A Closer Look at White Collar and Cybercrime

Introduction

While the exponential growth and expansion of technology has indeed benefited businesses and individuals alike, it has simultaneously opened avenues for new hybrid crimes that combine cybercrime with traditional white-collar crime methods. This article examines the recent emergence of "white-collar cybercrimes," their unique characteristics, and the increasing risks they pose to individuals and businesses.

While many of us were celebrating the holiday season, criminals seemed poised to launch their next wave of cyber and white-collar attacks. So, what should potential victims be doing to prepare? Simple: stay informed and be vigilant. These evolving crimes are set to continue pushing up the cost of doing business and perhaps even disrupt some services.

A Brief History

White-collar crime is an illegal or unethical act that violates an individual or company’s public trust, typically occurring during legitimate occupational activity[1]. The term was introduced in 1939 by the sociologist and criminologist Edwin Sutherland during his address to the American Sociological Association. Sutherland described crimes committed by “persons of respectability”, often individuals of high social standing[2]. Today, white-collar crime encompasses non-violent, financially motivated crimes often committed by professionals in their workplaces[3].

Interestingly, Sutherland did not mention cybercrime, primarily because it, as we know it today, did not yet exist. The term "cybernetics" hadn’t even entered the lexicon. It wasn’t until decades later, as computers and the internet became central to business that criminals began exploiting these technologies for illicit purposes[4]. In today’s business environment, where computers are essential, the potential for cyber-related white-collar crimes is ever-present. As technology advances, the scope of white-collar cybercrimes has expanded significantly, forming a unique and growing trend globally[5].

The Overlap Between White-Collar and Cybercrimes

What distinguishes these crimes from the increased overlap between cybercrime and white-collar crime? And how can companies or individuals work to prevent them[6]?

The big difference is in the use of trust. White-collar crime usually involves some breach of confidence, whereby a person has confidence in doctors, businesspeople, or lawyers. In cybercrime, though, it is not so much a question of trusting a third party to look after you as protecting data using passwords, multi-factor authentication, and encryption.

Despite these differences, cyber and white-collar crimes share similarities, including deception and a reliance on technology. Criminals in both spheres often create elaborate schemes to evade detection, leaving victims unaware of the crime until it’s too late. However, signs can sometimes reveal ongoing misconduct, such as employees avoiding vacations, the appearance of fake vendors, missing documents, or inventory shortages.

Ultimately, white-collar cybercrimes, including fraud, extortion, identity theft, money laundering, and public corruption, represent a significant overlap between cybercrime and white-collar crime.

The Evolution of White-Collar Cybercrimes

What will white-collar cybercrime[7] look like in the future? For example, cheque fraud, a traditional white-collar crime, has existed for centuries[8]. The first known cheques originated in 17th-century England and became widely used by the 18th century[9]. With increased usage, cheques soon became a target for fraudsters. Today, hybrid crimes involving data theft and resale on criminal marketplaces are rising[10]. These markets on the deep and dark web enable criminals to sell stolen data and goods[11] . They are structured technically in a manner which results in significant difficulty to detect or identify the perpetrator when compared to traditional white-collar fraud.

Interestingly, some data shared in these marketplaces originates from legitimate businesses. When we allow websites or companies to store our data or submit our CVs to potential employers, it often becomes available to third parties. Criminals can access this information legally but use it illicitly, creating a lucrative market for white-collar cybercrime[12]. The economic climate may further fuel these crimes, with a potential rise in "cybercrime as a service[13]."

Still to come, "deepfake" technology enables the manipulation of AI-generated video and audio and is another tool in the cybercrime arsenal that businesses should be preparing for. The increased accessibility of this technology has raised concerns about business email compromise, phishing attacks, and identity fraud to a whole new level. Major arms in the hands of cybercriminals help them effectively proceed with their plans[14].

In 2022, Patrick Hillmann, the Chief Communications Officer at Binance, became a deepfakes target. Many claimed to have met him because of the AI video discussing possible listing opportunities on Binance. However, he had never met any of those people nor oversaw Binance's listing; the potential dangers of deepfake-enabled social engineering then came with many more risks[15]. Across the world, the volumes of reported deepfake frauds are increasing, and it is rapidly becoming a mainstream fraud threat. For example, the Asia-Pacific region saw a 1530% rise in deepfake cases between 2022-2023, with the Philippines experiencing the highest growth totalling 4500%.[16]

Statista’s Market Insights shows an alarming surge in cybercrime costs. Estimated to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028, this trend reflects the growing sophistication and frequency of cyberattacks[17]. Since the pandemic, the number of white-collar crimes reported globally has surged. In 2022, Hong Kong officials registered a 45% year-on-year rise in white-collar crimes. India, meanwhile, recorded an 80% increase in 2019[18].

Despite their magnitude, almost 90% of white-collar crimes go unreported[19]. Similarly, cybercrimes are believed to go unreported within organisations, meaning the true scope of these crimes remains hidden[20].

Challenges in the Reporting and Addressing of White-Collar Cybercrime

A variety of factors make the process of tracking these crimes hard to track, including:

• Victims may not report the crimes out of embarrassment or fear of negative consequences.

• The crimes are usually white-collar cybercrimes; therefore, they involve intricate financial or technical components that are difficult to trace.

• Many of the victims might remain unaware that they have been targeted or may not realise the extent of the damage.

• It is hard to collect tangible evidence because sophisticated methods are applied to conduct this crime.

• Most organisations have a shortage of resources to investigate and prosecute crimes.

Tracking, investigation, and prosecution of the offence are being enhanced, and governments and organisations are increasing awareness and establishing new approaches to tackle the problem.

What Companies Should Be Doing

With regulators and stakeholders increasing pressure, organisations need to institute mechanisms that aid in detecting and addressing corporate misfeasance. These should include measures such as:

• A corporate governance structure which requires regular risk assessments that include analysis of white-collar cybercrime risk

• Implementation of a technical incident response capability including digital forensics and cyber investigators. This could be in-house or outsourced to a specialist third-party however it needs to be in place in advance so any response efforts can be effective and timely.

• Enhanced training which is:

  • Up to date and regularly refreshed to take account of the rapidly evolving nature of the threat

  • To the extent possible - role-based, so that the content reflects the day to day roles of those attending the training

  • Supported and sponsored at the executive level and embodied in an ethical corporate culture

Allegations of white-collar cybercrimes could surface from various quarters, including auditors, whistleblowers, and even regulators. By understanding patterns and adapting response tactics, businesses could help reduce the threat and risk exposure in their responses to the threat.

Public-private partnerships may be vital to understanding white-collar cybercrime and developing technological defences in the office and cyberspace. They are a growing trend in jurisdictions with a more mature regulatory environment.

Authored by: The Coalition of Cyber Investigators

Paul Wright (United Kingdom) & Neal Ysart (Philippines)

© 2024 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator; and

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader.

With over 80 years of combined hands-on experience, Paul and Neal remain actively engaged in their field.

They established the Coalition to provide a platform to collaborate and share their experience and analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. Recognizing that this convergence has created grey areas around critical topics, including the admissibility of evidence, process integrity, ethics, contextual analysis and validation, the coalition is Paul and Neal’s way of contributing to a discussion that is essential if the unresolved issues around OSINT derived evidence are to be addressed effectively. Please feel free to share this article and contribute your views.

[1] White-Collar Crimes: Definition & Examples | StudySmarter. (n.d.). StudySmarter UK. https://www.studysmarter.co.uk/explanations/law/forensic-science/white-collar-crimes/#:~:text=White%2Dcollar%20crimes%20refer%20to,concealment%2C%20or%20violation%20of%20trust. (Accessed November 11, 2024)

[2] The lawyers & jurists. (2019, June 30). WHITE COLLAR OR CORPORATE CRIME | The Lawyers & Jurists. The Lawyers & Jurists. https://www.lawyersnjurists.com/article/white-collar-crime/ (Accessed November 11, 2024)

[3] “White Collar or Corporate Crime,” The Lawyers and Jurists, CYBERCRIME STATISTICS 2024 (U.S. & WORLDWIDE), https://www.lawyersnjurists.com/article/white-collar-crime/ (Accessed November 11, 2024)

[4] Wolf, A., & Wolf, A. (2024, April 19). A brief history of cybercrime. Arctic Wolf. https://arcticwolf.com/resources/blog/decade-of-cybercrime/ (Accessed November 11, 2024)

[5] Law, B. S. a. A. (2024, July 2). How has technology impacted white collar crime? Beckham Solis, Attorneys at Law. https://www.duimiamilawyer.com/blog/2022/april/how-has-technology-impacted-white-collar-crime-/ (Accessed November 11, 2024)

[6] https://www.duimiamilawyer.com/blog/2022/april/how-has-technology-impacted-white-collar-crime-/( Accessed November 11, 2024)

[7] Team, C. (2023, October 8). White-Collar crime. Corporate Finance Institute. https://corporatefinanceinstitute.com/resources/esg/white-collar-crime/. (Accessed November 11, 2024)

[8] Hayes, A. (2024, May 16). What is White-Collar Crime? Meaning, types, and examples. Investopedia. https://www.investopedia.com/terms/w/white-collar-crime.asp (Accessed November 11, 2024)

[9] Cheque, 1659/60 | NatWest Group Heritage Hub. (n.d.). https://www.natwestgroup.com/heritage/history-100/objects-by-theme/going-the-extra-mile/cheque-1659-60.html (Accessed November 11, 2024)

[10] Abrams, L. (2021, May 7). Data leak marketplaces aim to take over the extortion economy. BleepingComputer. https://www.bleepingcomputer.com/news/security/data-leak-marketplaces-aim-to-take-over-the-extortion-economy/( Accessed November 11, 2024)

[11] Grannan, C. (n.d.). What’s the difference between the deep web and the dark web? Encyclopedia Britannica. https://www.britannica.com/story/whats-the-difference-between-the-deep-web-and-the-dark-web (Accessed November 11, 2024)

[12] A growing goldmine: your LinkedIn data abused for cybercrime. (n.d.-b). https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-growing-goldmine-your-linkedin-data-abused-for-cybercrime#:~:text=data (Accessed November 11, 2024)

[13] Slavin, B. (n.d.). What is Cybercrime-as-a-Service or CaaS? - DuoCircle. DuoCircle. https://www.duocircle.com/data-privacy/what-is-cybercrime-as-a-service-or-caas (Accessed November 11, 2024)

[14] Tummalapenta, S. (2024, May 21). How a new wave of deepfake-driven cyber crime targets businesses. Security Intelligence. https://securityintelligence.com/posts/new-wave-deepfake-cybercrime/ (Accessed November 11, 2024)

[15] Vincent, J. (2022, August 23). Binance executive claims scammers made a deepfake of him. The Verge. https://www.theverge.com/2022/8/23/23318053/binance-comms-crypto-chief-deepfake-scam-claim-patrick-hillmann (Accessed November 11, 2024)

[16] Criminal exploitation of deepfakes in South East Asia. Global Initiative. (2019, March 4). https://globalinitiative.net/analysis/deepfakes-ai-cyber-scam-south-east-asia-organized-crime/ (Accessed November 12, 2024)

[17] Fleck, A. (2024, February 22). Cybercrime expected to skyrocket in coming years. Statista Daily Data. https://www.statista.com/chart/28878/expected-cost-of-cybercrime-until-2027 /(Accessed November 11, 2024)

[18] Counteracting the rise in White collar criminality. (2024, May 8). https://www.claglobal.com/insights/counteracting-the-rise-in-white-collar-criminality/( Accessed November 11, 2024)

[19] Studocu. (n.d.). criminology 1.1.2 examples- reasons for unreported crime - Deleted 1.1 paragraphs ( for future - Studocu. https://www.studocu.com/en-gb/document/brookfield-community-school/criminological-theory/criminology-112-examples-reasons-for-unreported-crime/81712103/ (Accessed November 11, 2024)

[20] Defence IQ. (2024, August 23). The main cyber threats target big money. https://www.defenceiq.com/cyber-defence-and-security/whitepapers/the-main-cyber-threats-target-big-money/( Accessed November 11, 2024)