computer and internet fraud

Computer and internet fraud entails the criminal use of a computer or the Internet and can take many different forms. While some argue that “hacking” is a neutral term (see United States v. Thompson (2025)), illegal hacking is when a perpetrator unlawfully gains access to a computer or system, or intercepts an electronic transmission unintended for the interceptor, such as passwords, credit card information, or engages in other types of identity theft through the interception or misuse of an electronic transmission.

Statutory Definition

Computer fraud is defined in federal law in the Computer Fraud and Abuse Act (CFAA) as the access of a protected computer without authorization or exceeding authorization. The plain text of the statute appears to limit which computers are protected by the law: the term “protected computer” means a computer which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States. However, in practice a "protected computer" has been defined as any computer with Internet access. This is because the Internet is an "instrumentality and channel of interstate commerce.” Thus, the courts apply the law to nearly all computers by invoking the Commerce Clause (see United States v. Nosal and United States v. MacEwan).

Specifically, the CFAA prohibits computer espionage, computer trespassing on private or public computers, committing fraud with a computer, the distribution of malicious code, password trafficking, threatening to damage a protected computer. Although the CFAA is primarily a criminal statute, it does define a civil cause of action in § 1030(g).

Examples of computer or internet fraud in action include but are not limited to:

Emails requesting money in return for small deposits, also known as an advance-fee scam, such as the infamous Nigerian prince scam.
Emails attempting to gather personal information such as account numbers, Social Security numbers, and passwords; also known as phishing.
Using someone else’s computer to access personal information with the intent to use it fraudulently.
Installing spyware or malware to engage in data mining.
Violating copyright laws by copying information with the intent to sell it.
Hacking into or illegally using a computer to change information, such as grades, work reports, etc.
Sending computer viruses or worms (a worm being a computer program to copy itself into other computers) with the intent to destroy or ruin another's computer.
Denial of service, in which an authorized user's access to a network is intentionally interrupted.

Violators may be prosecuted under:

17 U.S.C. § 506 Copyright Infringement - Criminal Offenses
18 U.S.C. § 1028 Fraud and Related Activity in Connection with Identification Documents, Authentication Features, and Information
18 U.S.C. § 1029 Fraud and Related Activity in Connection with Access Devices
18 U.S.C. § 1030 Fraud and Related Activity in Connection with Computers
18 U.S.C. § 1343 Fraud by Wire, Radio, or Television
18 U.S.C. § 1362 Malicious Mischief - Communication Lines, Stations, or Systems
18 U.S.C. § 2511 Interception and Disclosure of Wire, Oral, or Electronic Communications Prohibited
18 U.S.C. § 2701 Unlawful Access to Stored Communications
18 U.S.C. § 2702 Voluntary Disclosure of Customer Communications or Records
18 U.S.C. § 2703 Required Disclosure of Customer Communications or Records

Key Internet Sources

U.S. Department of Justice: Computer Crime and Intellectual Property Section (CCIPS)
Internet Crime Complaint Center
Identity Theft
Department of Homeland Security - Online Safety

[Last reviewed in March of 2025 by the Wex Definitions Team]

Keywords

Wex