Week 2 - Frauds, identity theft, and cyber-bullying

Question 1

Explain why advanced fee fraud persists in the digital age

Answer 1

Advanced fee fraud remains common due to low operational costs, and global accessibility via the internet. It preys on greed, vulnerability, and trust.

Question 2

Outline the stages typically involved in such scams (7 marks)

Answer 2

Stages of the scam:
- Contact > scammer reaches out with an appealing offer.
- Response > victim expresses interest.
- Follow up > scammer requests “processing” or “legal” fees.
- Escalation > additional fees may be demanded until the victim stops. Examples would include romance, inheritance, and career scames, often using untraceable payment methods like Western Union.

Question 3

Summarise Herley’s (2012) explanation for why Nigerian Scammers openly identify themselves as Nigerian (6 marks)

Answer 3

Herley argues this strategy is intentional. The bizarre, unbelievable content filters out sceptical recipients, leaving only highly gullible individuals. This self-selection optimises the scammer’s resources, as follow-up replies are time-consuming. By reducing false positives, scammers increase the ratio of successful (true positive) targets, ensuring more efficient attacks.

Question 4

Discuss three reasons why cyber fraud and identity theft are difficult to measure accurately (6 marks)

Answer 4

1 - Underreporting: victims may be embarassed, fear repercussions, or believe reporting is futile.
2 - Fragmented data: differences between sources like Action Fraud and CSEW lead to underestimates.
3 - Definition mismatch: agencies and studies define fraud differently, making consistent aggregation difficult.

Question 5

Explain the structure and challenges of detecting online romance-scams (8 marks)

Answer 5

Romance scams involve emotional manipulation over time:
1 - Manual engagement where messages are crafted personally to build rapport
2 - Platform switch where scammers often move to WhatsApp or email before asking for money
3 - False identities where scammers pose as widowed/divorced to gain sympathy.
4 - Emotional and financial impact are losses may range from £50 - £800,000.
5 - Detection challenges - harder to identify scams due to long exchanged and lack of automated patterns.

Question 6

Describe two key technological arm races in the context of phishing and identity theft (5 marks).

Answer 6

1. Detection vs. mimicry - platforms use anomaly detection; attackers counter by mimicking normal user behaviour (e.g., IP spoofing, language).
2. Blacklists vs. evasion - services use URL blacklists and visual similarity detection (e.g., PhishTank), but criminals quickly adapt designs to bypass them

Question 7

What makes phishing effective despite widespread awareness, and how do scammers exploit psychological vulnerabilities?

Answer 7

Phishing exploits human psychology and deisgn flaws:
1) visual deception - fake sites mimic real ones with logos and layouts
2) time pressure - urgent language discourages critical thinking
3) trust exploitation - fake emails appear from known or legitimate sources
4) social engineering - scammers flatter or emotionally manipulate. Studies (e.g., Dhamija et al.) show users often overlook browser security cues, focusing on visual elements instead.

Question 8

Explain how spearphishing differs from standard phishing and why it is used in high-profile cyberattacks. (5 marks)

Answer 8

Spearphishing targets specific individuals using personalised data (e.g., LinkedIn info or a colleague’s email). Unlike generic phishing, it appears highly relevant, increasing success rates.
Used in major attacks like Target (2013) and Podesta (2016), as it bypasses standard detection and gains deeper access.

Question 9

Outline three countermeasures against identity theft and explain one challenge for each. (6 marks)

Answer 9

1) machine learning - detects unusual behaviour in accounts; challenge is that it may trigger false positives or missed skilled attackers.

2) blacklists - flag phishing websites (e.g., PhishTank); the challenge is that attackers rotate domains to avoid detection.

3) user education - teaches awareness and caution; the challenge is hard to change user habits or ensure retention.

Question 10

Describe the main characteristics of online child predation and key prevention strategies discussed in Lecture 2. (8 marks)

Answer 10

Characteristics:
- Predators mainly target adolescents (Wolak et al. 2008).
- Victims often don’t know offenders offline (Wolak et al. 2006).
- Grooming platforms: chats, games, dating sites.

Prevention strategies:
1. Engineering – Account blocking/reporting; whitelisting safe sites.
2. Legal – Police impersonation and prosecutions; only 3% reoffend.
3. Educational – Target teens directly; online use contracts (Dombrowski et al.).