Cybercrime: Security and Privacy in the Digital Age

Cybercrime

Criminal activity on the Internet

Cyber-bullying

Computer harassment between minors

Cyber-harassment

Computer harassment between adults using email, text messages, IMs, and social networks to embarrass, threaten, or torment someone

Cyber-stalking

More serious form of computer harassment that includes a credible threat of harm

Spam

Unsolicited email

First spam

Sent in the 1980's by an immigration lawyer

Spam estimates

At least half (50%) of all emails sent are spam

Spam filters

By default, sends suspected spam messages to a 'junk' folder

Finding spammers

Extremely difficult as they normally use botnets to send

ISPs backup

Have to keep backups of ALL emails (including spam)

Phishing

Emails (and IMs) that appear to be from those you do business with, designed to trick you into revealing information

Spear Phishing

A phishing email (or IM) targeted to a specific individual

Pharming

Redirects you to a phony website even if you type in the correct address into your browser

Vishing

Voice Phishing where victims are called, may hear a recording or a live person

Kidnapping Scams

A family member has been kidnapped and will be killed unless you pay a ransom

Grandparent Scams

Grandparent called by an imposter posing as grandchild saying he/she has been in an accident and needs money

AI in scams

AI being used to mimic voices so they seem very authentic

Social Network Attacks

Clickjacking - where clicking on a link allows malware to post unwanted links on your page

Clickbait

A link that teases you with just enough information to get you to click the link

Sharebaiting

When users share posts, often without actually clicking them first, which can lead you to believe the links are safe

Computer Fraud

A scheme perpetrated over the Internet or email that tricks a victim into voluntarily and knowingly giving money or property

Advance-fee scams

Involves promising a large sum of money in return for a small up-front payment

419 scam

Email sent saying help needed to transfer a large sum of money, but requires creating an account and depositing money before the transfer

Online Dating Scams

Scammer may create fake social media profiles to get a person to fall in love and ask for money

Charity Fraud

Poses as a Charitable Organization soliciting donations for victims of natural disasters, etc.

Charity Impersonation

May impersonate actual charity like Red Cross

Fake Website

May have a fake website

Extortion

A person is subjected to repeated threats / attacks which will stop with paying of ransom

Ransom

Embarrassing photos or info obtained and will be shared unless ransom paid (Jeff Bezos)

Ransomware

Data on system encrypted and will only be unlocked with paying of ransom

Pump-and-Dump

Stock market manipulation scheme

Stock Purchase

Buy stock in a company

False Information

Put false information out about the company to boost (pump) stock price

Share Selling

Sell shares (dump) while price is high

Stock Price Drop

When people find out the information was false, stock price usually drops

Record Manipulation

Used to cover up evidence of theft

Database Alteration

Database or other records altered so it appears nothing is missing

Embezzlement Cover-up

Could also be used to cover up embezzlement

Insider Access

Usually done by employee or other insider with access to company's system

Employee Monitoring

To help prevent this, not uncommon for companies to monitor their employees' computer activities

Salami Slicing

Stealing money repeatedly in extremely small quantities

Small Amounts Theft

Amounts are small in hope that the thefts will go unnoticed

Penny Transfer Example

Example: An employee transferring a single penny from every transaction handled by a bank

Identity Theft

The deliberate use of someone else's identity

Financial Identity Theft

most common: where someone fraudulently uses your name, Social Security number, or bank or credit card number

Hacking

The act of gaining unauthorized access to a computer system or network

Data Breach

A situation in which sensitive data is stolen or viewed by someone who is not authorized to do so

Deep Web

The portion of the web that is not indexable by search engines

Dark Web

A subset of the deep web that is encrypted and hidden and only accessible using the Tor browser to view it anonymously and securely

Malware

Malicious Software that includes spam, adware, and spyware

Computer Virus

Self-replicating malware code that uses a host file (program) to infect computers

Computer Worm

Self-replicating malware program that does not need a host file

Trojan Horse

A program that appears to be legitimate but is actually malicious

Logic Bomb

Malware that attacks when certain conditions are met

Time Bomb

Malware that attacks on a certain day and time

Rootkit

A set of programs that allows someone to gain control over a computer system while hiding the fact the computer has been compromised

Denial-of-Service Attack

An attack that sends so much traffic that it can cripple a server or network

Firewall

A device or software that blocks unauthorized access to a network or individual computer

Antivirus Software

Security software that protects computers against viruses and other malicious software

Router

A device that connects two or more networks together.

Bitcoins

A type of cryptocurrency used for transactions.

Computer Criminals

Individuals or groups that engage in illegal activities using computers.

Employees / insiders

Individuals within a company who may commit cybercrimes, often monitored by the company.

Grey hat hackers / crackers

Individuals who may violate laws or ethical standards but without malicious intent.

Organized crime

Criminal organizations that engage in illegal activities, including cybercrime.

Terrorist groups

Organizations that use cyber methods to achieve their goals.

Adware

Software that shows ads in the form of pop-ups and banners.

Spyware

Software installed without knowledge or consent that secretly gathers personal information.

Denial-of-Service (DOS) Attack

An attack that sends excessive traffic to cripple a server or network.

Botnet

A network of computers controlled by a master, used for launching DOS attacks or sending spam.

Firewalls

Devices or software that block unauthorized access to a network or computer.

Antispyware Software

Security software used to prevent and remove adware and spyware.

Security Suite

A package of security software that includes firewall, antivirus, and antispyware programs.

SSID

The name of a wireless network.

Wireless Encryption

Encrypts transmitted data, with WPA2-PSK being a recommended method.

Passwords

Typical method for securing access to accounts, requiring strong, unique combinations.

Two-Factor Authentication

An account security measure requiring both a password and a verification code.

Encryption

Software used to encrypt files and messages to ensure only authorized access.

Updating Software

The process of applying updates to software to address security vulnerabilities.

Zero-Day Exploit

An attack that occurs on or before the day an exploit is discovered.

Computer Fraud and Abuse Act (1986)

A law making it a crime to access classified information without authorization.

USA Patriot Act (2002)

Legislation containing provisions for fighting cybercrime and allowing government email scans.