Cybercrime Types, awareness, Cyber Security, Measures and Tools



Cybercrime awareness

With the advancement in digital technologies modern day life style has changed a lot. The internet and use of computers provides us with many benefits. Be it communicating with friends, searching for information, doing banking transactions, availing online services, online learning, entertainment, finding a job, finding life partner or even running entire businesses. The computer and internet touches almost all aspects of our lives. However, it also makes us vulnerable to a wide range of threats. New and powerful cyber-attacks are striking the internet regularly. A minor lapse in managing our digital lives can open the door to cyber criminals. Cyber criminals can steal our money or damage our reputation. Most of the cyberattacks are caused by human negligence. Therefore, cyber security awareness is important for everyone today. We must be vigilant while making use of technology to reduce the risk of cyber threats.

Cybercrime and its types

Cybercrime can be defined as any unlawful act where computer or communication device or computer network is used to commit or facilitate the commission of crime. Thus a cybercrime is a crime involving computers and networks as a tool or target or both. A cybercrime includes a wide range of activities, from illegally downloading movies to stealing money from bank accounts through online banking.

Categories of Cybercrimes :

1. Identity Theft: Identity theft is the act of wrongfully obtaining someone's personal information (that defines one's identity) without their permission. The personal information may include their name, phone number, address, bank account number, Aadhaar number or credit/debit card number etc. Identity theft can have many adverse effects. The fraudster can use stolen personal information and identity proofs to:

• gain access to your bank accounts

• apply for loans and credit cards or open insurance accounts

• file a tax refund in your name and get your refund

• obtain a driver's license, passport or immigration papers create new utility accounts

• get medical treatment on your health insurance

• assume your identity on social media

• give your name to the police during an arrest etc.

2. Psychological Tricks: Psychological tricks are where attackers play with the minds of the user to trap them with lucrative offers. Once trapped, the attackers can exploit the victim by either stealing money or stealing sensitive personal information or harm the victim in any other way. The entire basis of this kind of attack is to make the victim fall into their trap by sending fake e-mails, calls or SMSS.

Phishing is the act of sending fraudulent e-mail that appears to be from a legitimate source, for example, a bank, a recruiter or a credit card company etc. This is done in an attempt to gain sensitive personal information, bank account details etc. from the victim.

Vishing is similar to phishing. But, instead of e-mail, in this type of crime, the fraudster uses telephone to obtain sensitive personal and financial information.

Smishing is the SMS equivalent of phishing. It uses SMS to send fraudulent text messages. The SMS asks the recipient to visit a website/weblink or call a phone number. The victim is then tricked into providing sensitive personal information, debit/credit card details or passwords etc. Common examples are lottery winner type emails/sms/calls, credit/debit/account blocked related emails/calls/ sms and job related emails/sms/calls.

3. Social Media Related Attacks: Social Media has become an integral part of our lives. It is the new way of communicating, sharing and informing people about the events in our lives. Some examples of social media frauds:

(i) Sympathy Fraud: The attacker becomes friends with the victim on social media. The attacker gains trust by frequent interactions. The attacker later extracts money/harms the victim.

(ii) Romance Fraud: The attacker becomes friends with the victim on social media. Over a period, the attacker gains victim's affection. The attacker later exploits the victim physically, financially and/or emotionally.

(iii) Cyber Stalking: Cyber stalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail, instant messaging, messages posted on a website or a discussion group. A cyber stalker relies upon the fact that his/her true identity is not known in the digital world. A cyber stalker targets the victim with threatening/abusive messages and follows them/their activities in the real world.

(iv) Cyber Bullying: Cyber bullying is bullying that takes place over digital devices. Cyber bullying can occur through SMS, social media, forums or gaming apps where people can view, participate or share content. Cyber bullying includes sending, posting or sharing negative, harmful, false content about someone else. The intention is to cause embarrassment or humiliation. At times, it can also cross the line into unlawful criminal behaviour.

4. Digital Banking Frauds: In the previous section we discussed about the various digital banking Cools available. Apart from making our banking easier it has also made us vulnerable to various frauds. Some examples of such frauds are:

(i) Digital Payments Applications related attacks : Digital payments have become very common in today's life. However, they do pose a threat if the account is hacked.

(ii) Hacking of Bank Account due to Weak Password: In this type of attack, the attacker hacks into the victim's account by using a program to guess commonly used passwords. Once the account is hacked, the attacker can steal money or perform an illegal transaction in order to defame or frame the victim.

(iii) Hacking of Multiple Accounts due to same password: If same password is used for multiple accounts, then hacking of one account may also lead to hacking of other accounts.

5. Attacks through mobile applications: With the increase in the use of smartphones and the consequent rise in the use of mobile applications, associated security risks have also increased. People become habitual users of certain mobile applications. As a result, they ignore security warnings. Fraudsters use this to attack the victim by infiltrating through such popular mobile applications. They infect the applications with malicious software, called Trojan. This Trojan can get access to your messages, OTP, camera, contacts, e-mails, photos etc. for malicious activities. It can also show obscene advertisements, sign users up for paid subscriptions or steal personal sensitive information from the mobile etc.

6. Virus Attacks: A Virus/Malicious application can cause various harms such as slowing down computer, lead to data corruption/deletion or data loss. Some examples on how our personal computer can get affected by virus:

(i) Virus Attack through external devices: A virus can enter the computer through external devices like pen drive or hard disk etc. This virus can spread across all the computer files. 

(ii) Virus Attack by downloading files from un-trusted websites: The virus can enter the computer by download of files from un-trusted websites. The virus can be hidden in the form of music files, video files or any attractive advertisement. This virus can spread across all the computer files.

(iii) Virus Attack by installation of malicious software: The virus can enter into the computer by installing software from un-trusted sources. The virus can be an additional software hidden inside unknown game files or any unknown software. This virus can spread across all the computer files.

Cyber Security Challenges

(i) Web Server attacks which are hacked by the cyber criminals.

(ii) Ransomware attacks by hacking into a user's data and preventing them from accessing it until a ransom amount is paid.

(iii) IOT attacks as their adoption is increasing and can result in compromise of sensitive user data. Safeguarding IoT devices is one of the biggest challenges in Cyber Security, as gaining access to these devices can open the doors for other malicious attacks.

(iv) Cloud attacks by hacking cloud platforms to steal user data is one of the challenges in Cyber Security for businesses.

(v) Phishing and DOS attacks.

(vi) Blockchain and crypto attacks can compromise user and enterprise data.

(vii) Software vulnerabilities with the adoption of digital technologies.

(viii) Machine Learning and AI attacks.

 Precautions from Cybercrimes :

(i) Always keep your systems/devices (desktop, laptop, mobile) updated with latest security updates.

(ii) Protect systems/devices through security software such as anti-virus with the latest version. (iii) Always download software or applications from known trusted sources only. Never use pirated software on your systems/devices.

(iv) Ensure all devices/accounts are protected by a strong PIN or password. Never share your PIN or password with anyone.

(v) Do not share your net-banking password, One Time Password (OTP), ATM or phone banking PIN, CVV number etc. with any person even if he/she claims to be an employee or a representative of the bank and report such instances to your bank.

(vi) Be cautions while browsing through a public Wi-Fi and avoid logging in to personal & professional accounts such as e-mail or banking on these networks.

(vii) Always use virtual keyboard to access net-banking facility from public computers; and logout from banking portal/website after completion of online transaction. Also ensure to delete browsing history from web browser after completion of online banking activity. (viii) Do scan all e-mail attachments for viruses before opening them. Avoid downloading e- mail attachments received in e-mails from unknown or un-trusted sources.

(ix) Be careful while sharing identity proof documents especially if you cannot verify the authenticity of the company/person with whom you are sharing information.

(x) Note the IMEI code of your cell phone and keep it in a safe place. The operator can blacklist/block/trace a phone using the IMEI code, in case the cell phone is stolen.

(xi) Do not save your card or bank account details in your e-wallet as it increases the risk of theft or fraudulent transactions in case of a security breach.

(xii) If you think you are compromised, inform authorities immediately.

Security Measures and Tools

(i) Turn on Windows internet firewall: A firewall helps in creating a protective barrier between your computer and internet.

(ii) Use automatic updates to keep your software up to date and install all updates as soon as they are available.

(iii) Use up to date antivirus software to be protected from malicious programs.

(iv) Install and keep updated the antispyware software.

(v) Practice internet behaviour that lowers your risk.

(vi) Use anti-phishing and anti-spam technology built into your operating system. 

(vii) To save yourself from hacking use strong passwords and two step verifications. 

(viii) Use encrypted and trusted sites.

(ix) To report cybercrime complaints online, visit the National Cyber Crime Reporting Portal. This portal can be accessed at https://cybercrime.gov.in/.

(x) To report lost or stolen mobile phones, file a First Information Report (FIR) with the police. Post filing the FIR, inform Department of Telecommunications (DoT) through the helpline number 14422 or file an online compliant on Central Equipment Identity Register (CEIR) portal by visiting https://ceir.gov.in. After verification, DoT will blacklist the phone, blocking it from further use. In addition to this, if anyone tries to use the device using a different SIM card, the service provider will identify the new user and inform the police.