Cybercrime is becoming one of the most prevalent financial crimes as sensitive information is transferred online. Cybercriminals use computers and internet networks to access sensitive data on other devices. There are many cybercrime examples that can affect a company simultaneously.
Businesses of any size are vulnerable as cybercriminals look for opportunities that present themselves as weaknesses in organisational security. They can act as part of a team, be highly organised and use sophisticated methods or act as an individual that tries to catch unsuspecting employees.
The nature of the technique depends on the overall goal of the cyber attack. Are they trying to steal money? Make a statement or commit a crime as a form of entertainment? There are no borders that apply to cybercrime. Criminals can set their target to companies overseas and they are not limited by geographical location. Most of the cybercrime examples are carried out remotely.
A victim of cybercrime can be anyone who uses a computer or technology in their everyday lives. The most common cybercrime examples are:
Phishing is one of the most common attacks. Criminals usually construct an official-looking email to encourage individuals to click on links that will provide the hackers with their personal information. They can also reach victims through SMS or phone calls, pretending to be a company or a loved one to encourage them to send money or share sensitive data.
The secret to phishing is making the email look authentic so they pay a lot of attention to detail. Usually, the links lead to a website where people can put their passwords or provide other important information.
The best way to detect a phishing email, SMS or phone call is to think of what the content is. If it is too good to be true, then it probably is. Employees should be hesitant about clicking on links that offer them a great opportunity with no clear disadvantages.
The SMS or email might also try to urge them to take action quickly which may affect their judgment as they feel rushed. If you’re ever unsure about an email from a bank, supplier, etc – you can always call them before engaging with the email, to check if it’s real or not.
Phishing might not only be used to steal money and data, it may be used to gain control of the victim’s device or account. This will allow them to reach out to more people and scam more unsuspected individuals who trust the person communicating with them.
One of the best ways to prevent phishing emails from ending up in the employee’s inbox is to use a spam filter. This will clear out most if not all deceptive-looking emails or emails sent from an untrustworthy source.
However, the most important step a business can take is to educate their employees on how phishing attacks occur and what they can do to figure out whether an email is genuine and if a caller is who they say they are. Spelling mistakes or personal questions could be helpful in determining if the person on the other end has good intentions.
Another red flag could be that the sender or caller is not in their saved contacts. Many signs could indicate that the person contacting them is deceitful like weird colours or unofficial logos. You can also check the email address the email has come from – it may say ‘Big Bank – Customer Service Department’ but when you check the email, it comes from a Gmail account, or something similar.
Staff should be encouraged to report phishing attempts to raise awareness of attacks and encourage everyone to be on guard.
Ransomware poses a serious threat to both businesses and individuals. It is malicious malware that can encrypt files and make them locked or unusable. Cybercriminals will then ask for a ransom in order to give employees access to the files. Ransomware may not only block access to documents but computer functions as well. It might disable certain parts of the device or block people from using it completely.
Among the cybercrime examples, ransomware is one of the most dangerous, as one can never know whether they will get their files or device back. After demanding an initial ransom, the criminal could ask for more and provide a timeline to give the situation a form of urgency. If individuals refuse to pay the ransom then they will be put in a worse position as more personal information is stolen or they are locked out indefinitely.
However, it is advisable by many experts not to pay the ransom as the demands will become worse and criminals will be encouraged to continue.
Ransomware can infect a device through phishing. Links and attachments can carry malware that will be downloaded to the device. Online ads on suspicious websites can also contain ransomware.
This type of attack can be quite expensive. In 2017, the WannaCry ransomware lasted a few days but managed to infect over 200,000 victims in 150 countries. Even though the attackers acquired thousands of dollars, the overall damage was estimated at over 4 billion dollars.
Any device with internet access is vulnerable to a ransom attack. Security software is one of the best ways to protect a device against this type of crime. Staying up to date with the latest version can help users avoid vulnerabilities and protect themselves.
Backing up data to a safe location can ensure that an employee is never locked out of them or that they never fall into the wrong hands. External hard drives and cloud space can be used, so even if staff is locked out of their devices, the data is stored securely and is easily accessible.
Avoiding suspicious websites and USBs is another way to prevent ransomware from infecting your device.
Identity theft usually occurs when individuals are asked to provide personal details to another person on social media or if websites with personal information have been hacked. Another way identity theft can occur is when callers ask to access the device of the victims so they can ‘fix it’. The criminals then pretend to be the victim to acquire information from their loved ones, make purchases or withdrawals and take out loans.
This can affect employees and organisations as the criminals reach out to more and more staff members. It can create many problems as important files may be accessed and company payments may be authorised.
Indicators of identity theft are card transactions for purchases that were not made by the cardholder and emails warning about a lower credit score. Bills may be higher than expected and there may be calls from debt collectors and banks about loans taken out in the victim’s name. Sometimes, the unauthorised payments may be refunded and loans may be cancelled if individuals realise that there are suspicious activities approved without their permission.
Among the other cybercrime examples, identity theft is one of the most complicated to deal with. The most effective way to prevent identity theft requires people to be careful of what they post online and how much information they share. The less information the less likely it is that they will be targeted. They should also take actions like securing their mailbox to ensure that no one has access to it and shredding personal documents to block criminals from obtaining their details. Be careful with Facebook quizzes from unknown sources as these can be a social engineering attempt to find out answers to secret questions used for password recovery.
When entering a pin in an ATM or EFTPOS machines, the keypad should be covered so people are not able to see what the pin is. Additionally, it would be advisable that card transactions are regularly checked to ensure that there are no suspicious purchases.
Stronger passwords that are changed frequently are beneficial as well as Multiple Factor Authentications (MFA) as it is easy to implement. It also reduces the chances of an account being stolen as it assures that the person trying to access the account is the real owner.
DDoS stands for Distributed Denial-of-Service, an attack that can affect networks and servers. Cybercriminals block users from a service by crowding a website with fake traffic. The main goal is to deny users access to a website which is done by overfilling the server with bots so it reaches its limit. Because capacity is exceeded and there is high sudden demand, the website crashes and becomes unusable or sometimes extremely slow.
Usually, DDoS attacks are because of the hackers finding a weakness in the system of an organisation. They might want to make a statement and show how easily they can take a website down. Other times, there are financial motivations behind the attack as the criminals may infect the servers with ransomware and ask for money to return it to its original state.
Compared to other cybercrime examples, a DDoS attack is relatively easy to notice as the website is down. The target of this crime is usually big corporations and governments but it could also be smaller businesses with low security.
Employers need to have a qualified team that uses the most effective security practices and understands the importance of not keeping everything in one network. They should also know how much their server can handle, what its capacity is and what numbers are normal figures. That way, they are prepared to react when they see abnormal activity or the server is close to reaching its limit. Installing a Security Information and Event Management (SIEM) solution can help detect DDoS attacks in time to prevent them from bringing a website down.
Making a plan on how to detect and respond to this kind of attack can be very helpful is preventing it from damaging the business. They should also learn to adapt to the sophisticated techniques criminals use and identify any vulnerabilities in the network early. DDoS attacks are increasing in the last few years as more organisations focus on their online presence.
There are many more cybercrime examples but the best way a business can respond to them is by adopting a proactive approach. Cybercrime will continue to increase as organisations now focus on moving everything online and attackers are adapting their techniques to try and deceit even risk-aware individuals.
Book a Demo Now
Learn more about how Polonious can help you handle cybercrime.