e202f07detweiler

The research process to develop this was paper very long and difficult, but also rewarding. The beginning of this process was very difficult for me because I couldn’t decide what exactly I wanted my main focus to be. Once I chose my exact topic it was a little easier to start the process by finding relevant sources that helped tremendously in portraying my ideas. Several of the sources I listed in my “Research Proposal” didn’t end up in my final paper but they helped me to get a better understanding of my topic and prompted me to find more relevant information. For example, The Federal Bureau of Investigation and the United States Department of Justice provided good background information, but were not good sources to use in the end.
One of the most difficult tasks as I developed my draft was to stay on track and put my ideas in a logical order. I think this was difficult for me because every time I found a new source, the information excited me and I focused on that specifically, instead of the overall topic of the paper. Once I finished the entire paper, I was able to collect all of my thoughts and revise my draft to develop a well organized and easily understandable “Final Paper.” This final paper shows my abilities as a writer in several different ways. As I already mentioned, it shows my ability to collect all my thoughts and organize them in a clear and understandable way. The final paper also shows my ability to incorporate relevant sources, but at the same time, portray my own ideas and conclusions on the topic. One area that demonstrates my ability to create movements and connections between my own ideas and my research sources is shown from the bottom of page two to page three in my “Final Paper.” In this section of the paper, I clearly expressed my ideas of why these two types of cyber crime are so important, yet not well known. I then made a smooth transition into Russell Kay’s explanation of what exactly phishing is.
Overall, I feel that I incorporated my sources, by the use of paraphrasing, quoting, and summarizing very well. I used these methods of integrating my key sources in my paper, while still using my own ideas and my own words. I cited my sources correctly throughout the paper and I concluded with an accurate and properly developed works cited page. With that being said, I would rate the mechanics of my paper at a 10. As for the content, I think I would rate my paper at a 9 because I feel that I could have added more significant information to my paper if I had more time to work on it. The information that’s in the paper in relevant and informative, but I would have added more subtopics, if possible. When looking at the organization of my paper, I would give myself a 9 or 10 on the scale. My “Rough Draft” wasn’t organized to the best of my ability, but during the revision phase I was able to reread and reorganize my thoughts and ideas into a more easily understood order. Lastly, I would give myself a 10 on my revisions aspect of the paper because during this process, I was able to iron out many of the kinks from my rough draft and develop a very clear and informational final paper. I reordered, reworded (and even deleted) several different areas of my paper during the revision phase, which made my paper stronger and better developed.

When I signed up for this section of Research Writing, I had no idea that the entire class would be based on the digital world. Honestly, I didn’t like this approach to research writing because I, personally, am not very interested in this topic. I understand that the internet and the ways of doing research are changing, but learning how to use all these different tools, such as the blog and the wiki, are not high on my list of priorities. As I have learned in this class, it is very important to write down and discuss your thoughts while developing a research paper, but I would have been more comfortable doing so by using a regular journal, instead of the blog. I think this is the main reason why I struggled with writing my research paper. I wasn’t at all interested in my topic, therefore, I had only a slight motivation to get it done. I believe that I would have taken a lot more out of this research writing class if I would have been able to pick a topic that I found to be interesting. With that being said, I do want to mention one tool that I learned how to use that helped me immensely in my writing and in my research. That tool is Zotero. I found this tool to be extremely helpful in keeping all of my sources in one place, where I could easily access them in a click of the mouse. This is a great tool that I’m sure that I will use over and over again in the future. In fact, I have already used Zotero to help me with a project I had to complete in another class! I can’t say whether I would recommend the digital dimension of this course to friends because it all depends on their individual interests. I would explain to my friends what this course is all about, and then let them determine if it is something they are interested in. I would explain to them that this is a good course to take if they are interested in computers and the digital world, but also explain that if they are anything like me they might want to take a different course. Though I found the wiki and the blog to be a little too much for my taste, I think they are both good tools to use when discussing the digital dimension. The only thing I would recommend changing is to allow the students to write about any topic they desire. The digital tools could still be incorporated into the class, while allowing the students to focus on a topic that they are truly interested in. Personally, I believe that you learn a lot more when you are actually interested in what you are studying.

The revising process was a very important step in creating my best possible research paper. The one aspect of revising that helped me the most was looking back at the suggestions and comments from both the professor and my fellow students. These comments helped me to see the weaknesses in my paper, and once I changed or reworded these weak areas, my paper became much stronger. One area that both the professor and fellow students commented on was my choice in the title for the paper. I decided on the title at the beginning of my research process, and by the time I developed a full draft, the title no longer made sense. With a little thought, and a discussion with my professor, I was able to come up with a much more suitable title. Another area of my paper in which revision helped me immensely was in my introduction. Again, I wrote my introduction during the “Research Proposal” phase of my research and I overlooked that fact that it was no longer relevant and on focus when I produced my “rough draft.” The comments from my professor and fellow classmates helped me to develop a more appropriate and less vague introduction for my “final paper.” Lastly, the in-class activity that helped me the most in pulling together my sources and using them properly to portray my ideas in my final paper were the transitions revisions. Though I had discussed the ideas I wanted the reader to be aware of in my draft, I hadn’t successfully strung them together in an easily-understood manner. I think my most successful update in transitions in shown in the blog post titled “Transition Revisions #2.” In this transition revision, I re-thought the ideas that I wanted to reveal to the viewer, and came up with a smoother and better understood way to switch from one subtopic to the next. Overall, I think that the revision phase of writing this research paper was the most important. Sometimes, I look at my writing for so long that I can’t find anything that could be changed or updated. It helped immensely to get feedback from other people, to change my paper for the better.

The steps we used in class (brainstorming, identifying conversations, framing a research question, etc.) really helped me through the process of writing a good research paper. In the past, I have written research papers without these important steps and it was extremely stressful because I didn’t know where to start, or where I was going with the paper. The blog post that I think clearly shows how I framed a topic, found and evaluated key sources, and helped me to better understand my topic was called (“Research Proposal”). In the abstract part of the research proposal, I was able distinguish exactly what I wanted to talk about and I developed my research questions (which I only modified slightly in my final paper). The introduction that I developed in this research proposal helped me get a feel for the tone of the paper, how I wanted to portray my opinion, and eventually answer my research question. Though I didn’t actually use this complete introduction in my final paper, it still gave me a sense of calmness (less stress) and understanding as I worked my way through the body of the paper. The working biography I included in the research proposal was very important in building my understanding of the topic I was writing about. Though I didn’t end up using most of these sources, they allowed me to learn useful background knowledge and prompted me to find more useful and reliable sources.

After receiving my rough draft back from the professor, I’ve realized that I have a lot more work to do on my paper! The rough draft is only the beginning of my journey to a good research paper. Here are some of the steps that I need to complete to correct and revise my paper to get closer to a final draft:
1. Clearly identify the thesis statement and clarify the actual issue of the paper
2. Develop a more relevant introduction – less vague
3. Remove some of the encyclopedia sources, such as Webopedia, and add scholarly sources
4. Discuss specific criminal cases involving spyware and phishing
5. Answer important questions:
a. Why aren’t people more informed about spyware/phishing?
b. How serious are the risks?
c. Why aren’t we more worried about these risks?

Before
. Another words, this means that the spyware is able to keep records of all your relevant information as you type it – such as your secure passwords and credit card account numbers. Then, once the cyber criminal receives this data, he or she is able to use this data to steal your identity to cause personal and financial damage.
When discussing spyware, a look at the earlier mentioned surveys is necessary. The first set of statistics to explore is those found by The National Cyber Security Alliance (NCSA) and McAfee, Inc. From their research, these two companies came to the conclusion that ninety-nine percent of Americans have heard of spyware.
After
Another words, this means that the spyware is able to keep records of all your relevant information as you type it – such as your secure passwords and credit card account numbers. Then, once the cyber criminal receives this data, he or she is able to use this data to steal your identity to cause personal and financial damage. Most internet users are not actively aware that this could actually happen to them.
The next step is to look at statistics to confirm that internet users are not aware of this growing problem. The first set of statistics to explore is those found by The National Cyber Security Alliance (NCSA) and McAfee, Inc. From their research, these two companies came to the conclusion that ninety-nine percent of Americans have heard of spyware.

Before
Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party (What).
The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet post that poked fun at Microsoft’s business model. Spyware at first denoted hardware meant for espionage purposes.
After
Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party (What).
Now that spyware has been definited, a brief description of its history is important to understand. The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet post that poked fun at Microsoft’s business model. Spyware at first denoted hardware meant for espionage purposes.

Before
It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately $929 million. United States businesses lose an estimated $2 billion per year as their clients become victims (Phishing).
The National Cyber Security Alliance (NCSA) and McAfee, Inc. conducted a study to see whether Americans have a false sense of security related to online threats. The study revealed that one in four respondents (twenty-five percent) had never heard of the term “phishing” and nearly half (forty-six percent) could not accurately define phishing (McAfee).
After
It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately $929 million. United States businesses lose an estimated $2 billion per year as their clients become victims (Phishing). These statistics show that America loses an immense amount of money every year to this crime. Next, a look at whether or not American internet users are knowledgeable about these risks is important.
The National Cyber Security Alliance (NCSA) and McAfee, Inc. conducted a study to see whether Americans have a false sense of security related to online threats. The study revealed that one in four respondents (twenty-five percent) had never heard of the term “phishing” and nearly half (forty-six percent) could not accurately define phishing (McAfee).

Hope Detweiler
2 November 2007
Research Essay Draft
English 202 – 9:05am
Dr. Sherwood
Internet Usage: Is There a Real Threat to Privacy?
The internet has become a very important part of the American culture throughout the past couple of decades. In the past, we had to go out into the world and interact with others to do just about everything. Since the development of the internet, that has significantly changed. Just think about it, with the changes in technology we can do many simple tasks without leaving the comfort of our homes. These days we can do our banking, send packages through FedEx and even grocery shop without even getting dressed!
Though the internet has brought these productive tools to our society, it has also influenced the development of a whole new type of criminals. There is a significant gap between internet user’s perception that they are protected from these internet criminals and the reality of the situation. When it comes to home computer security, Americans agree that keeping their computer safe is important, but they are not as secure as they think. A new national survey conducted by McAfee and NCSA compared online Americans’ opinions of their computer security to the reality – what security software they were actually running – found that when it comes to cyber security, most Americans are in dire need of a reality check (McAfee). Generally speaking, the average internet user is not aware of the risks associated with incorporating the internet into their every day lives. What kinds of personal information do internet users expose to the public through online activity? Are they actively aware and choosing to share themselves in a public way, or do they do so without full knowledge of who might be invading their privacy? It is very important for internet users to understand the risks of doing every day activities on the internet, such as shopping and checking account balances. Once internet users understand these risks, they must also become educated on how to properly protect themselves.
When discussing this horrendous topic, the sensible first step is to define what cybercrime is, but this is not an easy task. There are many different ideas as to what classifies as a cybercrime and what does not. A simple definition is any criminal activity that uses computers and the internet. This includes many different activities from downloading illegal music files to stealing millions of dollars from an online bank account. These two examples are very well-known among internet users, but there are many other types of cybercrime that the general public is not aware of. Two of the most serious, but not widely known, cyber crimes are phishing and spyware. Because these two cybercrimes are relatively new and continuously growing, in it important to understand what exactly they are, how they are being used by cyber criminals, the evolving laws against them, and what steps internet users should take to prevent such crimes from happening.
Now that cybercrime, as a whole, has been defined and broad examples have been given, the next step is to look at the individual types of cybercrime that are not widely known among internet users. The first type of cybercrime that needs to be better understood is called phishing. Phishing (sometimes called carding or brand spoofing) uses e-mail messages that purport to come from legitimate businesses that one might have dealings with — banks such as Citibank; online organizations such as eBay and PayPal; Internet service providers such as AOL, MSN, Yahoo and EarthLink; online retailers such as Best Buy; and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. And, because these e-mails look so official, up to twenty percent of unsuspecting recipients may respond to them, resulting in financial losses, identity theft and other fraudulent activity against them (Kay).
Phishing has had a short but highly eventful history as compared to the other cybercrimes as it only started about eight years ago but has already caused as much if not more damge than any of the other cybercrimes. The word “phishing” originated in the 1996 timeframe. The term was coined based on the analogy that fraudsters used email as a fishing hook to “phish” usernames, passwords and other sensitive information from the “sea” of internet users. The use of the letters “ph” is believed to have been derived from the word “phreaking”, which is the earliest form of hacking – the hacking of telephone lines. “Phishing” first surfaced around 1996, when criminals stole American Online (AOL) accounts by “phishing” the passwords from AOL users. Although this may not necessarily have been the first ever instance of phishing, it is the first well-known one and people first became aware of the dangers of the phishing hook. Soon such hacked accounts were called “phish”. By 1997, “phish” was traded and shared between cyber crooks as a form of currency. Often, these criminals used “phish” to obtain a particular hacking tool or a favor from fellow hackers (Origins of ‘Phishing’).
The next logical step in discussing phishing is to describe and explain the risks of phishing. The damage caused by phishing ranges from denial of access to email to substantial financial loss. This style of identity theft is becoming more popular, because of the readiness with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers, and mothers’ maiden names. There are also fears that identity thieves can add such information to the knowledge they gain simply by accessing public records. Once this information is acquired, the phishers may use a person’s details to create fake accounts in a victim’s name. They can then ruin the victims’ credit, or even deny the victims access to their own accounts. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately $929 million. United States businesses lose an estimated $2 billion per year as their clients become victims (Phishing).
The National Cyber Security Alliance (NCSA) and McAfee, Inc. conducted a study to see whether Americans have a false sense of security related to online threats. The study revealed that one in four respondents (twenty-five percent) had never heard of the term “phishing” and nearly half (forty-six percent) could not accurately define phishing. (McAfee) This statistic clearly confirms my hypotheses that internet users are not actively aware of the threats of internet privacy, but this information might be somewhat bias due to that fact that McAfee, Inc. is a company whose sole purpose is to sell security software. With this in mind, I found a similar source of research conducted by America Online (AOL) and the National Cyber Security Alliance (NCSA). This survey confirmed my suspicions by concluding that only forty-two percent of all responding internet users answered that they have heard of the word “phishing” before. Of those users who responded that they have heard of the term, only fifty-seven percent could correctly define “phishing.” Though the percentages in the second study are slightly lower then those in the first, it still provides clear evidence that internet users are not aware of the threats of internet privacy.
Lastly, when discussing this type of internet crime, it is important to discuss the steps internet users should take to prevent such crimes from happening. In a very lengthy and informative discussion on phishing, Matt Bright provided the following list of ways to help the average internet user protect themselves from phishing scams:
1) Treat all email with suspicion - What you see in the email body can be forged, the sender’s address or return address can be forged and the email header can also be manipulated to disguise its true origin; 2) Never use a link in an email to get to any web page. If you must go there, type the URL directly into your browser’s address bar; 3) Never send personal or financial information to any one via email; 4) Regularly log into your online accounts - don’t leave it for as long as a month before you check each account; 5) Scrutinize your bank, credit and debit card statements and ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers; 6) Ensure that all of your software is up to date - for instance, if you use Microsoft’s Windows, run Windows Update every day when you first connect to the internet. If you use other operating systems or browsers then check daily for patches or updates. Security loop holes are regularly discovered in software and many of these scams have utilized a vulnerability in Internet Explorer; 7) If you must use your financial information online, ensure that you have adequate insurance against fraud.
The second severe, but not well known, type of cyber crime involves spyware. When discussing this topic, we first need to know what exactly spyware is. Spyware is defined as any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party (What is Spyware?).
The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet post that poked fun at Microsoft’s business model. Spyware at first denoted hardware meant for espionage purposes. However, in early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall. Since then, “spyware” has taken on its present sense. According to a 2005 study by AOL and the National Cyber-Security Alliance, sixty-one percent of surveyed users’ computers had some form of spyware. Ninety-two percent of surveyed users with spyware reported that they did not know of its presence, and ninety-one percent reported that they had not given permission for the installation of the spyware. As of 2006, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows operating systems. In an estimate based on customer-sent scan logs, Webroot Software, makers of Spy Sweeper, said that nine out of ten computers connected to the Internet are infected. Computers where Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks not only because IE is the most widely-used, but because its tight integration with Windows allows spyware access to crucial parts of the operating system. Before Internet Explorer 7 was released, the browser would automatically display an installation window for any ActiveX component that a website wanted to install. The combination of user naiveté towards malware and the assumption by Internet Explorer that all ActiveX components are benign, led, in part, to the massive spread of spyware. Many spyware components would also make use of flaws in Javascript, Internet Explorer and Windows to install without user knowledge or permission (Spyware).
The next step in understanding spyware is to discuss some of the possible risks involved with this subject. In an article named Top Security Threats from Spyware, Shannon Belew describes the six most important risks concerning spyware. Belew expresses that the first, and probably least unpleasant risk of spyware, is that it is a nuisance. A type of spyware, called adware, is displayed directly on your computer screen. Adware takes up valuable memory, slows down your connection speed, or can reset your home page to a totally different site. Though this first risk is not a high level of threat, it is extremely annoying and can open the door to more harmful damage. The second type of risk involved with spyware is tracking. Many types of spyware programs are designed to monitor and record everything you do on the internet. It has the ability to track the websites you look at and monitor your use of online programs. This second risk is also at a low threat level. The third risk that Belew discussed in her article was the threat of spyware redirecting URLs. Often, spyware programs are capable of redirecting your browser to a particular site, no matter what website address you type in. The point of cyber criminals doing this is to earn some extra money. Cyber criminals are able to earn extra money because websites, even legitimate ones, often earn money for every user who visits that site. This is a quick, somewhat easy, yet illegal way to earn money. Though this is also a low-level threat, it could easily lead to more dangerous risks because this type of spyware can also redirect you to a site that loads more hazardous spyware programs onto your computer. The fourth type of risk has a much higher risk level because it involves spyware that has the ability to shut down your computer completely. Spyware is also able to permanently erase or damage files, which could be a major risk if you have important business or personal files stored on your computer. The fifth risk that Belew describes in her article is that some high-risk spyware can use your personal computer as a server. This type of spyware embeds itself inside your computer and then proceeds to act as a remote server to distribute other harmful programs without your knowledge or permission. This makes your computer a vehicle for delivering dangerous programs and is an immediate danger for you, the computer owner. And the sixth, and last, type of risk involved with spyware is identity theft. This is probably one of the most highest risk activities of spyware because it allows all of your key stokes to be logged. Another words, this means that the spyware is able to keep records of all your relevant information as you type it – such as your secure passwords and credit card account numbers. Then, once the cyber criminal receives this data, he or she is able to use this data to steal your identity to cause personal and financial damage.
When discussing spyware, a look at the earlier mentioned surveys is necessary. The first set of statistics to explore is those found by The National Cyber Security Alliance (NCSA) and McAfee, Inc. From their research, these two companies came to the conclusion that ninety-nine percent of Americans have heard of spyware. Seventy percent believe that they have anti-spyware software on their computers, while in reality only fifty-five percent of Americans actually have the software installed. Again, this information is extremely helpful in supporting the fact that internet users are not actively aware of the threats of internet privacy, but it is important to confirm this conclusion from separate research which has a better chance of being impartial. According to a similar study conducted by America Online (AOL) and the National Cyber Security Alliance (NCSA), ninety-six percent of responding internet users have heard of the time “spyware” before. The survey continued by giving a brief definition of spyware, then asked the respondents whether they thought that they currently had any spyware or adware on their computers. Surprisingly, almost half (forty-six percent) of respondents agreed that they probably have spyware or adware programs on their computers right now. Once these questions were answered, the researchers scanned the respondent’s computers and found interesting results. The researchers discovered that sixty-one percent of all responding users had spyware or adware programs currently on their machines. Overall, the combination of results from both studies clearly confirms that the majority of internet users are not aware of the threats of internet privacy.
The last important topic to discuss when considering spyware is the steps internet users should take to prevent such crimes from happening. In an informative article called Protect Yourself from Spyware, Tony Bradley describes five easy steps to help avoid, detect and remove harmful spyware programs from your computer. The first step that Bradley describes in his article is to be careful where you download from. Remember, untrustworthy programs often come from untrustworthy sites. It is best to search for shareware or freeware from commendable sites such as download.com or tucows.com. The second step to protect yourself from spyware is to read the End User License Agreement (EULA) before downloading programs onto your computer. Most people consider this agreement to be a nuisance and automatically click “yes” without reading the fine print. This is not a safe practice because the EULA is a legal agreement you are making with the software vendor. If you do not read this agreement, you may be agreeing to the installation of spyware without ever realizing it. The third step that Bradley describes is to read all text boxes that pop up on a website before you click “ok.” These text boxes can be just as annoying as the EULA and can be just as harmful. The text in these boxes could in fact include an agreement to download harmful spyware programs, so it is important to read before them carefully before making a decision. The fourth step to help protect your computer from spyware is to protect your system itself. Though anti-virus is very helpful and important to have on your computer, it is somewhat misnamed these days. Though some anti-virus software has expanded to protect against some vulnerability exploits, Trojans, worms and hoaxes it probably does not provide enough protection against spyware. If you feel that your anti-virus software does not properly detect and block spyware, it would be best to try a product like AdAware Pro. The fifth, and final, step that Bradley suggests to help protect yourself against spyware is to scan your system. Even though anti-virus software, firewalls and other types of protective programs can protect your computer, some spyware may eventually make its way onto your system. Adware Pro will monitor your computer in real time to protect it, but this program costs money. There are several free anti-spyware programs available, but they do not monitor in real time, therefore you have to manually scan your system periodically to detect and remove spyware.
The internet is one of the most important recent developments in the world. The internet provides its users the ability to accomplish many tasks from the comfort of our own homes. It was only years ago that we had to go out into the world to complete the simplest tasks, such as checking bank account balances and shipping packages. Though the internet has given us many great tools, it has also exposed us to a whole new type of criminals. Cyber criminals are finding new ways to make money and invade our privacy on a daily basis. It is clear that internet users expose personal information to the public through online activity without their knowledge. Internet users often expose their personal knowledge without full knowledge of who might be invading their privacy. This conclusion is apparent by the statistics previously mentioned. The majority of internet users don’t know what the risks are, let alone know how to protect themselves. America needs to get better educated on this very essential development so we can put an end to cyber crime.

Works Cited
Belew, Shannon. “Top Six Risks from Spyware.” About.com: Consulting/Freelance. 31 Oct 2007 .
Bradley, Tony. “Protect Yourself From Spyware.” About.com: Internet/Network Security. 13 Oct 2007 .
Bright, Mat. “Online Identity Theft.” Millersmiles.co.uk. 23 Feb 2004. 13 Oct 2007 .
Han, Julie. “Stay Safe Online. National Cyber Security Alliance. News and Media.” Staysafeonline.org. 7 Dec 2005. 13 Oct 2007 .
Kay, Russell. “Phishing.” Computerworld. 7 Oct 2007. 21 Jan 2004 .
“Majority of Americans Lack Core Protections to Fight Off Cyber Criminals, According to a McAfee-NCSA Online Safety Study.” CNNMoney.com. 1 Oct. 2007. 2 Oct. 2007 .
“Origins of ‘Phishing.’” Cybercrime : Piercing the Darkness. 13 Oct 2007 .
“Phishing.” Wikipedia, The Free Encyclopedia. Wikimedia Foundation, Inc. 22 Oct 2007. 24 Oct 2007 .
“Spyware.” Wikipedia, The Free Encyclopedia. Wikimedia Foundation, Inc. 20 Oct 2007. 24 Oct 2007 .
“What is spyware?” Webopedia Computer Dictionary. 14 Oct 2007 .

The internet has become a very important part of the American culture throughout the past couple of decades. In the past, we had to go out into the world and interact with others to do just about everything. Since the development of the internet, that has significantly changed. Just think about it, with the changes in technology we can do many simple tasks without leaving the comfort of our homes. These days we can do our banking, send packages through FedEx and even grocery shop without even getting dressed!
Though the internet has brought these productive tools to our society, it has also influenced the development of a whole new type of criminals. There is a significant gap between internet user’s perception that they are protected from these internet criminals and the reality of the situation. When it comes to home computer security, Americans agree that keeping their computer safe is important, but they are not as secure as they think. A new national survey conducted by McAfee and NCSA compared online Americans’ opinions of their computer security to the reality – what security software they were actually running – found that when it comes to cyber security, most Americans are in dire need of a reality check (McAfee). Generally speaking, the average internet user is not aware of the risks associated with incorporating the internet into their every day lives. What kinds of personal information do internet users expose to the public through online activity? Are they actively aware and choosing to share themselves in a public way, or do they do so without full knowledge of who might be invading their privacy? It is very important for internet users to understand the risks of doing every day activities on the internet, such as shopping and checking account balances. Once internet users understand these risks, they must also become educated on how to properly protect themselves.
When discussing this horrendous topic, the sensible first step is to define what cybercrime is, but this is not an easy task. There are many different ideas as to what classifies as a cybercrime and what does not. A simple definition is any criminal activity that uses computers and the internet. This includes many different activities from downloading illegal music files to stealing millions of dollars from an online bank account. These two examples are very well-known among internet users, but there are many other types of cybercrime that the general public is not aware of. Two of the most serious, but not widely known, cyber crimes are phishing and spyware. Because these two cybercrimes are relatively new and continuously growing, in it important to understand what exactly they are, how they are being used by cyber criminals, the evolving laws against them, and what steps internet users should take to prevent such crimes from happening.
Now that cybercrime, as a whole, has been defined and broad examples have been given, the next step is to look at the individual types of cybercrime that are not widely known among internet users. The first type of cybercrime that needs to be better understood is called phishing. Phishing (sometimes called carding or brand spoofing) uses e-mail messages that purport to come from legitimate businesses that one might have dealings with — banks such as Citibank; online organizations such as eBay and PayPal; Internet service providers such as AOL, MSN, Yahoo and EarthLink; online retailers such as Best Buy; and insurance agencies. The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. And, because these e-mails look so official, up to 20% of unsuspecting recipients may respond to them, resulting in financial losses, identity theft and other fraudulent activity against them. (Kay). Phishing has had a short but highly eventful history as compared to the other cybercrimes as it only started about 8 years ago but has already caused as much if not more damge than any of the other cybercrimes. The word “phishing” originated in the 1996 timeframe. The term was coined based on the analogy that fraudsters used email as a fishing hook to “phish” usernames, passwords and other sensitive information from the “sea” of internet users. The use of the letters “ph” is believed to have been derived from the word “phreaking”, which is the earliest form of hacking – the hacking of telephone lines. “Phishing” first surfaced around 1996, when criminals stole American Online (AOL) accounts by “phishing” the passwords from AOL users. Although this may not necessarily have been the first ever instance of phishing, it is the first well-known one and people first became aware of the dangers of the phishing hook. Soon such hacked accounts were called “phish”. By 1997, “phish” was traded and shared between cyber crooks as a form of currency. Often, these criminals used “phish” to obtain a particular hacking tool or a favor from fellow hackers. (Piercing).
The National Cyber Security Alliance (NCSA) and McAfee, Inc. conducted a study to see whether Americans have a false sense of security related to online threats. The study revealed that one in four respondents (25 percent) had never heard of the term “phishing” and nearly half (46 percent) could not accurately define phishing. (McAfee). This point clearly confirms that internet users are not aware of what personal information they are exposing over the internet.