Navigating the Landscape of Cybercrime: Understanding 4 Avenues of Attack and Safeguarding Your Digital Realm!

Table of Contents

If you associate CYBERCRIME with evil ‘black hat’ hackers who steal data from corporations or governments while hiding behind high-tech gizmos and complicated computer code – THINK AGAIN!

It’s true that many cyber criminals do target large companies and governments to steal their data for sabotage, corporate espionage or blackmail. However, the Average Joe cyber criminal is much closer to you than you might have realised. He might be in YOUR computer or mobile device while you remain blissfully unaware of the chaos he is unleashing with his evil machinations.

Here are 4 common ways cyber crime takes place. Arm yourself with this knowledge so you can protect yourself – and your devices – better.

#1: Email phishing

If you are a real human being and not a bot, drone or Alexa, chances are you have at least one email address (Most people have at least 2-3. The writer of this article has 8!)

With great power comes great responsibility and with lots of email comes – you guessed it – SPAM!

How many unknown senders have sent you emails promising you everything from no-strings-attached piles of money and Saturday night dates to free trips to Thailand and even unicorns and rainbows? Hundreds? Thousands? Many of these emails that you probably think of as just minor annoyances are actually a form of cybercrime known as PHISHING.

Phishing is a type of ‘social engineering’ where a sender poses as a legitimate institution to lure recipients into revealing sensitive information such as bank account passwords, credit card CVV codes, one time passwords, etc. This information – that YOU yourself provided to the criminal – is then used by them to access your accounts. It can result in financial loss and even identity theft.

How to protect yourself from EMAIL PHISHING:

  1. Pay attention to the sender’s email address.

Do you recognise it? Is it from someone your normally communicate with? Does it appear genuine? Take a second look! bill@microsoft.com or billy@micorsoft.com? Can you spot the difference? Delete!

  1. Don’t click on hyperlinks unless you’re sure they’re not fake

Hover your mouse over any hyperlinks in the message. Is the hyperlink text different from the link-to address? Is the spelling similar to but not the same as a known website? E.g. icicibank.com versus icicbank.com? RED FLAGS!

  1. Check the subject line and attachment name

Is the email subject line irrelevant to the body, unexpected or plain gibberish? Does the attachment make no sense in relation to the message? Is it in a format you don’t recognise? Don’t open it! Call the bank for confirmation if you’re not sure.

  1. Content

Is the email badly written or formatted? Is the sender asking you for something – money, a commitment to join a cult, your remaining kidney? Is the tone threatening or promising dire consequences (“act now or your account will get suspended!”)? Don’t open it!

To know more about phishing and how you can keep yourself safe, check out this great guide on phishing.org.

#2: Visiting the ‘wrong’ website

The Internet is a vast network of sites and mini-worlds that would be totally amazing if it weren’t for the dangers. Visiting a wrong or shady website can have consequences you might never have imagined.

Your device can get infected with malware (malicious software) that hides itself in the computer and steals information on the sly. It can also give the hacker access to your computer and all the files in it. So if any of your files are unprotected – particularly sensitive ones containing financial or other personal data –  you leave yourself vulnerable to everything from theft to blackmail.

How to protect yourself from MALWARE:

  1. Don’t visit sites you’re not sure about.
  2. Install reliable anti-malware and anti-virus software on your device. Make sure both are updated regularly
  3. Don’t click on links within emails from unknown senders
  4. Password-protect your files. Keep the password in a safe place (NOT on your computer!)
  5. Use a pop-up blocker software or browser extension
  6. Install a firewall
  7. Back up your computer regularly to the cloud

And most importantly – educate yourself and learn about the risks!

Also read: Tech Thursday: The Death of Your Computer Through Invisible Malware [HYPERLINK]

#3: Logic bomb viruses

Some viruses are created using a ‘Logic Bomb’.

In simple terms, a logic bomb is a piece of code inserted into a software (or operating system) that triggers a malicious attack after a certain amount of time has passed or when specific pre-set conditions are met. A logic bomb can corrupt or alter data, reformat a hard drive and even delete important files.

How to protect yourself from LOGIC BOMBS:

  1. Use strong passwords on websites

especially if you conduct financial transactions through them. These would include banks and eCommerce websites. Change passwords regularly and DON’T SHARE THEM WITH ANYONE.

  1. Verify that any data you send is encrypted

This is not as difficult as you might think. To verify that any data you are sending over the Internet is secure, look for the lock icon next to the address bar. Also check if the URL begins with HTTPS rather than HTTP. All banks’ URLs begin with HTTPS. If your bank’s URL is missing the S, it is either a fake site or your bank is living in the dark ages. Both are bad news – for YOU.

  1. Enable two-factor authentication

This gives you additional protection by mandating an additional step (e.g. a phone OTP) in verifying your login on a site. If someone had your password, say to your email account, but did not have your phone, they will not be able to access your account.

  1. Keep all software up to date

Cyber criminals are getting smarter but it is your responsibility to stay ahead of them. Make sure that your operating system is always updated and still supported by the developer. For example, Microsoft Windows XP is no longer supported by Microsoft so you shouldn’t be using it.

  1. Where are you logging in from? Be cautious!

Do not log into sites that require you to provide a password from open Wi-Fi networks in malls, hotels, airports and cyber cafés. They may be free to use but they do come with a cost!

#4: DoS Attack

A ‘Denial of Service’ attack refers to making a particular site unavailable to people trying to access it.

If a site is offering a certain service, say tickets to the final match of a famous Indian cricketer, a DoS attacker will ping the server by sending massive amounts of traffic to the site. After some time, the site becomes inoperable and malfunctions temporarily. In some cases, it may crash and remain unavailable for several hours. This can frustrate the users trying to reach the site and have a negative effect on the site’s reputation and business relationships.

Most DoS attacks do not breach a company’s network but overwhelm it with traffic. Nevertheless, they remain lucrative for cyber criminals who launch them to blackmail businesses into paying them huge amounts of money as ransom.

How to protect yourself from a DOS ATTACK:

If you have a business website, you may not always be able to defend yourself against a sophisticated attack launched by a determined adversary. However, there are things you can do to raise your level of protection:

  • Use ‘SYN cookies’ either in the server operating system or in a network security device at the network edge such as the Cisco Guard
  • Deploy a reverse proxy or multiple reverse proxies spread across multiple hosting locations
  • Build ‘redundancy’ into your infrastructure with a good load balancing system to distribute traffic between multiple data centres
  • Deploy anti-DoS hardware and software modules such as network and web application firewalls
  • Deploy a DDoS (Distributed DoS) protection appliance that sits in front of your network firewall and is designed to stop an attack before it can take effect.

Leave a Reply

Your email address will not be published. Required fields are marked *