Faces of cyber crimes. Decoded

Written on August 30, 2018

cyber crimes are on the rise

Cyber crimes hero image

When we talk about security in technology we use, there are two things we need to care. Former is, how the technology is immune to cyber crimes. And the latter is how it will stay protected in future.

That’s why everyone in tech industry right from companies to tech savvy users focused on privacy like you are looking for new ways to stay safe from cyber threats.

Our devices like smartphones have become a one stop solution for daily needs. And if hackers or anyone with wrong intention take control of those devices, it can be a big problem.

It’s not just a concern about your personal information. Most of the cyber criminals are doing for money.

And hackers are improvising new ways to break into a system and prey upon people’s data.

Rise in cyber offences

In India, the Modi administration has introduced many reforms in system. One of them was demonetization of currency notes which had a huge impact on how people carry out transactions. Also the unified tax system GST had no less impact on Indian economy.

More and more people are looking to make transactions online using their bank services or online payments platform like Paytm, BHIM, etc.

That is why the risk to our data is always growing.

The solution to this is to grow awareness among people and officers who use technology. If cyber crimes are reduced more and more people will join the digital revolution which will make our life easier. If cyber crimes increase in future, people will not trust in technology and give it a bad name.

The biggest thing we can do is to understand and be responsible about the technology we use.

Denial of Service (DoS)

This kind of cyber attack is meant for cyber criminals who want to make a system inaccessible to users. Their goal is to shut down a machine or a network.

This attack usually flood servers, systems or network with traffic in order to crash them. Banks and high profile companies are often a target of such attack.

If your server or system becomes a victim of DoS attack, your ISP might help you. The ISP can throttle or redirect the traffic so bandwidth load can be reduced.

Now-a-days DoS attacks come from multiple sources. Blocking a single source is easy. But a DoS attack traffic from multiple servers is difficult to detect and differentiate from legitimate traffic. This attack is called as Distributed Denial-of-service (DDoS).

Precautions

  • Monitor your network system properly.
  • Deploy right and secure hardware with up-to-date software.
  • Enhance security architecture.

Phishing

Phishing is a online attack where a user is tricked to believe that a email or a message is something that they need to look up. For example, bank or social media site. And to open a site or download some content.

This is one of the oldest types of attacks dating back from 1990s and phishing techniques becoming increasingly sophisticated.

How phishing attacks work A legitimate website like Facebook or your bank is cloned. It looks almost same like the original one so that you cannot figure out the difference easily. The login page is changed to get your credentials from that script. The modified files are bundled into a zip file and a phishing kit is developed. The phishing kit is hosted to hacked website and files are unzipped. The website link is sent to users using email or SMS. When the message is opened by victim, he logs in his credentials without knowing a spam. The credentials are sent back to hackers who have access to your account using credentials.

The hacker can also have other motives other than stealing your credentials. He can also embed malware inside the file which he wants you to download. This can be embedded into Microsoft Word documents which can be ransomware.

Precautions

  • Prevent opening links to websites without verifying the source.
  • Check URL of links before you enter sensitive information.
  • Don’t post personal information on social media.
  • Using Two-factor authentication to protect your accounts.

Man-in-middle

This kind of attack generally means the hacker puts himself between you and the party you have communication with. And he can gain access to information you are exchanging.

This kind of attack can be used for many things like stealing sensitive information. And this happens in real time with hacker exploiting processing of transactions, etc.

There are many ways a hacker can be a man-in-middle. He can hack into your Wifi network to snoop into your data that you are sharing. Or having sensitive transactions in open and unsecure servers.

Precautions

  • Check whether a site uses HTTPS protocol. I recommend you to use HTTPS Everywhere for Chrome to redirect your traffic to HTTPS.
  • Your browser will notify you for any unsecure website.
  • Don’t share sensitive information in open Wifi networks. Use VPN if you want an extra layer of security.
  • Avoid free and open Wifi.

Skimming

This attack involves stealing identity of credit/debit cards usually and usually seen in ATM machines.

The fraudster uses hardware called skimmers to read your credit/debit card information in magnetic strip and also your PIN. Some skimmers have fake keypads with keyloggers which record your PIN.

This can be used later to make a carry out transactions using cloned card.

If this attack happens to you, the only way you know is after getting the transaction message (which the fraudster carried out) from your bank.

And you don’t remember having any transaction regarding that message.

Precautions

  • Stay vigilant when you visit ATM or swiping your card.
  • Never disclose your bank details and most importantly, your PIN to anyone.
  • Check ATM machines for any sign of tampering and report it to authorities if you find anything suspicious.

Interactive Voice Recorder (IVR) fraud

A new type of fraud is emerging these days. In this, the IVR system asks user basic details like your email and also One-time-Password (OTP). Those details are directly sent to fraudster.

Here, the fraudster may tell you some details like name, email, date of birth that he/she might have sought from other sources. And call you as another person from bank or other legitimate source.

After gaining your trust by telling your information, he/she may ask for more information like PIN or OTP.

After getting those details they will carry out fraudulent transactions.

Precautions

  • Stay away from calls asking for your information like account details, OTP, etc.
  • Report to concerned authorities like bank officials for any help or information.
  • Use spam calls detecting apps like Truecaller.

Cyber stalking

Stalking is just bad as we know it in real world. But things can be more effective if someone does it online with your online information or threaten you in any way.

In this crime, the criminal keeps an eye on your social media accounts and wherever he can track you online.

Your activity on social media can be effective source of your information. Services like Instagram and Facebook are some ways the crime is committed.

Another new kind of stalking is Catfishing is relevant these days. Here a fake profile is created to fool victims.

Legally, this is invasion of a individual’s privacy. This may be done for crimes such as threatening and theft.

Precautions

  • Opt out of services when you are not using them.
  • Take care of privacy settings like Facebook and Instagram to manage sharing of information.
  • Keep your accounts private and don’t share sensitive details.

Cloning SIM cards

Your phone number is a very important thing while carrying out any transactions over services. Right from banks to social media services.

Here, a fraudster registers an existing phone number on a new SIM card. This way, he can receive all notifications, OTPs that he can use to control content linked to your phone number.

This poses a serious threat to an individual considering he amount of details he fraudster can get into.

Precautions

  • Check your transactions and online activities time to time.
  • Never respond to fraud calls for lottery, etc.
  • Don’t share too much sensitive information online.

Email Bombing

As the name suggests, this attack involves sending large amounts of emails to a user. This makes it difficult for user to operate the email client service and results to crash.

These emails are meaningless and just used as a kind of Denial-of-Service attack. There are bots planted by attacker to continuously send massive amounts of emails which are also large in size to overload the server.

Precautions

  • Use email filters and also Firewall in your system.
  • Never share email address to insecure sites or anyone.
  • Use proxy servers and SMTP (Simple Mail Transfer Protocol) authentication.

These are cyber crimes relevant in online world that you need to worry about.