Identity Related Crime in the Cyberspace: Examining Phishing and Its Impact

Abstract

Last November/December 2007, I was invited to two prestigious events of Cyber Criminology. The POLCYB International Summit on Policing Cyberspace, 2007, Bangkok, Thailand and UNODC core group meeting of Experts on Identity related Crime and ISPAC Conference at Courmeyeur, Italy. I was also entrusted task of preparing Bangkok Declaration of International summit on Cyberspace by Society for Policing of Cyberspace (POLCYB), Canada and that is published as a special paper in this issue. Hence in this editorial I would like to focus about identity related crime and its impact in cyberspace.Identity is a holistic term to portray individual's comprehension of him or herself as a discrete, separate entity (Identity, 2008, para 1). Finch (2007, pp.29-31) provides a brief typology of identity:Identity is a complex and multi-faceted concept ... and it can be divided in to three categories: personal, social and legal. Personal identity relates to self as experienced by individual... social identity is identity that is perceived by others; it is external view of self as viewed by others in society... Legal identity is ...the way in which an accumulation of information distinguishes one individual from all others.....The importance of identity gains greater significance in this wired era. The use of identity in cyberspace is greater nowadays. People tend to shop, bank, sell, and have relationship in internet. In these processes their identity plays a superior role, which, however, is being misused by miscreants. The perpetrators try to misuse identity of a person for personal gain. This criminal misuse of identity is called identity related crime, which United Nations Office of Drugs and Crime (UNODC), Vienna, Austria prefers to use and as a member of core group of experts on Identity-related crime, UNODC1, I also advocate use of this term.Koops & Leenes (2006) were first to propose to use term 'identity-related crime' as an umbrella term. This covers all punishable activities having identity as a target or a principal tool. However, there is no universal definition of identity related crime, as it invariably comprises of many types of crimes such as identity theft, identity fraud, intellectual property abuse and other related crimes (UNODC, 2007a, 2007b). Though, Koops & Leenes (2006) have defined Identity-related crime, as one that concerns all punishable activities that have identity as a target or a principal tool, it is not recognized as a final definition of Identity related crime.Identity related cyber crime is on rise, both in developed and developing countries. In this decade alone millions of people around world are victimized of identity related cyber crime. The identity related cyber crime is perpetrated with ease when compared to identity related crime in physical space (Smith, 2007). It should be noted that impact of identity related cyber crime is larger. The transnational nature, velocity and its relationship with other criminal activities such as fraud, organized crime, money-laundering and terrorism makes this crime more unique. UNODC (2008a, para 30) describes Identity related crime as crime of 21st Century:In serious cases, millions of dollars are stolen using false ID. Millions of smaller cases result in personal loss and frustration for victims. Because of under reporting, lack of common definitions, and insufficient legislation, this is probably just tip of iceberg. Nor are costs purely economic: identity-related theft can pose a major threat to security. The problem is serious, and it is growing. No wonder it has been called the crime of 21st century.While we explore identity related cyber crime, we cannot avoid analyzing Phishing. Phishing is main identity related cyber crime, though, malware to a certain extent, can be construed as an individual identity-related cyber crime, but predominantly Phishers also use malware. …