tips tools reconnaissance

SecurityTrails Blog · Jul 09 · SecurityTrails team

Types of Cybercrime and How to Protect Yourself Against Them

Reading time: 11 minutes

The Internet is not a safe place. Cybercrime is growing at the same rapid rate as new people getting connected to the digital world.

Just as there are good and bad people in the real world, you’ll find people on the Internet who use their cybersecurity knowledge to help others (also known as white hats or ethical hackers). There are those, too, who use their digital skills to spread fear and create chaos. These troublemakers are known to commit fraud, violate privacy and even steal your identity.

Internet cyber crime costs organizations, companies and governments billions of dollars each year. Even worse, illegal activity on the Internet shows no signs of slowing down. In fact, the very opposite is true: cybercrime is growing more and more.

And people are aware of it. A Gallup study shows that United States citizens are more worried about cybercrime than they are about immediately life-threatening crimes, such as murder or terrorism.

We’re not going to get too technical about cybersecurity today; we’re just going back to the basics for anyone who’s worried about cybercrime. We’re going to explore the different types of attacks you can be exposed to (in both your personal digital life and through your online companies) and the most effective methods available for protecting yourself against all this malicious activity.

What is cybercrime?

In plain English, cybercrime is crime committed on the Internet, on local networks, or even against isolated computers. It can affect any of your digital devices (including PCs, notebooks, smart TVs, tablets, smartphones, home electronic systems, etc). Cybercrime also refers to any activity where crime is committed using any computer system.

Cyber criminals are publicly known as hackers, although the term is technically inaccurate, the correct term is “cracker”.

Cybercrime Classification

Before defining the different types of cybercrime we should get familiar with the four major cybercrime classifications. Categories of cyber crime are based on who’s affected by the digital crime.

Cybercrime against individuals

This is the one that directly affects any person or their properties. Examples of this type of cybercrime include but are not limited to: social engineering, phishing, email harassment, cyberstalking and spreading illegal adult materials.

Cybercrime against companies/organizations

This is one of the most common types of cyber crime today. When a company’s online presence or any of its products are hacked, it becomes a serious problem that can result in a big number of consequences for the company, as well as their employees, associates and customers. Examples include data breaches, cyber extortion and warez distribution, etc.

Cybercrime against society

This one affects society as a whole, for example: financial crimes against public organizations, selling illegal products, trafficking, online gambling, forgery, etc.

Cybercrime against government

This is one of the worst world’s worst types ofcyber crime and can result in prosecution by federal cybersecurity and law enforcement agencies. It’s also known as cyber terrorism, and includes such activities as breaking into government systems and networks, defacing and shutting down military websites, and spreading propaganda.

Now that you know the top classifications of cybercrime, let’s examine an important list of computer crimes.

What are the different types of cybercrime?

This isn’t a complete list of network threats, it’s merely a review of the most popular types of digital crimes to give you an idea of what’s out there.

Here are some of the most common ways systems and networks get attacked every day.

Identity theft

Also known as identity fraud, this is one of the worst scenarios that can befall a victim of cybercrime. It starts with someone stealing your identity, allowing digital criminals to use identifiable data including your name, driver’s license, social security information and more — to commit fraud, steal property, misappropriate goods or use services in your name.

Botnets

The word “botnet” comes from the roots “bot” and “network,” and it’s used to refer to a large number of controlled computers (bots) linked over a network (Internet). These botnets are used to spread malicious files and software, infect other systems, launch DDoS attacks, steal data, send spam campaigns and more.

Cyberstalking

Cyberstalking is a form of cyberbullying, where an individual tries to threaten or harass other persons by using computer systems connected to the Internet.

Most cyberstalking cases involve using anonymous communication systems such as email, social networks, instant messaging applications, etc.; anything relying on anonymity to protect the cyberstalker’s true identity.

Social engineering

Social engineering is one of the most classic types of cyber attack that can be launched against individuals or organizations. It involves manipulating people to get valuable information that can later be used to illegally log into private protected systems or networks. The primary motivation behind social engineering is often to steal money, financial data (such as bank account or credit card information), and other sensitive information from a company or customer.

Flood attacks

Flood attacks include DoS and DDoS attacks. They’re usually launched by botnets that can target your domain names and IP addresses, in an effort to flood them with malicious requests that overload the servers, leading to service failure and connectivity interruption for valid, legitimate system users.

Potentially unwanted programs

Potentially unwanted programs, also known as PUP, refers to software you never officially requested, but has been installed nevertheless. This type of software usually arrives bundled in other software that you actually have agreed to download. Most victims of this type of attack can blame cracked/pirated software. Common examples of this type of cybercrime are adware, spyware, dialers and malware.

Exploit kits

Exploit kits use a software toolkit to target vulnerabilities found in remote software. A common example is the act of silently exploiting Flash or Java vulnerabilities in order to hack a website, then redirecting traffic to malicious pages.

Phishing attacks

Phishing attacks are a form of social engineering used to trick users into providing their login, password, and other sensitive/personal information.

Most phishing campaigns are performed by sending massive spam emails with links to maliciously-hacked websites that look like real ones (such as financial institutions, banks, online wallets, etc). Once users log into these fake websites, your login details are stored in the attackers’ remote database. They can then use your credit card, bank account or email services.

Illegal content

The Internet is full of illegal content: this includes all content prohibited by international laws from around the world. Examples of illegal content include child and animal-related sexual material, online prostitution services, selling drugs online and copyrighted materials (such as videos, music, books, software, etc).

Online scams

Cyber scams, or online scams, involve fraudulent business offering fake services, goods or rewards to unwitting victims. Examples of online scams are charity fraud, gambling fraud, ponzi schemes, online ticket frauds, fake gift cards, automotive fraud and more.

How to prevent cybercrime?

Let’s look at the most popular ways to prevent cybercrime in your computer systems:

Keep your software updated

This is a critical requirement for any computer system and application. Always keep your OS system, services and applications updated to have the latest bugs and vulnerabilities patched.

This advice applies to smart phones, tablets, local desktop computers, notebooks, online servers and all applications they run internally.

Enable your system firewall

Most operating systems include a full pre-configured firewall to protect against malicious packets from both the inside and the outside. A system firewall will act as the first digital barrier whenever someone tries to send a bad packet to any of your open ports.

Use different/strong passwords

Never use the same password on more than one website, and always make sure it combines letters, special characters and numbers.

The best way to sort this out is to use a password manager like 1Password, LastPass or Keepass, which will help you generate strong passwords for each website, and at the same time store them in an encrypted database.

Use antivirus and anti-malware software

This is an excellent measure for both desktop and corporate users. Keeping antivirus and anti-malware software up to date and running scans over local storage data is always recommended. While free antivirus/antimalware solutions can be helpful they are often merely trial software, and don’t offer full protection against most common virus/malware and other network threats.

There are numerous options for Windows, and one of the best is the Windows Malware Removal Tool. Linux and Unix systems also offer excellent choices such as the all-mighty ClamAV, LMD, Chkrootkit, Rootkit Hunter, and others.

Activate your email’s anti-spam blocking feature

A lot of computer hacking takes place whenever you open an unsolicited email containing suspicious links or attachments. First things first: enable the anti-spam feature of your email client; and second (and most important): never open links or attachments from unsolicited recipients. This will keep you safe from phishing attacks and unwanted infections.

Use 2FA for all your online services

Nowadays most online-based services and products offer two-factor authentication (with Authy, Google Authenticator, etc). These security mechanisms let you add a second layer of authentication, so even if an attacker should steal your username and password, he’ll be prevented from logging into your online accounts because he doesn’t have the 2FA code sent to, generated by or created in your computer.

Encrypt your local hard disk

Digital crime doesn’t only occur on the Internet — suppose someone breaks into your house and steals your notebook. That’s why the best way to protect your data will always be to encrypt your hard drive, so in case criminals want to take a look at your drive content, they won’t be able to. You’ll be the only one with the correct key to unlock it.

Linux with LUKS, Windows, and MacOS systems all support disk encryption.

Shop only from secure and well-known websites

We’ve seen that not all SSL-based websites are actually secure. To prevent you from being a victim of man-in-the-middle attacks and crimes against your credit cards or online wallets, first make sure that the site you’re shopping on is encrypted with HTTPS. Also make sure you’re shopping on a well-known site, such as Amazon, Ebay, Walmart, etc.

Use a WHOIS private service

To protect your registered domain names, the best thing is to enable WHOIS protection for all of them. This lets you remain hidden, without revealing your name, address, city, country,s telephone number and email address.

While using a private WHOIS service will not help you fully prevent domain hijacking, it can definitely help you protect your personal andprivate details.

Use a private-secured DNS server

DNS hijacking is becoming a common threat these days. That’s why using a private and secure DNS can be one of the best things around for preventing unwanted third party attacks, at the same time preventing the government and ISPs from browsing your host communication historical records.

Use a VPN

VPN services are becoming more popular every year, and it’s completely natural to use one if you plan on keeping third party companies (especially your ISP) from spying on your online activities. Another reason to use a VPN may be to log into your secure network from a remote place, including when you use untrustworthy internet connections on the road while travelling, or when you are merely away from home.

Encrypt your email

By using a PGP key you can ensure your email will only be read by its intended recipient. PGP helps you sign, encrypt and decrypt texts, emails, files and much more, so you can increase the security of your email communications.

Monitor your children’s online activities

Sometimes local network breaches don’t come from your computer, but from your children’s tablets, phones or notebooks. Educate your children to prevent them from falling victim to cyber criminals, by using the same tips we’ve shared with you. While we’re pretty sure most teenagers and children will not use PGP encryption, the rest of the tips can be easily applied to any of your kids.

Also, remember to browse their online historical activities in the browser, social networks and emails, just to keep them safe from anyone with bad intentions. It’s never a bad idea to use parental control software to protect them from any threat.

Conclusion

As long as there’s cyberspace, there will always be cybercrime. It’s a cruel reality, but part of human nature.

There are lots of ways one can become a victim of cybercrime. Fortunately, we’ve shared some interesting tips that will likely reduce your chances of getting attacked by malicious users.

We’re happy we could help with some basic information about cybersecurity. Now, do you really want to prevent cyber crime in your organization? Try our free Security API service — start exploring your attack surface today, and learn how much data you’re exposing to the Internet by auditing your DNS, IP addresses, domain names, SSL certificates and open ports.


Take a look at SurfaceBrowser™, our infosec all-in-one platform built for red and blue security teams. Book a demo with our sales team today, or sign up for a 7-day trial deal for only $49.