Report Now, Report Often: Overcoming the Challenges within Cybercrime Reporting
The following Great Innovative Idea is from Morvareed Bidgoli, a Ph.D. candidate in the College of Information Sciences and Technology at the Pennsylvania State University. Bidgoli presented her work at the Computing Community Consortium (CCC) workshop on Sociotechnical Cybersecurity Workshop 1 on December 12-13, 2016.
When a crime occurs, a crucial next step that is taken is the reporting of the crime to law enforcement; however, this action becomes particularly difficult when a cybercrime occurs for a number of reasons (e.g., lack of awareness that a cybercrime occurred). After conducting an exploratory study on understanding how cybercrimes affect undergraduate students, I discovered that despite the fact that undergraduate students expressed having access to cybercrime victimization statistics and cybercrime reporting to be important, they did not know how to report cybercrimes. The issues revolving around cybercrime reporting ignited my interest to further investigate this problem domain, a topic I have been researching with my advisor, Jens Grossklags, for the past two years. While the reasons behind the underreporting of cybercrimes are well researched, there have not been any solutions brought forward towards effectively resolving this issue. Last year, we published research aimed towards achieving this goal. In our paper entitled, “End User Cybercrime Reporting: What We Know and What We Can Do to Improve It,” we outlined four specific challenges of cybercrime reporting and provided our recommendations as to how these challenges can be appropriately addressed in order to improve currently existing cybercrime reporting processes. However, the focus of my work has not only been on finding ways to alleviate the underreporting of cybercrimes, but also to find ways in which we can raise more awareness about cybercrimes and cybercrime reporting since neither of these issues are formally taught to private citizens. For example, through my work it has become evident that college students’ self-efficacy with regards to cybercrimes and cybercrime reporting comes from decentralized or informal sources rather than through formal channels which greatly impacts not only their ability to identify a cybercrime, but also how to report a cybercrime in the event that one occurs. Therefore, we also intend to better understand the current educational landscape as it pertains to computer users’ general knowledge about cybercrimes and cybercrime reporting. Our hope is to leverage the ways in which such decentralized channels are reaching computer users to help foster cybercrime education on a more societal level.
Given the ubiquity of technology, it should go without saying that every computer user is to some degree susceptible to becoming a cybercrime victim; however, there are ways in which each computer user can mitigate their future cybercrime risk. One fundamental way we can protect society from cybercrimes is through cybercrime reporting. By effectively tackling the issues contributing to the underreporting of cybercrimes, we will be able to not only bolster law enforcement’s intelligence in order to effectively combat cybercrimes, but also be able to effectively raise awareness to the general public about the severity and current trends regarding cybercrimes. Thus, from a public policy perspective, we believe our work has a fundamental social impact given the richness of insights stemming from cybercrime reporting (e.g., potential for a proper resolution to be met, victimization statistics, prevention tips, trend data) all of which can ultimately help mitigate a given individual’s cybercrime risk.
Aside from conducting research specifically on cybercrime reporting, I also work on studies that focus on better understanding how college students are affected by cybercrimes since they are a particularly active segment of the computer user population. Thus far, I have conducted two studies that have addressed the prevalence of cybercrime victimization among college students in order to further examine the types and nature of the cybercrimes that impact them along with how they contextualize their cybercrime victimization (e.g., the decision to change online behaviors or report a cybercrime). In our most recent study, we conducted a two-part qualitative study on scams that have affected international students on campus. The scams are predominantly phone scams where the scammer utilizes cyber techniques (i.e., phone spoofing, a request for electronic payment) in order to mask their tracks and identity; additionally, the scammer impersonates high level government agencies (i.e., the IRS, FBI) and utilizes extortion techniques by exploiting specific vulnerabilities of international students (e.g., their immigration status) for financial gain. Fortunately, an overwhelming majority of international students we interviewed did not fall victim to such scams due to on campus entities raising awareness about such incidents to them. Ultimately, we believe raising awareness that draws from the reporting of such incidents is one way we can effectively prevent a victimization from occurring. Overall, our main findings reveal that college students are not immune to being victims of cybercrimes; moreover, there is a disparity between their positive inclination towards cybercrime reporting and their self-efficacy with regards to cybercrime reporting. These findings emphasize a key point of our research, which is that we must continue to find ways to propose and implement initiatives that will better educate the public about how to formally report cybercrimes.
I am a Ph.D. candidate in Information Sciences and Technology at the Pennsylvania State University. Prior to joining the Pennsylvania State University, I received both my B.A. in Criminology, Law and Society and M.S. in Information and Computer Sciences with a concentration in Informatics from the University of California, Irvine. My research interests entail issues pertaining to the intersection of the law and technology such as cybercrimes and information policy. My current research focuses on how existing cybercrime reporting processes can be improved upon to encourage victims to report cybercrimes they experienced and to find effective ways to promote more awareness about cybercrimes and cybercrime reporting. My paper entitled “When Cybercrimes Strike Undergraduates” co-authored with Bart P. Knijnenburg and Jens Grossklags recently received the Best Paper Award at the 2016 APWG Symposium on Electronic Crime Research.