Types of Cybercrimes
- Email related crime
- Email spoofing
- Email bombing
- Spear phishing
- Illegal Online transaction
- Job Frauds
- Cyber defamation
- Ponzi scheme
- Cyber stalking
- Cyber bullying
- Cyber pornography
- Cybercrimes/Attacks of advanced types
- Website defacement
- Salami Attack
- Cross-site scripting
- Web Jacking
- DOS/DDOS attacks
- Data hiding technique
- Deep Web & Dark Web
Introduction to Cyber-crimes | Why should you read this Chapter?
After reading this chapter, you would be able to:
1.Understand about the various Cyber Crimes which could have potential impact on an individual or on an organization.
2.Identify ways through which Cybercrime could be carried out.
3.Familiarize yourself on different Cyber security practices.
Internet connectivity is becoming ubiquitous, and the technology integration is increasing into the lives of people and processes. As government goes digital with the digital India programmer, the use of e-commerce, e-banking, e-Office, e-Health system, e-governance, e-KYC services etc., have encouraged citizens to go digital to perform day to day transactions
Types of Cybercrimes
The methods and technologies cybercriminals use to commit their crimes are innumerable and continue to grow each year in both number and sophistication. Listed below are few common types of cybercrimes.
Email relates crime
The ease, speed and relative anonymity of email have made it a powerful tool for misuse by cyber criminals. Some of the major e-mail related crimes are given below:
1. Email spoofing
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is an approach used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source. There are different types of email spoofs, but they all have similarities. One main similarity is that you receive an email which claims to be from someone you know but in reality, it has been sent by another source.
Phishing involves fraudulently acquiring (very often attacker try to disguise themselves and their communication as genuine) the sensitive information (e.g. online banking passwords, credit card details, debit card details etc.). The suspect’s identity might be traced using the IP addresses of the suspected email sent.
If you click on a link in an email spoof, it might direct you to a fake webpage to collect your sensitive information.
Email bombing is a form of an abuse consisting of sending huge volumes of email to a single address or recipient in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted causing denial of service.
Spamming is sending an unsolicited message, especially to promote a product or services, as well as sending messages repeatedly through a communication medium. Spammers not only use e-mail services but also use other channels such as SMS, TV advertising, social networking, Internet forums, Blogs etc.
5. Spear phishing
It is a directed attack which is one of the very rampant email frauds till date. Spear phishing is a targeted phishing aimed at specific individuals or groups within an organization especially corporates. Spear phishing makes the use of information about a target to make attacks more specific and personal to the target. Spear-phishing emails, for instance, may refer to their targets by their specific name, rank, designation or position instead of using generic titles as in normal phishing campaigns. Spear-phishing emails can have malware attachments in the form of varying file types e.g. XLS, PDF, DOC, .DOCX etc. The malware then accesses a malicious command-and-control (C&C) server to take instructions from a remote user. At the same time, to hide malicious events malware usually drops a decoy document that will open when the malware or exploit runs.
Illegal Online transaction
Through illegal online transactions the perpetrator deprives the victim for funds, personal property, interest or sensitive information via the Internet. There are majorly three types of frauds.
- fraudulent or unauthorized transactions
- Lost or stolen merchandise
- False requests for a refund, return or bounced cheques.
Fraudsters have become savvy at illegally obtaining information online. Cyber criminals often pose as a legitimate representative and contact credit/Debit card owners asking for sensitive information. They may use one or more of the following means of interaction to steal personal data.
- Texting malware on smartphones
- Instant messaging
- Rerouting traffic to fraudulent websites
- Phone calls
It involves deceiving people seeking employment by giving them the false hope of earning high salaries or extra income. There are numerous methods where scammers come up with attractive offers such as easy hire, easy work, high wages, flexible working hours etc.
As per Indian Penal Code (IPC) whoever, by words either spoken or intended to be read, or by signs or by visible representations, makes or publishes any imputation concerning any person intending to harm, or knowing or having reason to believe that such imputation will harm, the reputation of such person, is said to defame that person. Cyber defamation is the new form of committing traditional defamation where virtual communication like emails, Social Media, etc., is used to defame an individual or organization.
A Ponzi scheme is a fraudulent investment scam where criminals lure the victims promising high rates of return with little risk. e.g. Money Trade Coin (MTC) – A crypto currency scam estimated to be in the range of Rs 300 crore to Rs 500 crore.
Cyber stalking is a criminal practice in which attacker use internet and other electronic devices to persistently harass victims.
e.g. State of Maharashtra Vs Atul Ganesh Patil
A women had come for job interview to a company and wrote her mobile number in the entry register. The guard saved her contact details and started sending multiple obscene WhatsApp messages and even called her repeatedly to talk obscene things thereby committing crime of stalking her. In this case, victim blocked his number. However, the guard started sending her obscene messages from his friend’s mobile phone. A case was registered under IPC 354D. The police acted swiftly completing the investigation and prepared a charge sheet within 24 hours.
It is a form of offense committed by using virtual communication medium like e-mail, social media, SMS, messengers, forums etc., to harass, threaten, embarrass, and humiliate victims. Cyber bullying can be anonymous or it can also have wider audience which can spread quickly. Cyber bullying commonly occurs among teenagers.
Cyber pornography is defined as the act of using cyberspace to create, view, distribute, import, or publish pornography or obscene materials.
Cybercrimes/Attacks of advanced types
Cybercriminals use various technologies to exploit security holes. These technologies are constantly growing in number and sophistication.
It is an attempt to exploit weaknesses for gaining unauthorized access in a computer system or network. As per IT act, hacking is a term used to describe the act of destroying or deleting or altering any information residing in a computer resource or diminishing its value or utility, or affecting it injuriously in spite of knowing that such action is likely to cause wrongful loss or damage to the object, public or a person.
Computer Virus means any computer instruction, information, data or programme that destroys, damages degrades or adversely affects the performance of a computer resource. It generally attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource.
It is a self-replicating malicious software that replicates itself to spread across other devices that are connected to a network.
It is a malicious software that is camouflaged as a legitimate software e.g. Microsoft office, web browsers, media players, gaming applications etc. When this legitimate software installed the malicious code will also get installed at the background and start doing it’s malicious activity.
It is an attack intended for a Website, which will change the visual appearance of a website and the attacker may post some other indecent, hostile and obscene images, messages, videos, etc., and sometimes make the Website dysfunctional. The most common cases of website defacement are, hackers of one country try to deface the websites of rival countries to display their technological superiority by infecting with malware.
An attack is made on a system or network that involves making minor alteration so insignificant that in a single case it would go completely unnoticed. These attacks are generally used for the commission of financial crimes.
Cross-Site Scripting (XSS) is a type of vulnerability in which malicious scripts are injected into content from otherwise trusted websites. The injection occurs when a user clicks on an unsuspected link that is specially designed for attacking a website they are visiting.
The Web Jacking Attack is an advanced phishing technique where attackers make a clone of a website and send that malicious link to the victim. Once, the victims click the link that looks real he will be redirected to a fake page where attackers try to extract sensitive data such as card numbers, user names, passwords etc., from the victims.
In the Denial of service attack (DoS), an important service offered by a Web site or a server is denied or disrupted thereby causing loss to the intended users of the service. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. In some cases, DoS attacks have forced the Websites to temporarily cease operation. This often involves sending a large amount of traffic in the form e-mails and other requests to the targeted network or server so that it occupies the entire bandwidth of the system and ultimately results in a crash. The Distributed Denial of Service (DDoS) is a type of attack in which multiple systems are used by distributing the attaching BOTS to flood the bandwidth of the targeted system.
Ransom is defined as the practice of holding someone or something important to the victim with the intent to extort money or property to secure their release. Ransomware is a type of computer malware that locks the files, storage media on communication devices like desktops, Laptops, Mobile phones etc., holding data/information as a hostage. There is no guarantee that the victim will get the data back after paying the ransom.
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos, meaning “covered, concealed, or protected,” and meaning “writing”.
Deep Web & Dark Web
The deep web is part of the internet where a typical search engine cannot index. The dark web/ darknets is a subset of deep web that is intentionally made hidden through overlay networks and require specific software, configurations or authorization to access. Frauds are openly discussed on the underground forums of the Dark Web where illicit vendors offer fraudulent services. These services include but not limited to, launching a DoS attack on websites, the sale of malware, illegal drugs, weapons, cyber espionage on behalf of clients and the list goes on. Most of the vendors accept the payment through crypto-currencies and specially Bitcoins due to its popularity.
Cryptocurrency Crypto derives from Greek for hidden or to hide. A cryptocurrency is created by solving complex mathematical problem based on the cryptography to regulate the generation of units of currency and verify the transfer. A cryptocurrency like Bitcoin consists of a network of peers. Every peer has a record of the complete history of all transactions and thus of the balance of every account. The
validity of each cryptocurrency’s coins is provided by a blockchain. A blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a hash pointer as a link to a previous block, a timestamp and transaction data. By design, block chains are inherently resistant to modification of the data. It is an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way.
User awareness – Safe practices to mitigate cybercrimes
The most effective mechanism to tackle cybercrime to be extra cautious in the cyberspace and promote the practices of netiquettes. Although these may sound very basic controls, it defends you on a larger scale. Few of them are listed as below:
- To avoid financial or banking related frauds never share OTP, PIN, password, card grid details, card expiry date, CVV number to anyone or entertain such calls impersonating as bank officials.
- Embed safe internet practices like avoid opening spam emails or attachments from an unknown source. Beware while opening external links or shortened URLs, as these might be phished or may infect your devices through malware.
- Apply a layer of personal protection on your devices by having up-to-date antivirus,licensed OS and software, secure your Wi-Fi and enable personal firewalls on laptops/computers
- Have strong passwords, enable privacy settings and cautiously post personal information and pictures.
- Never indulge in the distribution of obscene & illicit material.