Whilst the majority of Cyber Crime that hits the news is targeted against governments or large organizations, individuals also frequently fall victim to a wide variety of attacks.
What is Cyber Crime?
Cyber Crime is criminal activity that involves a computer or network. The computer may be used to help commit a crime, or may be the intended target.
Cyber Crime can target governments, organizations, or individuals. This can result in financial loss, security exposure, breach of confidentiality, disruption, inconvenience, or a combination of one or more of these.
Who are Cyber Criminals?
Cyber Criminals come in many forms:
- Terrorist organizations attempting to disrupt a government, a nation’s military, or a private organization.
- National governments wanting to obtain secrets from another government, cause sabotage, or perhaps disrupt an election.
- Criminal gangs defrauding a bank or institution.
- Activists furthering their cause against governments or organizations.
- Black Hat Hackers attacking a government or military as a challenge to demonstrate their skills. Perhaps they want to defraud or extort an organization or target their customers.
- Lone hackers or ‘script kiddies’ wanting to bring down a web site, have ‘fun’ causing disruption or defraud an individual.
The list is almost endless; ultimately, it comes down to a person or group of persons with an illegal motive using computers and/or networks.
What types of Cyber Crime are there?
Below are some of the main types of Cyber Crime:
DoS
Crashing a computer or web site by coordinated ‘Denial of Service’ attacks using scripts (aka bots) from multiple sources to overload the target with simultaneous requests.
Exploits
Exploits are scripts that attempt to gain access to computers through security bugs or holes and once inside may deploy payloads to cause disruption, extract data or create a ‘backdoor’ for future access.
Malware
These can take various forms such as:
- Adware which forces advertisements on you such as unwanted pop-ups whilst browsing the internet or using an application.
- Key Loggers that capture key strokes to try obtain information such as passwords or credit card details.
- Randsomware that encrypts data on a computer and will only be unlocked once payment is made.
- Spyware to gather information and send it to the attacker.
- Viruses such as Trojans, Worms, and others that pretend to be something they are not. They can also attempt to corrupt data, programs or the system as a whole.
Phishing
Phishing is tricking a target to click on a link which redirects to a false site. The link may be hidden, misleading, or made to look like a genuine site e.g. www.rnicrosoft.com, www.goog1e.com.
Spamming
Spam is usually unsolicited messages such as emails, often trying to sell products or services.
Social Engineering
These types of attacks usually involve some form of tricking the target, such as:
- Scamming a target into making purchases which do not arrive or the items received are not as described. Another form is that the attacker informs the target that they have won a fake prize but must first pay the taxes.
- Identity theft can be used to open lines of credit or make financial claims from authorities by imitating a target.
There are many more examples and types of Cyber Crime but these give a flavor of some of the variations and complexities employed.
How to defend against Cyber attacks?
Protecting oneself from attack takes many forms and varies depending on the type of attack being faced. Here are some suggestions:
General rule
As the saying goes ‘if it sounds too good to be true, then the chances are it probably is’. With this in mind, if you suspect something does not add up then your due-diligence before taking action!
Passwords
- Use a combination of upper and lowercase letters, include digits, and incorporate special characters e.g. !$%#. Better still let your web browser or mobile device generate a random password.
- Do not use the same password on multiple sites or apps. A side effect of this is making them difficult to remember. To help with this a Password Manager can be used across different devices to help with this problem – see Remembering your passwords for more details on this.
- Never write down passwords.
- Never disclose passwords over the phone or via insecure chat messages / SMS.
Protect your identity
- Tax authorities will never request payment over the phone so if you are approached to do this then call your local tax office to verify the request. This goes for whether you have received an email or phone call about a payment. Same goes for paying fines to the police or similar.
- When entering personal details into a web site always ensure it is secure. This can be seen by a padlock appearing next to the web address, or the link being preceded by ‘https://’ rather than ‘http://’, in your web browser.
- When possible protect your devices by using Two-Factor Authentication, Finger Print access, or Facial Recognition. These take security to the next level beyond just using a password and are harder to circumvent or hack.
Protect your computer / devices
- Install Anti-Virus software on your computers to avoid viruses and other types of Malware from infecting it. See Selecting the right AntiVirus package for further information on this subject.
- Always keep Anti-Virus and Operating System software up-to-date on your computer. The same goes for always keeping your mobile devices such as Smartphones and Tablets up-to-date as these often include security patches.
- When using public WiFi connections use a VPN (Virtual Private Network) service to encrypt your computer or mobile device traffic so that your passwords cannot be intercepted.
Emails
- If you receive an email asking you to reset a password or verify some information by clicking on a link or button within the email. Right-click and Copy the link then in a web browser right-click and Paste the address into the browser. You can then check the link is from who it says it is before pressing Enter.
- The same goes for Registering on a site or Logging-in, rather than clicking the link in the email then type the address of the site straight into your web browser or use your bookmark.
- When you receive unwanted emails then mark them as ‘Junk’ or ‘Spam’ so your email client learns which emails are unwanted.
- A good rule of thumb is ‘if you never requested it then do not click it’.
These are just some examples of what can be done to help try avoid falling victim to Cyber Crime. New and more complex tactics are being employed by the perpetrators so always be on your guard.
Do you have any comments or suggestions on the above article? If so please comment below.