Mon Jan 29

Cybercrime victims who aren’t proficient in English are undercounted – and poorly protected

Written by Fawn Ngo, Associate Professor of Criminology, University of South Florida

In the United States, the Internet Crime Complaint Center serves as a critical component in the FBI’s efforts to combat cybercrime. The center’s website ^[1] provides educational resources to help individuals and businesses protect themselves from cyberthreats and also allows them to report their victimization by submitting complaints related to internet crimes. The Internet Crime Complaint Center also publishes annual reports ^[2] summarizing the current state of internet crime, trends and notable cases.

However, the information and resources, including the reporting form, posted on the center’s website are only available in English. This excludes a substantial number of internet users and victims of cybercrime: people with limited English proficiency. In addition to leaving out many people who are more vulnerable to cyberthreats, one consequence is that the Internet Crime Complaint Center’s annual Internet Crime Reports are incomplete and inaccurate.

The lack of information and resources on cybersecurity and internet safety in languages other than English on the Internet Crime Complaint Center website further widens the “security gap ^[3],” a divide that has emerged between those who can manage and mitigate potential cybersecurity threats and those who cannot. Because there isn’t an appropriate reporting mechanism and structure for people with limited English proficiency to report their victimization, data and statistics on cyber victimization within this population are severely limited.

This U.S. Justice Department video explains why government agencies must provide meaningful access to services to people with limited English proficiency.

Cybercrime and prevention

I’m a criminologist ^[4]. My colleagues and I conducted focus groups with a sample of adult internet users with limited English proficiency to examine their experiences with nine forms of cybercrime and explore their knowledge of cybersecurity. The study is slated to be published in a forthcoming issue of the International Journal of Cybersecurity Intelligence and Cybercrime ^[5].

We recruited 18 Spanish- and six Vietnamese-speaking internet users for the study based on the evidence that limited English proficiency individuals in the U.S. tend to be Latino or Asian ^[6], and among the Asian ethnic groups Vietnamese Americans are the least proficient in English ^[7].

We asked participants whether they had encountered any of the following during the previous 12 months:

They received a phishing email, which is a deceptive message with the intent of tricking them into divulging sensitive information such as login credentials, personal details or financial information.
Their computer was infected with a computer virus.
They received online harassment; for example, a message from someone that threatened, insulted or harassed them.
They were the victim of an online scam; for example, they sent money to an individual or organization that they encountered online and later found to have misrepresented themselves.
They were notified that their financial account had been hacked.
They were notified that their email, social media, shopping or other account had been hacked.

Study participants encountered all nine types of cybercrime. The most common types of cyber victimization they experienced were computer virus, reported by seven participants; phishing emails, reported by six participants; notification that their financial account had been hacked and their personal data was at risk, reported by six participants; and notification that another type of account had been hacked, reported by six participants.

We asked participants whether they had engaged in the following cybersecurity measures during the previous 12 months:

Have antivirus, anti-spyware, or firewall software installed on their computer and laptop.
Create strong passwords for their online accounts.
Employ two-factor authentication procedure.
Avoid unsecured wireless networks such as free Wi-Fi at airports.
Avoid websites that are not protected by Secure Sockets Layer, or SSL, encryption, meaning look for URLs to begin with https rather than http.
Use a strong password or encryption to secure their home’s wireless network.
Employ email filters to block suspicious senders and attachments.
Check email senders and attachments to avoid phishing and online scams.
Be cautious when providing personal information to a third party.
Take extra steps such as shredding documents with personal information to prevent data theft.

The answer choices were yes, no and I don’t know. In all cases except creating strong passwords, more participants reported “no” than “yes,” and in all cases, the combination of participants who reported “no” and “I don’t know” significantly exceeded the number of participants who reported “yes.”

Closing the security gap

Executive Order 13166, signed in 2000, requires federal agencies to improve access ^[8] to services for people with limited English proficiency. U.S. Attorney General Merrick Garland issued a memorandum on Nov. 21, 2022, directing the Justice Department’s Civil Rights Division to share best practices and exchange information ^[9] about language access with other federal agencies.

I believe that it’s important to close the security gap and attain accurate data and statistics on cyber victimization. Internet- and computer-based crime is one of the fastest-growing security threats ^[10] in the U.S.

Getting a full and accurate picture of the problem requires that data and statistics on cybercrime and cyber victimization include victims who have limited English proficiency as well as those who are English-proficient.

And just as public campaigns related to health and safety tend to be available in multiple languages to reach diverse audiences, I believe all users, regardless of their language skills, should have the knowledge and skills to protect themselves from cybercrime.

References

^{^} center’s website (www.ic3.gov)
^{^} annual reports (www.ic3.gov)
^{^} security gap (cltc.berkeley.edu)
^{^} criminologist (scholar.google.com)
^{^} International Journal of Cybersecurity Intelligence and Cybercrime (vc.bridgew.edu)
^{^} tend to be Latino or Asian (ucanr.edu)
^{^} the least proficient in English (www.migrationpolicy.org)
^{^} requires federal agencies to improve access (www.justice.gov)
^{^} share best practices and exchange information (www.justice.gov)
^{^} one of the fastest-growing security threats (www.statista.com)

Authors: Fawn Ngo, Associate Professor of Criminology, University of South Florida

Cybercrime victims who aren’t proficient in English are undercounted – and poorly protected

Cybercrime and prevention

Closing the security gap

References

The metaverse is money and crypto is king – why you'll be on a blockchain when you're virtual-world hopping

Are we all OCD now, with obsessive hand-washing and technology addiction?

4 reasons why abortion laws often clash with the majority's preferences in the US, from constitutional design to low voter turnout

Some tropical frogs may be developing resistance to a deadly fungal disease – but now salamanders are at risk

When lesbians led the women's suffrage movement

Grocery workers suffer the mental health effects of customer hostility and lack of safety in their workplace

What’s in tattoo ink? My team’s chemical analysis found ingredients that aren’t on the label and could cause allergies

KENNY BLACK , STEPHEN WRENCH AND SHIMMER JOHNSON Release “Good Ole Love”

WeWork debacle exposes why investing in a charismatic founder can be dangerous

Women in tech suffer because of American myth of meritocracy

Before Kamala Harris became Biden's running mate, Shirley Chisholm and other Black women aimed for the White House

How to deal with visual misinformation circulating in the Israel-Hamas war and other conflicts

Protections against sexual misconduct on campus may end up stifling free speech

'Wonka' movie holds remnants of novel's racist past