This blog will help you to understand how knowingly or unknowingly we are making mistakes in our day to day life that will have an adverse effect on our life. Cyber Crime is increasing day by day as people are not aware of the facts and stats related to Cyber Security and how they can safeguard themselves.
Let's understand about Cyber Crime
Cybercrime is a crime involving computers
and networks. This includes a wide range of things, from illegally downloading
music files to stealing money online from bank accounts.
-> Cyberspace is an online or digital world linked to computers and mobile
networks.
-> It includes frauds such as.
- Job-related frauds.
- Matrimonial frauds.
- Theft and misuse of confidential personal information (details of Aadhaar,
credit/debit card details, bank details, etc.)
- An individual's defamation on social media.
- Distribution of computer viruses etc.
-> Cybercrimes can also result in physical assault.
-> Cybercriminals can steal our money or damage our credibility.
-> According to a study by a leading industry research organization, 90% of
all cyber-attacks are caused by human negligence. Knowledge of cybersecurity is
therefore critical for everyone today. -> We must be careful to reduce the
possibility of cyber-attacks when making use of technology.
Some common types of cybercrimes are prevalent today. We will discuss these
types of cybercrimes:
Part 1: Identity Theft
Part 2: Psychological Tricks
Part 3: Social Media related Attacks
Part 4: Attacks through Mobile Applications
Part 5: Digital Banking Frauds
Part 6: Virus Attacks on Personal Computer
Cyber Crime Facts and Statistics
(1) Cyber-attacks occur 2,244 times per day.
(2) 95% of cybersecurity breaches are due to human error.
(3) Over 75% of the healthcare industry has been infected with malware over the
last year.
(4) In 2018 hackers stole half a billion personal records.
(5) 94 percent of malware is delivered via email.
(6) Phishing attacks account for more than 80 percent of reported security
incidents.
(7) Every minute, $17,700 is lost because of phishing attacks.
(8) 60 percent of breaches involved vulnerabilities for which a patch was
available but not applied.
(9) There was an 80% increase in malware attacks on Mac computers in
2017.
(10) The top malicious email attachment types are .doc and .dot which make up
37%, the next highest is .exe at 19.5%.
(11) In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches
of all time. (12) In 2017, 412 million user accounts were stolen from Friend
finder’s sites.
(13) In the 2019 DBIR, 94% of malware was delivered by email.
(14) Nowadays every mobile device had high-risk apps installed.
Definition: Identity theft is the act of wrongfully obtaining someone’s personal information (that defines one’s identity) without their permission.
Your name, phone number, address, bank account number, Aadhaar number, or credit/debit card number could be included in the personal details, etc.
Identity theft can have many adverse effects. The fraudster can use stolen personal information and identity proofs to:
-> Gain access to your bank accounts-> Apply for loans and credit cards or open insurance accounts
-> File a tax refund in your name and get your refund
-> Receive a driver's license, passport, or immigration documents
-> Create new utility accounts
-> Issued medical treatment on your health insurance
-> Use your identity on social media
-> Give your name to the police during an arrest etc.
Let's Understand the Identity Theft Cyber Crime with Stories
Identity Theft Crime: Hacking or Gaining access to Social Media Accounts
-> In this type of crime, the attacker hacks or gains access to the social media account of the victim.
-> By misusing their personal details and images, the perpetrator will then harm the victim. ->The attacker may also post offensive material on the profile of the victim or defame the victim.
-> By misusing their personal details and images, the perpetrator will then harm the victim. ->The attacker may also post offensive material on the profile of the victim or defame the victim.
Let's understand the Identity Theft Cyber Crime with an example
Preventive Measures for Social Networking Sites
1. Do not close the browser window without logging out of the account.
2. Use 2-step verification such as one-time password (OTP) while using someone else’s computer.
3. Do not save your username and password in the web browser at a cybercafe or public library
4. Register your mobile number with social networking sites to get alerts in the event of unauthorized access.
5. Permanently delete all documents downloaded on computers in cybercafé.
2. Use 2-step verification such as one-time password (OTP) while using someone else’s computer.
3. Do not save your username and password in the web browser at a cybercafe or public library
4. Register your mobile number with social networking sites to get alerts in the event of unauthorized access.
5. Permanently delete all documents downloaded on computers in cybercafé.
========================================================================================================================================================================================
-> Psychological games are where assailants play with the user's minds to lure them with profitable deals.
-> Once trapped, the attackers can exploit the victim by either stealing money or stealing sensitive personal information (name, Aadhaar details, bank account details, etc.) or harm the victim in any other way.
-> These criminals create such kind of emergency that user has to take decisions rapidly, he becomes nervous and acts impulsively which makes them follow the instructions given by the attacker and makes him/them infected with these crimes.
-> The entire basis of this kind of attack is to make the victim fall into their trap by sending fake emails, calls, or SMS.
These are some examples of psychological tricks.
1. Lottery Fraud
2. Credit/Debit Card Fraud
3. Job-Related Fraud
4. Matrimonial Fraud
-> Once trapped, the attackers can exploit the victim by either stealing money or stealing sensitive personal information (name, Aadhaar details, bank account details, etc.) or harm the victim in any other way.
-> These criminals create such kind of emergency that user has to take decisions rapidly, he becomes nervous and acts impulsively which makes them follow the instructions given by the attacker and makes him/them infected with these crimes.
-> The entire basis of this kind of attack is to make the victim fall into their trap by sending fake emails, calls, or SMS.
These are some examples of psychological tricks.
1. Lottery Fraud
2. Credit/Debit Card Fraud
3. Job-Related Fraud
4. Matrimonial Fraud
Let us Understand the Psychological Tricks Cyber Crime
Example: Job-Related Fraud
-> The attacker sends a fake SMS to the victim offering a job with an attractive salary.
->The victim, unfortunately, believes it and follows the instructions.
->The victim, unfortunately, believes it and follows the instructions.
->Then the intruder takes the money or physically hurts the victim.
Preventive Measures/Precautions
1. Have you got an SMS or email saying you've won a lottery prize? It's a scam. Do not respond to it.
2. Never respond to fake winning lottery related calls/SMS/Emails
3. Have you received an SMS or email about transferring money into your account? It's a scam. Do not respond to it
4. Have proper filters for spam in your email address
5. Employ the thumb rule: Never move funds in expectation of high returns to unknown individuals or organizations. This is never going to happen.
6. Always search and apply for jobs posted on authentic job portals, newspapers, etc.
7. Check if the domain of the e-mail is the same as the one you have applied with. For example, all government websites have “.gov.in” or “.nic.in” as a domain.
8. If an e-mail has spelling, grammatical and punctuation errors, it could be a scam.
9. Beware of the fake calls/e-emails impersonating themselves as recruiters and requesting personal information or money.
10. Authentic recruiters never ask to pay a processing fee to offer a Job, it could be a scam.
2. Never respond to fake winning lottery related calls/SMS/Emails
3. Have you received an SMS or email about transferring money into your account? It's a scam. Do not respond to it
4. Have proper filters for spam in your email address
5. Employ the thumb rule: Never move funds in expectation of high returns to unknown individuals or organizations. This is never going to happen.
6. Always search and apply for jobs posted on authentic job portals, newspapers, etc.
7. Check if the domain of the e-mail is the same as the one you have applied with. For example, all government websites have “.gov.in” or “.nic.in” as a domain.
8. If an e-mail has spelling, grammatical and punctuation errors, it could be a scam.
9. Beware of the fake calls/e-emails impersonating themselves as recruiters and requesting personal information or money.
10. Authentic recruiters never ask to pay a processing fee to offer a Job, it could be a scam.
========================================================================================================================================================================================
Social Media has become an integral part of our lives. It is the new way of communicating, sharing, and informing people about the events in our lives. We share our day to day lives on social media in the form of self and family photographs, updates on our locations/whereabouts, our views/thoughts on prevalent topics, etc.
-> One can understand the entire history of an individual through their social media profile and can even predict future events based on patterns in the past.
-> This poses a threat to an individual as unwanted access to social media profiles can cause loss of information, defamation, or even worse consequences such as physical/sexual assault, robbery, etc. Hence, protection and appropriate use of social media profiles are very important.
Let us look at some examples of social media frauds.
1. Sympathy Fraud
2. Romance Fraud
3. Cyber Stalking
4. Cyber Bullying
-> One can understand the entire history of an individual through their social media profile and can even predict future events based on patterns in the past.
-> This poses a threat to an individual as unwanted access to social media profiles can cause loss of information, defamation, or even worse consequences such as physical/sexual assault, robbery, etc. Hence, protection and appropriate use of social media profiles are very important.
Let us look at some examples of social media frauds.
1. Sympathy Fraud
2. Romance Fraud
3. Cyber Stalking
4. Cyber Bullying
Let us Understand the Social Media Frauds
Social Media Frauds Cyber Crime: Cyberbullying Crime
-> Cyberbullying is bullying that takes place over digital devices.
-> Cyberbullying can occur through SMS, social media, forums, or gaming apps where people can view, participate, or share content.
-> Cyberbullying includes sending, posting, or sharing negative, harmful, false content about someone else.
-> The intention is to cause embarrassment or humiliation. At times, it can also cross the line into unlawful criminal behavior.
-> Cyberbullying can occur through SMS, social media, forums, or gaming apps where people can view, participate, or share content.
-> Cyberbullying includes sending, posting, or sharing negative, harmful, false content about someone else.
-> The intention is to cause embarrassment or humiliation. At times, it can also cross the line into unlawful criminal behavior.
Preventive Measures/Precautions
1. Block profiles from public searches.
2. Restrict who can find you via an online search.
3. Limit what people can learn about you through searching on the net.
4. Log out after each session.
5. Don’t share social media credentials.
6. Don’t accept friend requests from unknowns.
7. Don’t click suspicious links.
8. Keep the privacy settings of your social media profile at the most restricted levels, esp. for public/others
9. Remember that information scattered over multiple posts, photographs, status, comments, etc. may together reveal enough about you to enable a fraudster to steal your identity and defraud you. So, apply maximum caution while sharing anything online.
10. Enable two-factor authentications to log in to the social media account
11. Enable the notification and select the right alerts
12. Figure Privacy Policy, Only share with friends while sharing any information
====================================================================================================================================================================================================================
With the increase in the use of smartphones and the consequent rise in the use of mobile applications, associated security risks have also increased. The number of mobile transactions has increased four times in the last couple of years, and now, cybercriminals are targeting mobile users to extract data and money.
-> Mobile applications are widely used not only for entertainment but also for ease and convenience to perform day-to-day tasks such as bill payments, bank accounts management, service delivery, etc.
-> As a result, these applications are more prone to cyber-attacks.
-> Users need to be aware of such attacks on commonly used mobile applications such as digital payment applications and gaming applications.
Let us look at some day to day example of how mobile applications can be used for cyber frauds.
-> Cyber-attacks using Infected Mobile Applications: People become habitual users of certain mobile applications.
-> As a result, they ignore security warnings. Fraudsters use this to attack the victim by infiltrating through such popular mobile applications.
-> They infect the applications with malicious software, called Trojan. This Trojan can get access to your messages, OTP, camera, contacts, e-mails, photos, etc. for malicious activities. It can also show obscene advertisements, sign users up for paid subscriptions or steal personal sensitive information from the mobile, etc.
-> Mobile applications are widely used not only for entertainment but also for ease and convenience to perform day-to-day tasks such as bill payments, bank accounts management, service delivery, etc.
-> As a result, these applications are more prone to cyber-attacks.
-> Users need to be aware of such attacks on commonly used mobile applications such as digital payment applications and gaming applications.
Let us look at some day to day example of how mobile applications can be used for cyber frauds.
-> Cyber-attacks using Infected Mobile Applications: People become habitual users of certain mobile applications.
-> As a result, they ignore security warnings. Fraudsters use this to attack the victim by infiltrating through such popular mobile applications.
-> They infect the applications with malicious software, called Trojan. This Trojan can get access to your messages, OTP, camera, contacts, e-mails, photos, etc. for malicious activities. It can also show obscene advertisements, sign users up for paid subscriptions or steal personal sensitive information from the mobile, etc.
Let us Understand Attacks through Mobile Applications Cyber Crime
========================================================================================================================================================================================
Nowadays, all banking services are shifting online. Services like retrieving account statements, funds transfer to other accounts, requesting a checkbook, preparing demand drafts,s, etc. can all be done online. Most of these services can be done sitting at home without physically visiting the bank.
-> As the services are shifting towards online platforms, cyber frauds related to banking are also increasing.
-> Just like we protect our locker full of jewelry with a lock and key, we must protect our online bank accounts with strong passwords.
-> If the key is stolen, then the jewelry will be stolen. Similarly, if the password is stolen, then the money in the bank accounts will be stolen.
-> Hence, the protection of bank accounts with strong passwords becomes highly essential.
Let us look at some examples of online banking fraud:
1. Digital Payments Applications related attacks
2. Hacking of Bank Account due to Weak Password
3. Hacking of Multiple Accounts due to the same password
-> As the services are shifting towards online platforms, cyber frauds related to banking are also increasing.
-> Just like we protect our locker full of jewelry with a lock and key, we must protect our online bank accounts with strong passwords.
-> If the key is stolen, then the jewelry will be stolen. Similarly, if the password is stolen, then the money in the bank accounts will be stolen.
-> Hence, the protection of bank accounts with strong passwords becomes highly essential.
Let us look at some examples of online banking fraud:
1. Digital Payments Applications related attacks
2. Hacking of Bank Account due to Weak Password
3. Hacking of Multiple Accounts due to the same password
Type 1: Digital Payments Applications related attacks
->Digital payments have become very common in today’s life. However, they do pose a threat if the account is hacked.
Type 2: Hacking of Bank Account due to Weak Password
-> In this type of attack, the attacker hacks into the victim’s account by using a program to guess commonly used passwords.
-> Once the account is hacked, the attacker can steal money or perform an illegal transaction in order to defame or frame the victim.
Type 3: Hacking of Multiple Accounts due to the same password
-> If the same password is used for multiple accounts, then hacking of one account may also lead to hacking of another.
========================================================================================================================================================================================
Personal Computers or laptops or Mobile play a very important role in our lives. We store our crucial information such as bank account numbers, business documents, etc. in the computer or Mobile.
-> We also store personal files like photos, music, movies, etc. in the computer/Mobile. Therefore, the protection of all this data is highly essential.
-> A virus is a malicious code designed to spread from host to host by itself without the user’s knowledge to perform malicious actions.
-> Just as we keep a physical lock on our safe vaults, it is equally important to protect our valuable data from viruses/malicious applications that can damage it.
-> We also store personal files like photos, music, movies, etc. in the computer/Mobile. Therefore, the protection of all this data is highly essential.
-> A virus is a malicious code designed to spread from host to host by itself without the user’s knowledge to perform malicious actions.
-> Just as we keep a physical lock on our safe vaults, it is equally important to protect our valuable data from viruses/malicious applications that can damage it.
Let us Understand the Virus Attack on Personal Computer/Laptop/Mobile Cyber Crime
Type 1: Virus Attack through External Devices
-> A virus can enter the computer through external devices like a pen drive or hard disk etc.
-> This virus can spread across all the computer files.
Type 2: Virus Attack by downloading files from untrusted websites
-> The virus can enter the computer by the download of files from un-trusted websites.
-> The virus can be hidden in the form of music files, video files, or any attractive advertisement.
-> This virus can spread across all the computer files.
Type 3: Virus Attack by the installation of malicious software
-> The virus can enter into the computer by installing software from un-trusted sources.
-> The virus can be additional software hidden inside unknown game files or any unknown software.
-> This virus can spread across all the computer files.
Type 4: Virus attack through email
An email virus comprises of malicious code that is distributed in email messages, and this code can be activated when a user opens an email attachment, clicks on a link or Unsolicited bulk email (spam mail) in an email message, or interacts in a totally different way with the infected email message.
-> Fake Windows Updates (Hidden Ransomware)
-Hackers have been increasingly sending emails that instruct readers to install urgent Windows OS updates.
-The emails trick readers into installing the “latest” Windows updates, which are actually ransomware ‘.exe’ files in disguise.
-> Malware Attacks
- Cybercriminals often use current news stories and global events to target people with malware.
- One example is hackers using the wave of the COVID-19 (Coronavirus) outbreak to target individuals with malware.
-Hackers send out emails that are disguised as legitimate information about the outbreak. Readers are prompted to click a link to learn more about the information, but the link contains malware that copies the files on your device and steals your personal information.
-> A Virus/Malicious application can cause various harms such as slowing down the computer, lead to data corruption/deletion or data loss.
-> Fake Windows Updates (Hidden Ransomware)
-Hackers have been increasingly sending emails that instruct readers to install urgent Windows OS updates.
-The emails trick readers into installing the “latest” Windows updates, which are actually ransomware ‘.exe’ files in disguise.
-> Malware Attacks
- Cybercriminals often use current news stories and global events to target people with malware.
- One example is hackers using the wave of the COVID-19 (Coronavirus) outbreak to target individuals with malware.
-Hackers send out emails that are disguised as legitimate information about the outbreak. Readers are prompted to click a link to learn more about the information, but the link contains malware that copies the files on your device and steals your personal information.
-> A Virus/Malicious application can cause various harms such as slowing down the computer, lead to data corruption/deletion or data loss.
Preventive Measures
1. Computers/Laptops/Mobile should have an antivirus installed, enabled, and running the latest version.
2. Always scan external devices (e.g. USB) for viruses, while connecting to the Computer/Mobile
3. Always keep the “Bluetooth” connection in an invisible mode, unless you need to access file transfers on your mobile phone or laptops.
4. Before disposing of computers or mobile devices, be sure they are wiped of any personal information. For mobile devices, this can be done by selecting the option for a secure reset/factory reset of the device.
5. Never download or install pirated software, applications, etc. on your computer, laptops, or hand-held devices. It is not only illegal but also increases your vulnerability to potential cyber threats.
6. Do not click on the URL/links provided in suspicious e-mails/SMS even if they look genuine as this may lead you to malicious websites. This may be an attempt to steal money or personal information.
7. Always check “https” appears in the website’s address bar before making an online transaction. The “s” stands for “secure” and indicates that the communication with the webpage is encrypted.
8. Always use genuine software and applications to avoid potential security lapses. Genuine software gets regular updates to protect your data from new cyber threats.
10. Always read the terms and conditions before installation of any application.
2. Always scan external devices (e.g. USB) for viruses, while connecting to the Computer/Mobile
3. Always keep the “Bluetooth” connection in an invisible mode, unless you need to access file transfers on your mobile phone or laptops.
4. Before disposing of computers or mobile devices, be sure they are wiped of any personal information. For mobile devices, this can be done by selecting the option for a secure reset/factory reset of the device.
5. Never download or install pirated software, applications, etc. on your computer, laptops, or hand-held devices. It is not only illegal but also increases your vulnerability to potential cyber threats.
6. Do not click on the URL/links provided in suspicious e-mails/SMS even if they look genuine as this may lead you to malicious websites. This may be an attempt to steal money or personal information.
7. Always check “https” appears in the website’s address bar before making an online transaction. The “s” stands for “secure” and indicates that the communication with the webpage is encrypted.
8. Always use genuine software and applications to avoid potential security lapses. Genuine software gets regular updates to protect your data from new cyber threats.
10. Always read the terms and conditions before installation of any application.
========================================================================================================================================================================================
Where to Report a Cyber Crime Fraud?
1. Visit the nearest police station immediately. or
2. To report cybercrime complaints online,
-> Visit the National Cyber Crime Reporting Portal. This portal can be accessed at https://cybercrime.gov.in/.
-> In this portal, there are two sections:
- One section is to report crimes related to Women and Children (where reports can be filed anonymously as well).
- Another section is to report other types of cybercrimes.
- You can also file a complaint offline by dialing the helpline number 155260.
3. In case you receive or come across a fraud SMS, e-mail, link, phone call asking for your sensitive personal information or bank details, please report it on Maharashtra Cyber’s web portal by visiting www.report phishing.in
4. Refer to the latest advisories which are issued by CERT-IN on https://www.cert-in.org.in/
5. Report any adverse activity or unwanted behavior to CERT-IN using the following channels
E-mail: incident@cert-in.org.in
Helpdesk : +91 1800 11 4949
Kindly provide the following information (as much as possible) while reporting an incident.
• Time of occurrence of the incident
• Information regarding affected system/network
• Symptoms observed
6. To report lost or stolen mobile phones,
-> File a First Information Report (FIR) with the police.
-> Post filing the FIR, inform the Department of Telecommunications (DoT) through the helpline number 14422 or
-> File an online complaint on the Central Equipment Identity Register(CEIR) portal by visiting https://ceir.gov.in.
-> After verification, DoT will blacklist the phone, blocking it from further use.
-> In addition to this, if anyone tries to use the device using a different SIM card, the service provider will identify the new user and inform the police.
2. To report cybercrime complaints online,
-> Visit the National Cyber Crime Reporting Portal. This portal can be accessed at https://cybercrime.gov.in/.
-> In this portal, there are two sections:
- One section is to report crimes related to Women and Children (where reports can be filed anonymously as well).
- Another section is to report other types of cybercrimes.
- You can also file a complaint offline by dialing the helpline number 155260.
3. In case you receive or come across a fraud SMS, e-mail, link, phone call asking for your sensitive personal information or bank details, please report it on Maharashtra Cyber’s web portal by visiting www.report phishing.in
4. Refer to the latest advisories which are issued by CERT-IN on https://www.cert-in.org.in/
5. Report any adverse activity or unwanted behavior to CERT-IN using the following channels
E-mail: incident@cert-in.org.in
Helpdesk : +91 1800 11 4949
Kindly provide the following information (as much as possible) while reporting an incident.
• Time of occurrence of the incident
• Information regarding affected system/network
• Symptoms observed
6. To report lost or stolen mobile phones,
-> File a First Information Report (FIR) with the police.
-> Post filing the FIR, inform the Department of Telecommunications (DoT) through the helpline number 14422 or
-> File an online complaint on the Central Equipment Identity Register(CEIR) portal by visiting https://ceir.gov.in.
-> After verification, DoT will blacklist the phone, blocking it from further use.
-> In addition to this, if anyone tries to use the device using a different SIM card, the service provider will identify the new user and inform the police.
Your opinion matters a lot...
We all know that due to COVID-19 Pandemic, we all become heavily dependent on the internet to complete the day to day activities. There is a sharp rise in Incidents of cybercrime reported after Lockdown. It has become important for all of us to understand the common type of internet crime (Cyber Crime), how we can remain safe or protected in this digital world.
This guided blog is an initiative to make people aware of cybercrime and empower our family, friends, and loved ones to remain safe from any kind of cybercrime.
Your valuable feedback will help us to further improve the content provided in the blog.
Please write your feedback and let us know how was your experience...
This guided blog is an initiative to make people aware of cybercrime and empower our family, friends, and loved ones to remain safe from any kind of cybercrime.
Your valuable feedback will help us to further improve the content provided in the blog.
Please write your feedback and let us know how was your experience...
Thank You So much for patiently reading this Blog. Leave down your comments on the topics. Like👍 and Share📲 the post if you like it. Have a great day ahead, be happy, and be safe.
References:
- https://en.wikipedia.org/wiki/Cyber_security_awareness#:~:text=Cyber%20security%20awareness%20refers%20to,primary%20vulnerability%20within%20a%20network.&text=They%20should%20educate%20employees%20on%20current%20threats%20and%20how%20to%20avoid%20them.
- https://www.ecsu.edu/administration/information-technology/resources/infosec/cyber-security-awareness-for-students.html
- ogl.co.uk/the-importance-of-cyber-security-awareness
- https://www.dsci.in/content/NCSAM/2020
- https://www.infosecawareness.in/
👌
ReplyDeleteThese days cyber hacking is getting common and easier...
ReplyDeleteScientists have predicted that by 2021 there will be 7 hackings per day
This post really shows the insight knowledge and is very important considering that so many cyber cases are emerging these days.
ReplyDelete