The term “Cybercrime” was introduced after the evolution of the Internet and Computer Industry, over the last decade, cybercrime has become big business- a $6T industry in 2022 which is projected to reach $10T by 2025; with an entire ecosystem of organizations it runs like legitimate organization. This not-so-new kind of crime is a major threat in 21st century where everyone is connected to the Internet or social media somehow, it is said that 80% of reported cybercrimes are generally attributed to phishing.
As the name suggests, Cybercrime is a “Crime” related to “Cyber” which stands for “relating to or characteristics of the culture of computers, information technology, and virtual reality” Cybercrime, also called computer crime, is the use of internet and computer as an instrument to commit wrong, e.g.- committing fraud, stealing identities, or violating the privacy of an individual is usually involve in the domain of cybercrime. Cybercrime can be carried out by individuals or organizations. Some cybercriminals are organized and use advanced techniques with advanced technology such as A. I (Artificial Intelligence) to target population. In the age of social media, it has become much easier for “Cybercriminals” or “Hackers” to trap the population in their crime with a mere click.
People often think that cyberattacks may not affect them since they do not have any confidential information. But in the advanced era of technology when bank accounts are accessible through the internet, everyone holds information whose loss may result in inconvenience.
Phishing is the most common type of cybercrime, the practice of deceiving, pressuring, or manipulating people into sending information or assets to the wrong people.
Phishing attacks are fraudulent emails, text messages, phone calls, or web sites designed or trick users into downloading malware, sharing sensitive information or personal data (e.g., social security and credit card numbers, bank account numbers, login credentials), or taking other actions.
Successful phishing attacks often lead to identity theft, credit card fraud, ransomware attacks, data breaches, and huge financial losses for individuals and corporations.
Commonly, the user receives spam emails that contain unauthorized attachments or URLs that persuade them to open the same, It is phishing. The motive of this act is to gain personal information of users or organizations by tricking them, the cybercriminal sometimes doesn’t harm the device being used but may cause financial loss to the user due to credentials shared.
Phishing emails still comprise a large portion of the attacks on data breaches. Phishing emails are designed to appear to come from a legitimate source, like Amazon customer support, a bank, PayPal, or another recognized organization.
Cybercriminals hide their presence in little details like the sender’s URL, an email attachment link, etc.
For example; The Ayushman Bharat phishing attack uses the Indian government’s free health coverage scheme to deceive users. In this, a message is shared with the message that ‘10-crore people between the age of 13-70 years are being provided with free insurance worth rupees 5 lakh to cover covid-19 pandemic’.
It asks users to register themselves using the given link. However, this link is designed only to obtain the user’s personal information.
As the name itself indicates, identity theft happens when someone else impersonates the original user. The cybercriminal steals the personal information of the users for fraudulent purposes.
For e.g.- person x got a mail from her boss’s account seeking a handsome amount to be transferred to the client’s account. Without verification, she transferred the amount and succeeded as a target of identity theft causing financial fraud. This is an instant example of identity theft.
Social engineering attacks manipulate people into sharing information they shouldn’t download, visiting websites they shouldn’t visit, sending money to criminals, or making other mistakes that compromise their personal or organizational security. Because social engineering uses psychological manipulation and exploits human error or weakness rather than technical or digital system vulnerabilities, it is sometimes called “human hacking”.
When malicious activities are committed through the internet with a personal touch, it is termed social engineering. They use psychological manipulation tricks through calls impersonating an official to defraud the users to gain their confidential information.
In India, credit card fraud is usually committed in a similar way when someone calls the users, conveys to be a bank official, and asks the users to share the one-time password received on their mobile to safeguard their financial interests or bank accounts, etc.
Ransomware attacks are centered on the hacker encrypting the victim’s files to receive a ransom payment to decrypt such files. When fraudsters steal your confidential or personal information and threaten to misuse or delete the same unless the users transfer a certain amount to safeguard or access such information/data, it is called ransomware.
A denial-of-service (DoS) attack is a cyberattack on devices, information systems, or other network resources that prevents legitimate users from accessing expected services and resources.
Various websites provide services online to their customers. If the website has errors in proper functioning, the services will be impacted. That is how denial of service (DoS) works. Fraudsters overwhelm the website with more traffic affecting online networks and thereby interrupting the services.
Cyberstalking is a type of cybercrime that uses the internet and technology to harass or stalk a person. Cyberstalking does not involve direct communication, and some victims may not even realize that they are victims of online stalking. The victims can be monitored through various methods and the information gathered can be later used for crimes such as identity theft.
Some common characteristics of cyberstalking are tracking locations, breaching data privacy, monitoring online and real-world activities, obsessively tracking the victim’s whereabouts, intimidating victims, etc. Social media stalking may include sending threatening private messages or faking photos which leads to sextortion whereby the victim is threatened for personal pictures or videos seeking money or sexual advances from the victim. Cyberstalking could result in cyberbullying which may be a permanent threat to the mental and physical health of the victim.
Malware attacks are any type of malicious software designed to cause harm or damage to a computer, server, client or computer network and/or infrastructure without end-user knowledge
Cyber attackers create, use, and sell malware for many different reasons, but it is most frequently used to steal personal, financial, or business information. While their motivation varies, cyber attackers nearly always focus their tactics, techniques, and procedures (TTP) on gaining access to privileged credentials and accounts to carry out their mission.
Illegally seeking control of a website by taking over a domain is known as Web Jacking. In the web jacking attack method, hackers compromise with the domain name system (DNS) that resolves the website URL to an IP address but the actual website is never touched. Web jacking attack method is another type of social engineering phishing attack where an attacker creates a fake web page of the victim’s website and sends it to the victim when a victim clicks on that link, a message displayed on the browser “the site abc.com has moved on another address, click here to go to the new location” and if a victim does click on the link, he/she will redirect on the fake website page where an attacker can ask for any sensitive data such as credit card number, username, etc.
The web jacking attack method is one kind of trap that is spread by the attacker to steal the sensitive data of any people, and those people who are not aware of cyber security.
A botnet (short for bot network) is a network of hijacked computers and devices infected with bot malware and remotely controlled by a hacker. The bot malware and remotely controlled by a hacker. The bot network is used to send spam and launch Distributed Denial of Services ( DDoS ) attacks and may be rented out to other cybercriminals.
This cybercrime involves criminals sharing and distributing inappropriate content that can be considered highly distressing and offensive. Offensive content can include, but is not limited to sexual activity between adults, videos with intense violence and videos of criminal activity. Illegal content includes materials advocating terrorism-related acts and child exploitation. This type of content exists both on the everyday internet and on the dark web, an anonymous network.
WHAT CAN POSSIBLY HAPPEN TO THE VICTIM?
People often think that cyberattacks may not affect them much since they do not have any confidential data on the internet or active on the network, But in this time of advancement where bank is available at a click, everyone holds a lot of information whose loss can be a huge deal, given here are the possibilities which may happen to the victim of cybercrime:
HOW DOES CYBERCRIME FUNCTION
Cybercrime can be executed anywhere there is digital data, opportunity, or motivation. Cybercrime does not happen separately; it is many respects, a structured institution. That is, hackers frequently enlist the help of other parties to execute their schemes. This is true whether it’s a malware developer selling code on the dark web, a distributor of illicit medicines, utilizing cryptocurrency, buying and selling human organs, or even human trafficking. Cybercriminals employ a variety of attack vectors to carry out their cyberattacks, and they are always looking for new ways to achieve their vicious objectives.
Malware and other forms of software are frequently used by cybercriminals, but social engineering is usually a key component in the execution of most types of cybercrime. Phishing emails are a key component of many forms of cybercrime, but they’re especially crucial in targeted attacks like business email compromise, in which an attacker impersonates a firm owner through email to persuade workers to pay false bills.
The usage of Phishing and Social Engineering is comparatively popular in cybercrimes, as cybercriminals or hacker, usually try to trap victim by sending relative emails, message, or call from their so-called call center; by cyberstalking the victim they gain basic information about the victim and manipulate them to open mail, or share OTP with their so-called agents, and the introduction of AI (artificial intelligence) has increased the chance of Social Engineering usage in cybercrime, In 2023 only about 83% Indian have lost money in AI voice scams with 48% losing over 50,000, with the help of AI voice cloning.
Cybercriminals seek to exploit human or security vulnerabilities to steal passwords, data, or money directly, making cybercrime $6T business fy2022.
Cybercrime statistics show that a minimum of 422 million individuals were impacted, according to the FBI’s internet crime records with 800,944 complaints registered in 2022. India witnessed 14.02 lakh cybersecurity incidents in 2021, while 11.58 lakh such instances were to CERT-2020 and 13.91 lakh cybersecurity incidents in 2022. Cybercrime targets not only Individual or Firms but Government and its bodies also. However, the number of the case reported in the last three year did not give the entire picture of cyberattacks on the country, tracked by the Indian Computer Emergency Response Team (CERT-in).