions and business-to-consumer (B2C) transactions. Cybercrime

is a threat to e-commerce. In nations around the world, cybercrime has become a major

concern. Examples of cybercrime include computer viruses, phishing, botnets, and cyber

terrorism. Defending against cybercrime is crucial to any nation’s economic progress, as

e-commerce is now a major part of economic activity in virtually every nation.

13
 References

Albanesius, Chloe. 2008. Report Calls for Major Cyber Security Overhaul. PCMag,
Website: http://www.pcmag.com (December 8).

Bhardwaj, Priyanka. 2006. Powering Indian E-commerce. Asia Times, Website:

http://www.atimes.com/atimes/south_asia/hj26df02.html (October 26).

Crumbley, D., L.M. Smith, and E. Battles. 1998. Computer Encryptions in Whispering
Caves, an information technology educational novel, Mason, Ohio, US: Thomson
Corporation.

Efendi, J., M. Kinney, and L.M. Smith. 2008. Profitability Analysis of B2B Buy-Side E-
Commerce Systems. Working Paper, Texas A&M University.

Hunter, Shirley and L.M. Smith. 2008. Impact of Internet Financial Reporting on
Emerging Markets. Journal of International Business Research, In press.
Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1017078.

Kanungo, Rama Prasad. 2004. E-Commerce in the Pharmaceutical Industry: Threshold of

Innovation. Management Research News, Vol. 27, No. 8/9. Available at SSRN:
http://ssrn.com/abstract=643263.

Kratchman, Stan, J. Smith, and L.M. Smith. 2008. Perpetration and Prevention of Cyber
Crimes. Internal Auditing. Vol. 23, No. 2 (March-April): 3-12.

Marvist Consulting. 2008. Challenges For eCommerce Growth In India. Grandlay,

Website: http://www.grandlay.com/Article/Challenges-For-eCommerce-Growth-
In-India/103 (August 11).

Onofrei, George and Alexandru Nedelea. 2007. The Impact of E-Commerce on the
Supply Chain B2B in Ireland. Amfiteatru Economic, Vol. 21 (February): 45-49.

Pathak, Jagdish. 2004. A Conceptual Risk Framework for Internal Auditing in E-

commerce. Managerial Auditing Journal, Vol. 19, No. 4: 556-564.

Runyan, B., Katherine T. Smith, and L.M. Smith. 2008. Implications of Web Assurance
Services on ECommerce. Accounting Forum, Vol. 32: 46-61.

Smith, L.M. 2008a. Are International Financial Reporting Standards (IFRS) an

Unstoppable Juggernaut for US and Global Financial Reporting? The Business
Review, Cambridge, Vol. 10, No. 1 (Summer): 25-31. Available at
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1125069.

Smith, L.M. 2008b. Computer Viruses. Web Article, Website:

http://acct.tamu.edu/smith/virus.htm (December 10).

14
Smith, L.M., K.T. Smith, and D. Kerr. 2003. Accounting Information Systems, 4th Ed.,
Boston, Mass.: Houghton Mifflin.

Smith, L.M., T. Sagafi-Nejad, and Kun Wang. 2008. Going International: Accounting
and Auditing Standards. Internal Auditing, Vol. 23, No. 4 (July): 3-12.

Spekman, Robert E. and Christine Springer. 2008. Shaping the Future of Cash:
Cybercash, Inc. Working Paper, University of Virginia. Available at SSRN:
http://ssrn.com/abstract=910070.

Thompson, Sarahelen and E. Kunda. 2000. E-commerce and Agricultural Markets.

OFOR Working Paper No. 00-03. Available at SSRN:
http://ssrn.com/abstract=229797.

15
 Exhibit 1

A Timeline of Events Regarding the Web and E-Commerce

1946 The first electronic computer, ENIAC, is constructed at the University of

Pennsylvania.

1957 The Soviet Union launches Sputnik, the first artificial satellite.

1958 To counter Soviet technological advances, the U.S. forms the Advanced Research
Projects Agency (ARPA), with the Department of Defense, to develop U.S.
leadership in science and technology applicable to the military.

1969 ARPANET, the forerunner of the Internet, established with four nodes: UCLA,
Stanford, UC-Santa Barbara, and University of Utah.

1970 First applications of electronic data interchange (EDI).

1973 First international connection to ARPANET, University College of London.

Initial work on a transmission protocol (later to be called TCP/IP) that would
allow diverse computer networks to interconnect and communicate with each
other.

1974 BBN opens Telnet, the first commercial version of ARPANET.

1982 Transmission Control Protocol (TCP) and Internet Protocol (IP) established by
ARPA. This leads to a definition of an "internet" as a connected set of networks,
specifically those using TCP/IP, and "Internet" as connected TCP/IP internets.

1983 Internet Activities Board (IAB) is created.

1984 Science fiction author William Gibson coins the term "cyberspace" in his novel,
Neuromancer.
Internet host computers (computers with registered IP address) exceed 1,000.

1987 Internet hosts exceed 10,000.

1988 Internet worm disables 6,000 of 60,000 Internet hosts. The worm was created by a
Cornell University graduate student; infected computers were connected through
ARPAnet and other E-mail networks in the Internet loop. Some of the US's top
science and research centers were affected.

16
 Exhibit 1 -- Continued

A Timeline of Events Regarding the Web and E-Commerce

1989 Internet hosts exceed 100,000.

1990 The ARPANET is shut down.

1991 Sir Tim Berners-Lee, working at CERN in Geneva, develops a hypertext system
to provide efficient information access. He posts the first computer code of the
World Wide Web in a relatively innocuous newsgroup, "alt.hypertext." Later,
people refer to the Internet itself as the Web.

1992 World Wide Web released by CERN.

1994 Pizza Hut sales pizza on its website.

First Virtual, the first cyberbank, opens.

1995 The Bottom Line is Betrayal authored by K.T. Smith, D.L. Crumbley, and L.M.
Smith: the first business educational novel focused on international trade, global
marketing, and emerging technologies (revised edition available in 2009).

1997 Inception of business-to-business (B2B) e-commerce.

US Postal Service issues electronic postal stamps.

1999 Melissa computer virus is propagated via email attachments.

2008 Internet hosts exceed 200 million. Users in over 150 countries are connected.

17
 Exhibit 2

Networking Various Individual Business Firms into a Virtual Business

R&D Logistics

Distribution and sales Construction

Management

Manufacturing
Finance

Source: Smith et al. 2003.

18
 Exhibit 3

Company Policies for Managing E-Commerce Websites

Policy Category Category Elements

Layout
Style sheets
Typography
Color palette
Design
Logos
Background color or picture
Metadata
Navigation (e.g. max depth)
Response time (to serve page)
Page size (in bytes, determines transmission response)
Performance
Browser compatibility (browser type, version)
Platform compatibility (computer, phone, PDA)
Development language(s)
Approval process for site updates
Process
Appeal processes
Frequency of review
Frequency of update
Content Ownership
Content sources
Use of cookies
Privacy Use of collected data
Disclosure

Source: Smith et al. 2003.

19
 Exhibit 4

Types of Information Included on a Company’s E-Commerce Website

Description of the company

Description of products and services
E-mail link to contact company
Mission statement or company philosophy
Biographies of key company personnel
Company ethics code
Electronic forms for inquiries
Links to other websites (e.g. community sites, fun sites)
Description of employment opportunities
On-line guest book
Search engine for website
Music or other audio
Customer testimonials

20
 Exhibit 5

Examples of Common Cyber Crimes

Cyber Crime Description

Computer virus A computer virus is a computer program that
piggybacks or attaches itself to application
programs or other executable system
software; the virus subsequently activates,
sometimes causing severe damage to
computer systems or files.
Phishing Phishing occurs when the perpetrator sends
fictitious emails to individuals with links to
fraudulent websites that appear official and
thereby cause the victim to release personal
information to the perpetrator.
Botnet A Botnet infection occurs when a hacker
transmits instructions to other computers for
the purpose of controlling them, and then
using them for various purposes such as spam
distribution or phishing.
Spoofing Spoofing is use of email to trick an individual
into providing personal information that is
later used for unauthorized purposes.
E-bank theft E-bank theft occurs when a perpetrator hacks
into a banking system and diverts funds to
accounts accessible to the criminal. To
prevent e-theft, most major banks severely
limit what clients can do online.
Netspionage Netspionage occurs when perpetrators hack
into online systems or individual PCs to
obtain confidential information for the
purpose of selling it to other parties
(criminals).
Online credit card fraud Online credit card fraud is illegal online
acquisition of a credit card number and use of
it for unauthorized purposes such as
fraudulent purchases.
Online denial of service Online denial of service is use of email
barrages, computer viruses, or other
techniques to damage or shut down online
computer systems, resulting in loss of
business.

21
 Exhibit 5 - Continued

Examples of Common Cyber Crimes

Cyber Crime Description

Software piracy Software piracy is the theft of intellectual
assets associated with computer programs.
Spam Spam refers to unsolicited email; spam is
illegal if it violates the Can-Spam Act of
2003, such as by not giving recipients an
opt-out method.
E-fraud E-fraud is the use of online techniques by a
perpetrator to commit fraud. Popular forms
of e-fraud include spoofing, phishing, and
online credit card fraud.
Cyber terrorism Cyber terrorism occurs when terrorists
cause virtual destruction in online computer
systems.

Source: Kratchman et al. 2008.

22
 Exhibit 6

Virus Infection Process

Creation of virus by programmer; the virus program is typically an executable

file, e.g. an exe, com, or vbs file.

The virus program is attached to an e-mail (or alternatively attached to a public

domain software program).

The e-mail with the infected attachment file is sent to unwary recipients.

When the e-mail message is opened, the infected program runs on the user's
system and the virus replicates itself onto an operating system file.

In some cases, the virus spreads from the user's system to other user systems
through infected shared software. In other cases the virus gains access to the
user’s e-mail system address book and sends itself to all the addresses.

At a predetermined point (e.g., a specific date), the virus activates, often leaving
programs and data files unusable.

_____

Source: Smith 2008b.

23
 Exhibit 7

Steps in Phishing

Step 1: The phishing perpetrator creates fraudulent email that appears to come from a
legitimate source. The phishing emails are then sent to numerous potential victims.

Step 2: The phishing email provides a link to the fraudulent website, which appears to be
a genuine website.

Step 3: The user/ victim connects to the fraudulent website and provides requested
information, on the assumption that it’s a genuine website.

Step 4: The phishing perpetrator accumulates data obtained in the fake website to
illegally obtain funds or sells the data to online clearinghouses.

Source: Kratchman et al. 2008.

24
 Exhibit 8

Steps in Botnet Infection Process

The Herder: The hacker who disseminates the “bot”program is

referred to as a “herder.”

The Bot: The Bot program is designed to infect and control

infected PCs. The Bot may infect a PC directly or piggy-back on
a virus or Trojan Horse program.

The Botnet infection: The Botnet infection can include

thousands of PCs. Botnets can be used for various purposes e.g.
spam distribution or phishing.

Source: Kratchman et al. 2008.

25