LESSON OUTCOMES

At the end of the lecture, students should be able to know and understand:

1. What cybercrime is
2. The categories of Cybercrime
3. The types of Cybercrime
4. The characteristics of Cybercrime
5. How to Protect Against Cybercrimes
6. The importance of cybersecurity professionals

WHAT IS CYBERCRIME

Cybercrime, also called computer crime, refers to the use of a computer as an

instrument to further illegal ends, such as committing fraud, trafficking in child
pornography and intellectual property, stealing identities, or violating privacy.

Cybercrime is that group of activities made by the people by creating disturbance in

network, stealing others important and private data, documents, hack bank details and
accounts and transferring money to their own.

Cybercrimes are offences that are committed against individuals or groups of

individuals with a criminal motive to intentionally harm the reputation of the victim or
cause physical or mental harm, or loss, to the victim directly or indirectly, using modern
telecommunication networks such as Internet.

Cybercrime means any criminal or other offence that is facilitated by or involves the
use of electronic communications or information systems, including any device or the
Internet or any one or more of them.

Cybercrime refers to any illegal action in which a computer is the tool or object of the
crime i.e. any crime, the means or purpose of which is to influence the function of a
computer.

Cybercrime refers to any incident associated with computer technology in which a

victim suffered or could have suffered loss and a perpetrator, by intention, made or
could have made a gain.
Cybercrime has to do with computer abuse is considered as any illegal, unethical or
unauthorized behaviour relating to the automatic processing and transmission of data.

Cybercrime is defined as a crime where a computer is the object of the crime or is

used as a tool to commit an offense. A cybercriminal may use a device to access a
user’s personal information, confidential business information, government
information, or disable a device. It is also a cybercrime to sell or elicit the above
information online.

Cybercrime is any criminal activity committed using a computer, especially to illegally

access, transmit or manipulate data.

Cybercrime is any illegal activity using a computer, either as the attacker’s weapon or
target. That covers a wide variety of types of crime, from phishing emails and identity
theft that affect individuals, to ransomware and denial of service (DoS) attacks
targeting businesses and organizations.

Cybercrime is a general term describing various activities carried out using a

computer, network, or another set of digital devices. Consider cybercrime the umbrella
over the vast range of illegal activities that cyber criminals commit. These include
hacking, phishing, identity theft, ransomware, and malware attacks, among many
others.

CATEGORIES OF CYBERCRIME

There are three major categories that cybercrime falls into: individual, property and
government.

1. Individual: This category includes a variety of cybercrimes carried out against a

single person, including cyberstalking, identity theft and child pornography. This
category of cybercrime involves one individual distributing malicious or illegal
information online. This can include cyberstalking, distributing pornography and
trafficking.
2. Property: As more business activity continues to move online, stealing data and
intellectual property is one of the most profitable and common types of cybercrime.
This can include phishing attacks that scam credit card numbers and personal
 information, sophisticated spear phishing that uses impersonation to request
funds, or ransomware attacks that seek to steal an organization’s files and extort
a payment in exchange for returning them.
This is similar to a real-life instance of a criminal illegally possessing an
individual’s bank or credit card details. The hacker steals a person’s bank
details to gain access to funds, make purchases online or run phishing scams
to get people to give away their information. They could also use a malicious
software to gain access to a web page with confidential information.
3. Government: This category of cybercrime often involves state-sponsored
attackers and cyberterrorists in targeting another country’s secrets and critical
infrastructure. Attacks include disseminating misinformation and propaganda, as
well as outright digital sabotage affecting critical infrastructure systems.
A crime against the government is also known as cyber terrorism. Government
cybercrime includes hacking government websites, military websites or
distributing propaganda. These criminals are usually terrorists or enemy
governments of other nations.

TYPES OF CYBERCRIME

Cybercrime takes many different forms. Criminals who infiltrate computers and
networks have developed a variety of malicious software and social engineering
techniques used individually or in combination when use in committing different types
of cybercrime. A few of the most common cybercrimes are described below.

1. Hacking

Hacking is the act of gaining unauthorized access to data in a computer or network.

Hackers steal data ranging from personal information and corporate secrets to
government intelligence. Hackers also infiltrate networks to disrupt operations of
companies and governments.

In simple words, hacking is an act committed by an intruder by accessing your

computer system without your permission. Hackers (the people
doing the ‘hacking’) are basically computer programmers, who have an advanced
understanding of computers and commonly misuse this knowledge for devious
reasons.

Hacking is the technique of finding the weak links or loopholes in the computer
systems or the networks and exploiting it to gain unauthorized access to data or to
change the features of the target computer systems or the networks.

Hacking describes the modification in the computer hardware, software or the

networks to accomplish certain goals which are not aligned with the user goals. In
contrast, it is also called breaking into someone's security and stealing their
personal or secret data such as phone numbers, credit card details, addresses,
online banking passwords etc.

2. Email Scams/fraud (Phishing Scams)

Misleading schemes that take many forms. Fake emails mislead recipients, while
social engineering techniques deceive people into divulging information, such as credit
card numbers, or transferring money to the attacker. Phishing schemes, whereby
scammers mimic legitimate brands, are a common form of email scams.

Email scams or fraud involves techniques like deceptive emails, website scams, or
misleading communications to con victims into sharing their personal information and
sensitive data or clicking links to malicious downloads and websites. Examples
of phishing scams involve emails that appear to be from household brands, financial
institutions, government agencies, or social media sites.

3. Email bombing and spamming

Email bombing is characterized by an abuser sending huge volumes of email to a

target address resulting in victim’s email account or mail servers crashing. The
message is meaningless and excessively long in order to consume network resources.
Such mail arriving frequently in your inbox can be easily detected by spam filters. This
type of attack is more difficult to control due to multiple source addresses.
4. Prohibited/Illegal Content

This cybercrime involves criminals sharing and distributing inappropriate content that
can be considered highly distressing and offensive. Offensive content can include, but
is not limited to, sexual activity between adults, videos with intense violent and videos
of criminal activity. Illegal content includes materials advocating terrorism-related acts
and child exploitation material. This type of content exists both on the everyday
internet and on the dark web, an anonymous network.

5. Phishing

This is a technique of extracting confidential information such as credit card

numbers and username password combos by masquerading as a legitimate
enterprise. This type of attack involves hackers sending malicious email attachments
to users to gain access to their accounts or computer. Users are tricked into emails
claiming they need to change their password or update their billing information, giving
criminals access.

Phishing also happens when fraudsters spam users online with emails promising
prizes or threatening an account suspension, for example, then asking them to click
on a link or go to a site to sort things out. Instead of winning a gift or reactivating that
frozen credit card, users instead get their identities stolen or their computers infected
with viruses. Phishing remains the most popular form of cyberattack, and it has
endured despite all efforts to fight it off.

6. Banking Fraud

Banking fraud is when fraudulent activities target financial institutions or their

customers and stakeholders. Banking frauds most commonly result in significant
financial loss or identity theft, and attacker strategies often involve sophisticated
hacking and social engineering tactics. Examples include credit card fraud, ATM
skimming, and online banking scams.
7. eCommerce Fraud

Elabora exploit weaknesses and pitfalls of online shopping technologies, like artificial
or fabricated online stores, fake seller accounts, or credit card information theft. Cases
of eCommerce fraud typically result in financial losses on behalf of both consumers
and online retailers.

8. Webjacking and brand exploitation

In webjacking, criminals don’t steal something from a website, they take the whole
site, or the traffic meant for it. This is usually done by gaining administrator access
through fraudulent means and tampering with the Domain Name System (DNS) to
bring users to a criminal site. Webjacking is different from URL phishing, where the
fraudsters create a lookalike website similar to a legitimate one and direct victims there
through phishing emails. But the result is the same: The website collects passwords,
credit card numbers and other sensitive information.

Web jacking derives its name from “hijacking”. Here, the hacker takes control
of a web site fraudulently. He may change the content of the original site or even
redirect the user to another fake similar looking page controlled by him. The owner
of the web site has no more control and the attacker may use the web site for
his own selfish interests. Cases have been reported where the attacker has asked
for ransom, and even posted obscene material on the site. Web jacking can also
be done by sending a counterfeit message to the registrar controlling the
domain name registration, under a false identity asking him to connect a domain
name to The purpose of this attack is to try to harvest the credentials, usernames,
passwords and account numbers of users by using a fake web page with a valid
link which opens when the user is redirected to it after opening the legitimate site.

9. Cyberstalking

Cyber stalking is a new form of internet crime in our society when a person is pursued
or followed online. A cyber stalker doesn’t physically follow his victim; he does it
virtually by following his online activity to harvest information about the stalkee
and harass him or her and make threats Cyber stalking uses the internet or any
other electronic means and is different from offline stalking, but is usually
accompanied by it. Most victims of this crime are women who are stalked by men
and children who are stalked by adult predators and pedophiles. Cyber stalkers
thrive on inexperienced web users who are not well aware of netiquette and
the rules of internet
A cyber stalker may be a stranger, but could just as easily be someone you know.
The Internet has literally become a fertile breeding ground for an entirely new and
unique type of criminal offender hereafter known as the cyber stalker. The cyber
stalker is one who uses the Internet as a weapon or tool of sorts to prey upon, harass,
threaten, and generate fear and trepidation in his or her victims through
sophisticated stalking tactics, which for the most part, are largely misunderstood and
in some cases, legal.

10. Data diddling

Data Diddling is unauthorized altering of data before or during entry into a

computer system, and then changing it back after processing is done. Using
this technique, the attacker may modify the expected output and is difficult to
track. In other words, the original information to be entered is changed, either by a
person typing in the data, a virus that’s programmed to change the data, the
programmer of the database or application, or anyone else involved in the
process of creating, recording, encoding, examining, checking, converting or
transmitting data. This is one of the simplest methods of committing a computer-
related crime, because even a computer amateur can do it. Despite this being an
effortless task, it can have detrimental effects. For example, a person responsible
for accounting may change data about themselves or a friend or relative showing
that they’re paid in full. By altering or failing to enter the information, they’re
able to steal from the enterprise. Other examples include forging or counterfeiting
documents and exchanging valid computer tapes or cards with prepared
replacements. Electricity boards in India have been victims of data diddling by
computer criminals when private parties were computerizing their systems.
11. Cyber Pornography
Pornography is describing or showing sexual acts in order to cause sexual excitement
through books, films, etc. This includes pornographic websites; pornographic
material produced using computers and use of internet to download and transmit
pornographic videos, pictures, photos, writings etc.

The most common form of pornography is child pornography. Child Sexual Abuse is
more severe than any form of exploitation a child can encounter. This is because it
can leave a severe and lasting impact on a child for the rest of their life. In child
pornography, children are harmed not only in production process but also after
publication of such pornography on internet, or via any other media. It attaches a taint
on the future of children depicting them in bad light and characterizing them on
social networking sites belonging to children who are below 18 years of age.
Publication of their nude photos, either with their consent or fraudulently, affects
the prospects of their development and it also affects their mental health .

12. Malware attacks

Malware attacks occurs when a highly prevalent software is programmed to attack,

damage and manipulate computer systems by introducing viruses, trojans, or spyware
into the system. Malware, or malicious software, refers to any code designed to
interfere with a computer's normal functioning or commit a cybercrime.
Malware targets both individual PCs and enterprise-level computer networks. It's most
commonly used for disrupting networks and stealing data from users.

13. Ransomware

This is a type of malware attack that encrypts victims' critical data and declares a
ransom payment in exchange for a decryption key to recover access. Financially
crippling for individuals and organizations alike, ransomware attacks often lead to data
and asset loss, fiscal devastation, and disrupted productivity.
14. Software Piracy

This is a digital form of intellectual property theft involving unauthorized use or

distribution of copyrighted material, such as software, music, or movies.

Software piracy is an unauthorized reproduction, distribution, and use of software.

Pirated software takes the form of counterfeited commercial products and illegal
downloads and reproductions, as well as violations of licensing agreements that limit
the number of users who can access a program.

15. Social Engineering

Social engineering is the psychological manipulation of people into performing actions

or divulging confidential information. Social engineering involves criminals making
direct contact with you usually by phone or email. They want to gain your confidence
and usually pose as a customer service agent so you’ll give the necessary information
needed. This is typically a password, the company you work for, or bank information.
Once they gain access to an account, they can sell your information or secure
accounts in your name.

Cyber criminals use social engineering to commit fraud online. Platforms such as
online dating sites provide opportunities to initiate conversations with potential victims.
Once the criminal establishes a relationship with the target and gains their trust, the
criminal asks for money or information.

16. Social Media Fraud

Social media fraud use social media platforms like Facebook, Twitter, Instagram, and
TikTok to deceive and defraud victims.

17. Data Breaches

Data breaches occurs when there is an unauthorized access or leaks of sensitive data,
such as confidential information, critical records, or financial access. Data
breaches can be attributed to a wide array of risk factors, such as weak passwords.
The consequences can result in compromised data, financial damages, or tarnished
reputations.

18. Online Harassment

Involves cyberbullying, cyberstalking, and repeated acts intended to scare, harm,

anger, or shame a particular individual. Today, online harassment is most prevalent
on social media sites, dating apps, and forums/message boards. Examples of online
harassment include sending inappropriate and unsolicited messages, making clear
and intentional threats, or distributing sensitive photos or videos of a victim.

19. Cyber Terrorism

Generally grander acts of destruction online by using the Internet or computer

technology to carry out acts of terror, such as causing infrastructure damage and
catastrophic malfunctions, stealing confidential information, or spreading propaganda
with political or cultural implications. Cases of cyber terrorism are becoming
increasingly sophisticated, placing higher demands on cybersecurity and protection.

20. Identity Theft

This cybercrime occurs occurs when someone unlawfully obtains another individual's
personal information and uses it to commit theft or fraud.

It occurs when a criminal gains access to a user’s personal information to steal funds,
access confidential information, or participate in tax or health insurance fraud. They
can also open a phone/internet account in your name, use your name to plan a criminal
activity and claim government benefits in your name. They may do this by finding out
user’s passwords through hacking, retrieving personal information from social media,
or sending phishing emails.

Identity theft involves stealing personal information to use for fraudulent purposes.

Identity theft refers to acquiring someone's private data for fraudulent or malicious
purposes. Target assets of identity theft include social security numbers, date of birth,
credit card details, or online accounts. Specific types include financial, medical, and
tax identity theft; social media impersonation; and identity cloning, when a person uses
another's identity to conceal their own.

Identity theft occurs when someone steals your identity and pretends to be you
to access resources such as credit cards, bank accounts and other benefits in your
name. The imposter may also use your identity to commit other crimes.

21. Cyberstalking

This kind of cybercrime involves online harassment where the user is subjected to a
plethora of online messages and emails. Typically cyberstalkers use social media,
websites and search engines to intimidate a user and instill fear. Usually, the
cyberstalker knows their victim and makes the person feel afraid or concerned for their
safety.

In cyberstalking, a stalker tracks the victim online, gleans information from online
sources and communicates via digital channels, harassing and threatening the victim.

22. Denial of service (DoS) attacks

A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny service

to intended users of that service. It involves flooding a computer resource with
more requests than it can handle consuming its available bandwidth which
results in server overload. This causes the resource (e.g. a web server) to
crash or slow down significantly so that no one can access it. Using this technique,
the attacker can render a web site inoperable by sending massive amounts of traffic
to the targeted site. A site may temporarily malfunction or crash completely, in
any case resulting in inability of the system to communicate adequately.

DDoS attacks are used to make an online service unavailable and take the network
down by overwhelming the site with traffic from a variety of sources.

DDoS attacks were one of many of Russia’s destructive cyber activities against
Ukraine, along with other attacks designed to delete computer data belonging to
governmental and private entities.
23. Online Scams

These are usually in the form of ads or spam emails that include promises of rewards
or offers of unrealistic amounts of money. Online scams include enticing offers that
are “too good to be true” and when clicked on can cause malware to interfere and
compromise information.

CHARACTERISTICS OF CYBERCRIME

1. Committed by People with specialized knowledge – Cybercrimes can only be

committed through the technology, thus to commit this kind of crime one has to be
very skilled in internet and computers and internet to commit such a crime. The
people who have committed cybercrime are well educated and have deep
understanding of the usability of internet, and that’s made work of police machinery
very difficult to tackle the perpetrators of cybercrime.
2. Cybercrime has no geographical boundaries. A cyber criminal in no time sitting in
any part of the world commit crime in other corner of world. For example a hacker
sitting in Nigeria hack in the system placed in United States.
3. It is committed in the Virtual World. Every activity of the criminal while committing
that crime is done over the virtual world.
4. It is very difficult to collect evidence of cybercrime and prove them in court of law
due to the nature of cybercrime. Criminals in cybercrime commit crimes while
sitting in some place safe where they are not traceable.
5. The magnitude of cybercrime is unimaginable. The cybercrime has the potential of
causing injury and loss of life to an extent which cannot be imagined. The offences
like cyber terrorism, cyber pornography etc has wide reach and it can destroy the
websites, steal data of the companies in no time.
HOW TO PROTECT AGAINST CYBERCRIMES

1. Police your email. Fraudulent emails are at the heart of many types of
cybercrime, so organizations need to pay close attention to this channel.
Employees need training to get in the habit of spotting and avoiding suspicious
emails and reporting phishing attempts to their company’s security team. Some
security tools will screen emails, looking for known phishing exploits and
keep suspicious attachments from reaching their target.
2. Update your software regularly. Making sure operating systems and antivirus
software are kept up to date is a basic best practice in cybersecurity. Vendors
release patches regularly to solve vulnerabilities in their software and boost
security against emerging threats.
3. Deploy a VPN. Virtual private networks (VPNs) offer a layer of protection,
especially when working remotely or in the cloud. These services encrypt data
to keep outsiders from spying on web traffic.
4. Enforce strong password hygiene ( Use strong passwords with 14+ characters).
Too many users rely on easy passwords like birthdates and pet names, and
reuse them across multiple sites and apps. This makes the hacker’s work
easier. One compromised password can become a master key to break into
many sites. Cybersecurity starts with a complicated password that changes
often and is used only with one site.

5. Regularly install upgrades to operating systems and software.

6. Install and update anti-malware software.
7. Limit administrative access and control of files, directories, and networks.
8. Securely and store file backups.
9. Share with people about how to prepare and protect themselves from potential
attacks.
10. People must be taught how recognize phishing attempts.
11. Flag and report suspicious emails.
12. Never click on unfamiliar links or ads.
13. Keep antivirus/application systems up to date.
CYBERSECURITY PROFESSIONALS.

The future of the Internet is still up for grabs between criminals and normal users.
We need to train Skilled Cybersecurity Professionals. It is the duty of to protect
companies from cyber attacks. Security professionals are tasked with implementing
all kinds of security systems.

The importance of cybersecurity professionals

1. to identify threats and find ways to keep an organization's internal computer
network safe and secure from threats such as malware, phishing, password
attacks, and other intrusions.
2. To implement all kinds of security systems.
3. To thwart cyber attacks before they can reach vulnerable data or targeted
individuals.
4. To pinpoint potential weaknesses that cybercriminals may exploit.
5. To develop and implement robust security measures.
6. To create incident response plans. In the event of a cyber attack, they provide
immediate assistance by containing the breach and minimizing the impact on
the business.
7. To identify patterns and anomalies that may indicate malicious activity, enabling
them to detect and respond to potential threats quickly.
8. To assess cybersecurity risks and develop innovative strategies to defend
against attacks.
9. To reduce the risk of cyber attacks and data breaches.
10. To identify potential weaknesses in the systems, and recommend and
implement necessary upgrades to improve the company’s security posture.