A Complete Guide to Cybercrime

The growing rate of cybercrime poses a significant threat to individuals, organizations and nations alike. The hacking of classified data gravely affects organizations’ security, leaving information vulnerable to exploitation. This puts critical infrastructure at risk and can impact businesses, schools, and those using digital devices.

With the emerging threats from new developments and advancements in the cybercrime world, it is essential to understand the terms and tools to keep systems safe. A guide to cybercrimes can help stay updated with the trends in online crimes, relevant statistics, reporting and tips on maintaining online safety.

What is cybercrime?

Activities including unauthorized access to someone’s device and data amount to cybercrime. Threat actors commit fraudulent activities online using computers, network connectivity or networked devices. According to 2019 research, nearly 68.4% of business leaders were known to have feared the risk of cyber-attacks. It stated that it took companies about 206 days to identify a cyber-attack. And over half of Americans do not have the required knowledge of resources that they could use to identify or report online.

Child pornography, selling items illegally online, copyright infringement, and using someone’s Wi-Fi or log-in details without permission are some instances of cybercrime that are punishable offenses. Dangerous cybercrimes like the Yahoo data breach impacted the privacy of over 3 billion user accounts. Ransomware WannaCry, the U.K.’s most severe cyber-attack, impacted the systems of over 150 countries, including the US, Russia and China. The Petya ransomware infection affected critical sectors, including the US pharmaceutical company Merck, Danish shipping company Maersk and Russian oil company Rosneft.

Types of Cybercrime

Phishing

Phishing is when a cyber attacker sends an email that appears to be from a credible source. Clicking on the link in such emails may result in unauthorized access to their device and data loss. Details like name, login credentials, financial data related to credit cards, bank accounts, etc. may become available through the hacked devices. Some malicious files come with malware that can directly steal data. Such malware attacks can render remote access to the user’s device and use it in any way they intend to.

Website spoofing

Many users have been cheated into using a fake website created by hackers. Website spoofing or website cloning is when a duplicate version of a genuine website is designed and made accessible to people. Users may not find any noticeable difference between the original and spoofed websites.

Ransomware

Ransomware can be defined as a type of malware that locks user systems and prevents use of files until a ransom is paid. Users are sent an infected email or file that can hack their system once clicked or downloaded. The malware-infected link infects the device and spreads throughout the system. Cybercriminals use it to control user devices in such a way that they are unable to use them. In return, hackers ask for a ransom or anything else like critical information. Ransomware attacks have caused enormous damage to users and enterprises as such attacks capture the system, disable access to the user, and find every piece of data, including sensitive information.

Therefore, users are cautioned against opening emails, pop-ups or SMSes from senders they do not trust or have not subscribed to. Clicking links, downloading malware-infected files and software, and installing it may make the user vulnerable to ransomware attacks. Such files look like legitimate files. Hence, users are asked to avoid clicking on random links or pop-ups.

The FBI always urge victims of a ransomware attack not to pay the ransom because it encourages cyber attackers and does not guarantee they will stop after receiving the ransom.

Tampering QR codes

Tampering is a form of sabotage which involves intentional modification of products in a way that would make them harmful to the consumer. Various kinds of cybercrime are done for monetary profit, as mentioned by a Public Service Announcement by the Federal Bureau of Investigation. One of them involves tampering with QR codes which results in money laundering. Cybercriminals tamper with digital and physical QR codes to replace legitimate codes with malicious ones. Users get redirected to malicious sites where the money gets deposited instead of the intended entity.

With such appalling data coming to the fore, it is imperative to check what one can do to prevent, identify and report cybercrimes.

IoT hacking

Internet of Things is when devices like a smartwatch are connected to a phone, making one accessible by the other. Through this, several digital services are interconnected and remotely accessed. However, if a hacker gets access to an individual’s phone with several connected devices, they can easily exploit the data from all the devices.

Distributed DDoS attacks

Usually, a Distributed Denial of Service Attack (DDoS) floods the server with incoming traffic. Flooding is done using sending an excessive number of requests using networks of Internet-connected malware-infected devices. It is done to slow down systems and make it difficult to utilise online services. DDoS attacks need not be used for data theft.

Cross-site scripting

Cross-site involves sending malicious scripts to users through legitimate websites. Cybercriminals inject websites with malicious JavaScript code that can steal login credentials if the user visits those pages.

Snooping or Sniffing

Snooping or Sniffing involves stealing data by capturing network traffic with packet sniffers. In this type of cybercrime, packet analyzers or packet sniffers are used to take information from traffic that goes through a computer network.

Cryptojacking

Cryptojacking is an unauthorized use of someone else’s devices  such as computers, smartphones, tablets, or even servers to mine cryptocurrency. It creates a scope for stealing cryptocurrency by tampering with the account transactions, which are accessible as a ledger.

Trojan Horses

The trojan horse is a type of malware via which cyber attackers create malicious software that appears genuine. They can use it to access the user’s data and misuse it secretly.

Vishing

Using voice calls to appear like a legitimate company and asking for personal information to be misused for fraud is Vishing.

Smishing

Smishing fraudulently uses text messages to ask for personal or sensitive information while posing as official entities.

Evolving cybercrimes

To avoid risk, apps and devices offer updates that fix bugs, address common errors, and other features aimed at protecting the device and data. When cybercriminals use malware that does not work on an updated laptop, phone, or any other connected device, they update their malware or cyber-attack. They constantly update their technology to work with new security measures.

Results of Cybercrimes

Loss of data

Digital devices are not limited to computers or phones. Every smart device can be hacked, and its data can be stolen and misused.

Loss of privacy

Spying on someone’s CCTV camera or extracting images from their device can result in losing privacy. The stolen data can be misused in several ways by cyber criminals. Asking for ransom for the stolen data, blackmailing, and threatening to publicize the information or sell it online are some types of cybercrime that lead to a loss of privacy.

Identity theft

Some cybercrime results in identity theft wherein the victim’s name, address, phone number, social security number, etc., are used to impersonate them. This can help hackers buy, sell, or make transactions in the victim’s name.

Financial loss

Stealing money using fraudulent online techniques like web spoofing, stealing bank details, sending phishing links, etc., results in financial loss.

Cybercrime for purposes other than profit

 Cyberstalking

Cyberstalkers harass their victims by stalking them online, watching their updates, posts, tweets, etc., to know their whereabouts. They may continue their crime by sending messages, sexual content, catfishing by creating fake accounts, trying to befriend their victims, and so on.

Cyberstalking to keep a watch on someone and stealing login credentials to disrupt their regular work are some instances of cybercrime that are done without the motive of gaining profit.

Cyber espionage

When hackers gain unauthorized access to systems of governments or affiliated agencies to spy on them, it is an act of cyber espionage. They misuse classified data for criminal intents like impacting critical sectors, obtaining military preparedness details to create a better attacking mechanism, and launching attacks based on their strategic interest during wars and critical times.

Work-related motives

Disgruntled employees are known to have attacked their companies and other targets for being upset about how they were treated in their office.

Election-related crimes

Cybercrimes, including leaking or changing election data to manipulate results, impact nations; however, they are not solely driven by financial incentives.

 School-related crimes

Hacking school systems to get exam papers to cheat and score better is another instance of cybercrime that is not meant for monetary profit.

Addressing cybercrime

Addressing cybercrime starts with identifying and taking it to cybersecurity divisions or the police. Complaints can be made online, on-call, e.g. by calling 911 for American people, via online forms, emailing the authorities or by visiting the concerned department or the police in person.

Complaints and success rate after reporting cybercrime

The Internet Crime Complaint Center’s Recovery Asset Team (RAT) reported several success stories and statistics related to offering support and redressal to victims of cybercrime. The IC3 received 15,421 Tech Support fraud complaints from victims in 60 countries. A total of $146 million was reported to have been stolen. A rise of 171% was seen in losses compared to the previous year, 2019.

In 2021, RAT saw a 74% success rate from the complaints received and has successfully recovered or frozen $328.32 million from being stolen. In December 2021, the IC3 RAT and the Philadelphia Field office made a full recovery of $1.5 million after receiving a complaint. Similarly, in June 2021, the IC3 with the Memphis Field Office froze the entire sum of $198k that was stolen and transferred to return to the victim.

Taking quicker actions

Acting fast is essential in addressing cybercrime. Authorities and experts can better handle threats and secure systems if complaints are made sooner. Most cyber-attacks are timed because cybercriminals cannot be online for long as they can be traced based on their online availability. Systems and connected devices of individuals and enterprises can be hacked in minutes depending on various factors, including the type of malware. Hence, it is necessary to report cybercrime as soon as one discovers it.

Reporting Business Email Compromise

BEC or Business Email Compromise involves stealing sensitive data like login credentials targeted towards a business or a company. It requires data theft of specific targets like human resource officials or finance personnel. Victims of this cybercrime can address it by following these steps:

1. Contact the concerned financial institutions to inform them about the breach or data theft so they take measures to keep unauthorized access and suspicious activities at bay.
2. Visiting the official portal of IC3 at ic3.gov and filing a complaint with the victim’s data about the fraud.
3. Follow up with the IC3 for the status of the complaint and the investigation.
4. Updating oneself with the latest cybersecurity measures to secure their systems.

Procedure for investigating cybercrime

Cybercrime is investigated by the Internet Cyber Crime Cell (IC3) in the U.S. It is a Federal Bureau of Investigation (FBI) division. Every country has its separate department for taking care of cybercrime. They collaborate with private sector, local, state, federal and international agencies if needed.

The IC3 follow these steps to address cybercrimes:

1. When cybercrime victims talk to the officials about the incident, they collect all the information needed to work on the case.
2. They analyze the collected data, investigate it further and take their steps accordingly. They may freeze the funds to stop them from being moved by the criminals by alerting the financial institution in case of such crimes.

Preventive measures for students, professionals, enterprises

There are some standard online hygiene etiquettes to safeguard online activities, such as using antivirus software to protect the device from unauthorized access, updating all the software on the device, taking cybersecurity lessons or learning through various other mediums and creating a strong password.

Updating the software

Updating the software as soon as it is available is essential to keep up with the fixes offered. Not doing so makes the software outdated and vulnerable to newer malware and cyber-attacks.

Keeping social media accounts private

Due to the widespread use of various social media platforms like Facebook, Twitter, Instagram etc., hackers and cybercriminals often manage to access most public and private profiles. They can watch what someone does, locate them, find their school, home, or office, evaluate their preferences, and so on. This makes it imperative to keep online accounts and posts visible to trusted friends and family alone.

Educating children and others who are not aware of cybersecurity

Not being aware of all the changing trends, newer versions of software, models of devices and cybercrimes is common among people of all ages. Educating them patiently in every area of cybersecurity, like cybercrimes, cyber hygiene and reporting incidents, is essential. Moreover, children using the internet should be educated about the various types of cybercrime and attacks where they can be targeted.

Using a full-service internet security

Security software provides online protection from data and financial loss using resources and updates against newer malware and other tactics that evolving cybercriminals employ.

Using strong passwords

Passwords need to be complex and not contain words related to the user, like their name, office, pets, or passwords used in other accounts. Passphrases are long passwords with a minimum of 12 characters with a combination of letters, numbers, special characters, etc. Using password generators, not writing them down in notes near the devices and not using the same password for all accounts are some very crucial steps towards password hygiene.

Using a Virtual Private Network

While using Wi-Fi is a good practice to use a strong password and not share it with suspicious people, using a Virtual Private Network (VPN) can hide the user’s online activities and save them from potential cybercriminals.

Subscribing to infosec media

Many websites, apps, and media channels offer content about the latest cybersecurity threats, the newest malware, cryptocurrency hacks, government-related notices, etc. Subscribing to these channels can help to stay updated. The Cyber Express, Cyble, The Cybersecurity and Infrastructure Security Agency (CISA), and All InfoSec News are some options users can follow to keep up with the ever-evolving world of cyber security.