UNIT 14 BASICS OF CYBER SECURITY, TYPES

OF CYBER CRIMES AND SAFETY

Structure
14.1 Introduction: Defining Cyber Space, Digital Footprints, Cyber
Security and Digital Safety
Objectives
14.2 Mapping the Cyber Crime Landscape: Threat Actors, Targets,
Motives and Vectors
14.3 Introduction to Cyber Crimes
14.4 Popular Types of Cyber Crimes
14.5 Some Interesting Case-Stories
14.6 Ensuring Digital Safety by Practicising CyberHygiene
14.7 Summary
14.8 Answers to SAQs
14.9 References

14.1 INTRODUCTION: DEFINING CYBERSPACE,

DIGITAL FOOTPRINTS, CYBER SECURITY, AND
DIGITAL SAFETY
According to the National Institute of Standards and Technology, cyberspace is
“A global domain within the information environment consisting of the
interdependent network of information systems infrastructures including the
Internet, telecommunications networks, computer systems, and embedded
processors and controllers.”
It is abundantly clear that we live in the Big Data world where “Right to be
Forgotten” or “Right to be Erased” is not that easy as the identity of an
individual is disclosed not only privately but on public platforms too. The
metadata plays an important role due to which digital footprints are always left
behind in one form or another to find the digital trail towards an individual.
Objectives
After studying this unit, you should be able to:
● Understand the basic concepts of cyberspace, digital footprints, cyber
security, and digital safety
● Map the cybercrime landscape
● Understand the popular cybercrimes and related case stories
● Learn how one can ensure digital safety by practicing cyber hygiene
Cyber security is the use of technology, processes, and policies to prevent
cybercrimes on systems, networks, programs, devices, and data. The main goal
is to limit the risk of cybercrimes and secure systems, networks, and
technology from unauthorized use. This is mostly referred to in terms of an
organization.
Digital safety is the act of increasing a user's knowledge about personal safety
and security threats to personal data and property while using the internet. This
term is usually used for an individual user.
SAQ 1
a) Define cyberspace?
b) What do you mean by digital footprints?
c) What is the difference between cyber security and digital safety?

14.2 MAPPING THE CYBERCRIME LANDSCAPE:

THREAT ACTORS, TARGETS, MOTIVES, AND VECTORS

Figure 14.1: Cybercrime Landscape

TARGETS
Target/victim could be an individual, organization, or nation.
THREAT ACTORS
The threat actors include cybercriminals, malicious insiders, or hacker groups
which are a threat to the IT Security of any individual, organization, or nation
who hacked their data or make their data inaccessible for malicious reasons.
MOTIVES/REASONS
Threat actors' motives for different cyberattacks vary from an individual,
organization, or nation by way of disruption of various services which affects
their financial capacity through misleading, deceptive, or illegal practices or
cyber espionage which is a kind of cyber attack by accessing the sensitive data
for economic gains.
VECTORS
Vector is a kind of method which breaches the security or infiltrates the users’
network. Vector includes viruses like malware, Ransomware, Trojan, etc or
other cybercrime techniques.

14.3 INTRODUCTION TO CYBER CRIMES

COMMON CYBERCRIME TECHNIQUES
Social Engineering
Social engineering assaults usually include psychological manipulation to
persuade unaware users. It involves sending an email or other message to a
target that elicits feelings of urgency, fear, or other comparable emotions,
prompting the victim to reveal sensitive information, click a harmful link, or
open a malicious file. People often find it difficult to avoid such attacks.
Misinformation/Disinformation
Misinformation is simply false information that is disseminated, whether or not
the purpose is to deceive, whereas disinformation is intentionally misleading or
biased information that is based on distorted narratives or facts to achieve
propaganda.
Deep Fakes
Deep Fakes are a new and complex type of audio, video, or image
disinformation that is typically used for malicious purposes. They can quickly
spread fraudulent words and actions to a global audience, and they can be
difficult to tell apart from genuine information.
Impersonation
Impersonation is used as a technique where basic credentials are stolen. The
threat actor or bad actor pretends to be someone else by adopting that person's
identity to get access to resources, credit, or other benefits in that person's
name and fame.
Spoofing
Spoofing occurs when cyber threat actors try to hide their true identities by
faking the sender of a message to regularly fool the recipient into thinking it
came from someone else. To illicitly take information from a receiver, harvest
user login credentials, perpetrate fraud, or spread malware, cyber threat actors
frequently fake electronic communications from the targeted organization or a
trusted partner.
Example: Spoofing of Caller ID and Phone Numbers - forges the phone
number or caller ID is shown on incoming calls and text messages.
Morphing
Morphing is the process of smoothly transitioning from one image to another
without any changes using online morphing tools. Usually, girls are harmed by
this sort of morphing, which involves downloading photographs of girls from
numerous social media sites using fake or real profiles and then morphing
them. By threatening to publish the morphed photographs, these transformed
images might be used to blackmail the girl or her family.
Man-In-The-Middle
Man-in-the-Middle (MITM) attacks occur when an attacker intercepts
communications between two parties. These attacks allow attackers to intrude
and eavesdrop on the communication or data transfer between the two targets,
as well as change the traffic flowing between them. The ‘targets' in these
attacks are usually a human and a service. The attacker can take a passive role
in the chat or go as far as stealing credentials, altering emails and other
messages, or impersonating the person you think you're talking to.

14.4 POPULAR TYPES OF CYBER CRIMES

14.4.1 PHISHING
A phishing attack is a means of tricking people into disclosing confidential
information by answering an email. It involves obtaining or attempting to gain
specific banking information (e.g. username, password, credit card numbers,
etc).
Phishing emails and SMS messages may claim to have seen some strange
activity or attempted log-ins, assert to have an issue with the account or
payment information, ask to verify some personal information, send a fake
invoice, demand payment by clicking on a link, show eligibility for a
government refund or provide a coupon for free goods.
Fake Messages: Scammers frame personalized messages posing as people or
institutions that one trusts. To make their messages more compelling, they
frequently obtain personal information about you from social media platforms
or a hacked account of someone you know.
Example: The Delhi Police's cybercrime unit is warning people about a
potential scam in which criminals are duping unsuspecting users by requesting
them to verify their phone numbers due to Know Your Customer (KYC)
concerns. According to a tweet from the Delhi Police's cyber-crime unit,
scammers are sending false messages to consumers saying that their SIM cards
will be disconnected if they do not contact the phone numbers provided in the
message.
Email Phishing: This type of attack tries to steal confidential information by
sending an email that appears to be from a trusted organization. It is not a
targeted attack and can be carried out in large numbers.
Spear Phishing/Whaling: Sending emails to particular and well-researched
victims while posing as a trustworthy sender is known as spear phishing. The
goal is to infect devices with malware or persuade victims to divulge personal
information or money. Unlike most phishing attacks, spear-phishing is a highly
targeted, well-researched attack that primarily targets business executives,
public personas, and other valuable targets.
Vishing: Vishing, also known as voice phishing, is when a malicious caller
poses as tech support, a government agency, or another institution to get
sensitive information such as banking or credit card details through a phone
call or voice message.
Example: Any call from an unknown source may prove dangerous to the
receiver. Especially calls taken with two digits or three digits numbers with the
prefix “+”.
Fake Websites: This type of cyber fraud comes in a variety of forms. In one,
the scammers establish a genuine-looking website for a well-known brand or
even a mobile phone company and advertise low-cost products. They trick the
unsuspecting buyer into paying online, but the customer never receives the
items they bought.
Example: A false website created has a policy whereby if a customer
purchases any goods that cost more than a specific amount, he or she will be
eligible for a free costly item. As soon as the buyer purchases the product, the
buyer receives a call from the fraudulent website's customer service informing
the customer to pay a particular refundable amount toward shipping, service,
GST, and other aspects of the freebie. As a result, the scammers trick the
unsuspecting internet buyer into depositing thousands of rupees into multiple
bank accounts.
14.4.2 Financial Frauds
Internet Banking-related Fraud: All banking services are now available
online. Online services include accessing account statements, transferring
funds to other accounts, getting a chequebook, and producing demand drafts,
among others. As more services move to online platforms, cyber fraud in the
financial sector is on the rise. This can be done through an attack on digital
payments applications, by the hacking of bank accounts due to weak
passwords, or by hacking multiple accounts due to the same password.
UPI Fraud: It's a frequent method for scammers to deceive people by sending
them a payment request over their UPI app. This request makes it simple for
them to transfer the money. When the payment request is approved, the UPI
app prompts users for the PIN, which is the final step in the process. When a
person enters their UPI PIN, they lose all of their earnings.
e-Wallet Fraud: KYC has been made compulsory for mobile wallet users by
the Reserve Bank of India. KYC has been misused by scammers as an access
point. Many network service operators send nudges to not fall bait to the KYC-
related messages for your account. They deny asking for any personal
information through messages or calls.
Example: Typically, the victim receives a text message claiming that the e-
wallet requires KYC compliance and that they must call the specified phone
number. The person is invited to download an application, usually,
TeamViewer Quick Support or AnyDesk, which are remote access control
mobile apps, to update their KYC. To check the status of the e-wallet, the
scammers ask for a Rs 1 transfer. While the customer is typing in a password
or PIN for the e-wallet, the scammers are gathering data. They now have
access to the password and ID for the mobile wallet. The wallet is debited to
other accounts using separate transactions as the bank account is linked to the
phone.
Credit/Debit Card: Frauds using cards and digital transactions are constantly
changing. Frauds exploiting credit and debit cards are growing more
widespread. Unauthorized use of a credit or debit card or a comparable
payment method (ACH, EFT, recurring charge, etc.) to unlawfully obtain
money or property is described as credit/debit card fraud. Numbers for credit
and debit cards can be taken through insecure websites or obtained through an
identity theft scam.
SIM Swap Fraud: SIM swap simply means changing mobile SIM cards. If
this is done without your permission, it is most likely for fraudulent purposes.
SIM swap fraud occurs when scammers obtain a new SIM card from your
mobile service provider using your registered phone number. They can acquire
One Time Password (OTP) and other alerts needed to execute financial
transactions through your bank account with the use of the new SIM.
Demat/Depository Fraud: The protection of the shares and securities is the
responsibility of India's two depositories, CDSL and NSDL. CDSL and NSDL,
however, do not deal directly with Demat account holders. They supply
stockbrokers and intermediaries with Depository Participant (DP) licenses,
which allow consumers to open Demat accounts. For instance, in some cases,
brokers have transferred ETF units to use as collateral for margin funds on
trades without the permission of investors.
Cryptocurrency Fraud: Because of its fast transactions, mobility, and global
reach, cryptocurrency can be used as a new tool for evading taxes, money
laundering, and bribery. Fraudsters may try to manipulate the markets for
cryptocurrency and similar derivative assets. Spoofing, front-running, churning,
and other methods are forms of improper market manipulation. Cryptojacking
is a form of cryptocurrency cybercrime in which hackers misuse people's
electronic devices such as computers, cellphones, tablets, and even servers to
mine for bitcoin without their permission.
Example: Investors' crypto wallets can be hacked, allowing scammers to steal
their funds. They can create fake wallets to defraud counterparties, as well as
fake crypto exchanges to steal money from clients.
SAQ 2
a) Describe the cybercrime threat landscape with the help of a diagram.
b) List the common cybercrime techniques.
c) What are the different types of financial fraud? Discuss with an
example.
14.4.3 Social Media Crimes
Cyberstalking: Cyberstalking is a crime when a victim is harassed by the
attacker utilizing e-mail, Instant Messaging (IM), internet messages, discussion
groups, etc., to communicate electronically with the victim. A cyberstalker
depends on the fact that in the internet realm his real identity is unknown. A
cyberstalker targets and follows victims through with threatening/abusive
communications.
Example: A boy is stalking a girl on social media and then bothering her by
texting her social media for her activities on social media.
Cyberbullying: Cyberbullying is bullying through digital technology where
the unpleasant, damaging, and wrong content about someone else can be sent,
posted, or shared. The purpose is to induce confusion or shame. Users may be
able to watch, interact, or share material via SMS, social media, forums, or
gaming applications. Cyberbullying poses a risk to those who are socially
active on numerous social media platforms.
Sexting: Sexting is defined as sending or sharing sexually provocative text
messages and images, including nude or semi-nude photos, via mobile phones
or the Internet. When photographs are shared without the victim's consent,
sexting becomes a concern and falls under the category of cybercrime. This
could happen as a result of hacking, in which the photographs are taken from
the original receiver, or as a result of the intended receiver spreading them
without the sender's permission (either with other friends or in web forums).
Honey Trapping: Honey trapping uses the cyber espionage technique in
which a cyberattack occurs through romantic or sexual relationships with
civilians whereby the attacker takes advantage of the intimacy in the
relationship to coerce or blackmail the victim. The threat actors use this
cybercrime to discover or reveal sensitive information.
Trolling: Trolling is defined as intentionally inflicting hatred, discrimination,
racism, sexism, or simply arguing with others. It's the anti-social act of
provoking online personal disputes and controversy. Trolls are people who
engage in trolling behaviors. It was termed "flaming" in the early days of the
Internet. Individuals use blog sites, social networks like Facebook, Instagram,
and Twitter, news sites, discussion forums, and game chats, as well as any
other place that allows them to make public remarks.
14.4.4 Morphing
Pornography: Pornography is defined as any obscene or sexually explicit
information. Pornography is available in a variety of media on the internet.
These include images, small animated films, sound files, and stories. The
Supreme Court has defined obscene as “offensive to modesty or decency; lewd,
filthy, repulsive.
Revenge Pornography: One of the most serious threats to online modesty or
reputation issues is revenge pornography. The behavior could be motivated by
a desire to smear the person's morality in public. The person may misuse the
individual's identity and converse as a sexually explicit person, often
pretending to be a call girl, revealing their real name and photograph. For
instance, someone seeking vengeance might either hack into the real accounts
or simply make false profiles.
14.4.5 Mobile Apps
Dangerous game challenges: Anyone who plays an online game or spends
more time in online gaming, one must know the risks associated with online
gaming. In-game resources, well-developed game characters, paid game
accounts, or linked credit-card data are potential targets for cybercriminals.
These can be taken from users in a variety of ways, including phishing,
password-stealing software, and in-game fraud.
Malicious apps: The app which contains the malicious or spyware trojans or
harms the device of the user and collects the user information like his GPS
coordinates, e-mail address, contact lists, etc., and sends it to the third.
Example: The apps that help to breach in and download paid articles from
books/journals, or research papers.
Matrimonial Frauds: Fraudsters befriend the victim after creating an
intriguing online marriage profile on any reputable matrimonial site and posing
as a prospective candidate. Through emails, online chats, and sometimes phone
calls, they gain trust and get connected to the victim. They then propose
marriage and, when speaking with the victim they're trying to trick, they use
voice-changing applications to impersonate their parents and guardians. Once
they have the victim's trust, the scammers urge them to deposit money into
their bank accounts, claiming an emergency. They disappear as soon as the
payment is made, and the cycle begins again.
Career frauds: Another form of fraud is employment-related fraud, as people
have started looking for job opportunities online, it has allowed scammers to
trick people into scams. Scammers offer fake job opportunities to job seekers
through various online services claiming to hold positions in recognized
companies and this makes it difficult for people to find out if the offer is
legitimate or not.
14.4.6 Malware Types
Virus
A virus is a kind of malware that replicates itself by inserting its code into
other applications. Viruses spread through infected websites, flash drives, and
emails by attaching themselves to legal files and data. A virus is activated
when a victim opens an infected application or file.
Worm
A worm virus is a harmful program that duplicates itself and spreads through a
network automatically. The worm virus exploits flaws in your security
software to steal important information, install backdoors that can be exploited
to access the system, corrupt files, and perform other types of harm, according
to this definition of computer worm.
Trojan
A Trojan horse, often known as a Trojan, is a computer program that is
designed to hurt, disrupt, steal, or otherwise harm any data or network. A
Trojan tries to portray itself as a legitimate application or file. Viruses can
execute and replicate. A Trojan is unable to do so. Trojans must be executed
by the user.
Backdoor
A backdoor virus is a malicious software that allows remote unauthorized
access to a computer system or program by exploiting system faults and
vulnerabilities. It operates in the background, oblivious to the victim, as does
any malicious program. This access provides it complete control over the
system, allowing it to carry out harmful acts.
Rootkits
A rootkit is a kind of software that allows hackers to gain access to and
command over a computer. Rootkits are good at hiding their presence, yet they
are still active. Rootkits allow hackers to steal sensitive data and financial
information, install malware or utilize computers as part of a botnet to send
spam and participate in DDoS (distributed denial of service) attacks once they
get unauthorized access to computers.
Bots
A bot is a computer program that performs automatic, repetitive, and pre-
defined activities. Bots are designed to mimic or replace human behavior. They
are significantly faster than human users since they are automated. They do
essential tasks like customer support or indexing search engines, but they may
also be malware, which is used to take complete control of a computer.

14.5 SOME INTERESTING CASE-STORIES

CASE STORY 14.5.1 BOMB HOAX MAIL
In 2009, a 15-year-old Bangalore teenager was arrested by the cybercrime
investigation cell (CCIC) of the city crime branch for allegedly sending a hoax
email to a private news channel. In the email, he claimed to have planted five
bombs in Mumbai, challenging the police to find them before it was too late.
At around 1 p.m. on May 25th, the news channel received an email that read:
“I have planted five bombs in Mumbai; you have two hours to find it.” The
police, who were alerted immediately, traced the Internet Protocol (IP) address
to Vijay Nagar in Bangalore.
The Internet service provider for the account was BSNL, said officials.
CASE STORY 14.5.2 JAWAHARLAL NEHRU UNIVERSITY MMS
SCANDAL
In a severe shock to the prestigious and renowned institute, Jawaharlal Nehru
University, a pornographic MMS clip was made on the campus and transmitted
outside the university. Some media reports claimed that the two accused
students initially tried to extort money from the girl in the video but when they
failed the culprits put the video out on cell phones, on the internet, and even
sold it as a CD in the blue film market.
SAQ 3
a) What are some popular types of cybercrimes? Describe any one in
detail with an example.
b) Can social media be used to target victims using cybercrime
techniques? Describe any one social media crime with an example.

14.6 ENSURING DIGITAL SAFETY BY PRACTICING

CYBER HYGIENE

14.6.1 DO’s AND DONT’s FOR DIFFERENT TYPES OF CYBER

CRIMES

PHISHING

DO’s DONT’s

● Look for spelling or grammatical ● Do not click on suspicious links

mistakes in the email body or attachments
● Check the domain name if sent ● Do not take phone calls from
from a public domain email unknown sources
● Check the authenticity of a ● Do not login to fake/illegal
message before forwarding it on websites
social media platforms

SOCIAL MEDIA CRIMES

DO’s DONT’s

● Keep your social media profiles’ ● Do not give out social media
privacy settings as low as login information to anyone.
possible, especially for the ● Do not accept friend requests
public/others. from strangers.
● Exercise extreme caution when ● Do not click on any links that
sharing anything on the internet appear to be suspicious.
● Log out after each session

FINANCIAL FRAUDS

DO’s DONT’s

● Make a separate email address ● Do not give your net-banking

for online buying to prevent password, One-Time Password
harmful emails disguised as (OTP), ATM or phone banking
sales promotions. PIN, CVV number, or other
● Always use an onscreen sensitive information to anyone,
keyboard and log out of the even if they pretend to be a
banking portal/website after bank employee or
completing an online payment representative, and notify your
using public computers. Also, bank if this happens.
remove the browsing history ● Do not scan any QR codes to
from the web browser. receive payments from
● Check the seller's reputation and unknown sources.
credibility before making online ● Do not save banking/personal
payments. information in a browser or on a
 payment site while making a
purchase.

MORPHING

DO’s DONT’s

● Set limits in online/offline ● Do not pursue or engage in

friendships. relationships that pressurize
● Be cautious while sharing or sharing of personal pictures or
taking intimate pictures or videos.
videos. ● Do not forward any sexual
● Remember that anything shared pictures or videos as it can
online will remain in cyberspace cause a violation of trust.
and can be misused anytime. ● Do not suffer in silence, in case
of any threats.

MOBILE APPS

DO’s DONT’s

● Look for matrimonial sites or job ● Do not stream or download

portals that are genuine and movies, music, books, or apps
trustworthy. from unreliable sources.
● Do not play online games with
strangers.
● Do not share personal/financial
information with online friends
or recruiters.

14.6.2 SECURE E-COMMERCE USAGE

E-Commerce security refers to the practices that provide secure online
transactions. It contains protocols that protect people who make purchases of
goods and services on the internet. To strengthen the security, it's a good idea
to use many security layers.
● DDoS threats and infectious incoming traffic can be blocked by a
Content Delivery Network (CDN). To avoid harmful traffic, machine
learning can be used. One can also use an extra security layer called
multi-factor authentication.
● One of the most important features of SSL Certificates is that they
encrypt sensitive data sent over the internet. It ensures that only the
intended receiver gets the information.
● To block untrusted networks and control the inflow and outflow of web
traffic, use effective e-commerce software and plugins. They should
have selective permeability, allowing only trusted traffic to pass.
● Anti-malware software is a type of protection software that is required
for your electronic devices, computer systems, and online systems. All
hidden viruses on a website should be rendered by effective anti-
malware.
● Maintain the Payment Card Industry Data Security Standard (PCI-DSS)
regularly to protect any credit card data.
 ● Use caution and avoid signing in to personal or professional accounts
such as e-mail or banking, while using a public Wi-Fi network.
● Do not trust the customer care numbers provided on google with
personal information. They might not always be trustworthy.
14.6.3 SECURE COMPUTER/LAPTOP USAGE
● Use a firewall
● Close the webcam and computer audio when not in use
● Clear browsing history and browser cache from time to time to prevent
the use of old forms, protect personal information and help applications
run better
● To keep the software up to date, make sure to turn on automatic
updates under the settings.
● Set up automatic updates for non-Microsoft software as well such as
browsers, Adobe Acrobat Reader, and other programs you use
frequently.
● Do not use a USB or other external device. Ensure that any external
devices either belong to the person or come from a reliable source to
avoid infection by malware and viruses.
● Passwords for logins are important for preventing unauthorized access
to any data. Set a password-protected lock screen on the laptop to use
in public places, such as an office.
14.6.4 SECURE MOBILE PHONE PRACTICES
● Ensure that the smartphone has a screen lock enabled and that entering
it requires a password or PIN since the device contains personal
information.
● Make sure the mobile phones' automatic software upgrades are turned
on by default. Updating the operating system regularly guarantees users
to have the most up-to-date security configurations.
● Do not use public Wi-Fi networks to download videos or content. This
increases the risk of exposure to malware and viruses. Delete unused
Wi-Fi networks.
● Use a password manager to not only remember the passwords for
different accounts but also to generate strong unique passwords for all
accounts such as bank accounts, social media, etc.
● Make a backup of the phone data to be able to rapidly access any data
that has been compromised if any device is lost or stolen.
● Install the minimum necessary applications and only those from official
app stores. Personal information given into applications should be
treated with caution.
● When not using location services, turn them off. Do not switch them on
in sensitive settings.
● Pop-ups that appear unexpectedly are typically harmful. Close all
applications forcibly if one emerges.
 ● Use only authentic charging cords and charging accessories from a
quality brand.
14.6.5 SECURE INTERNET BROWSING
● Be aware of what is being accessed or downloaded. Software should
always be downloaded from a reliable source.
● Before opening any email or clicking a link, double-check the senders'
identities.
● Do not save official data to the cloud or on devices that are connected
to the Internet.
● Stay away from services that demand location or ask for upload of
photos with GPS coordinates.
● Free downloading software should be avoided at all costs.
● Install Web Browser with HTTPS enforcement as well as reliable anti-
virus software. One can use a Virtual Private Network (VPN) on their
phone as a hotspot.
SAQ 4
a) Define e-commerce security?
b) How can one strengthen their e-commerce security?
c) What are some secure internet browsing practices?
d) List the do’s and dont’s for phishing?

14.7 SUMMARY
In the emerging era of digitalization, education requires tech-assisted teaching,
learning solutions, and fast-paced innovations. Students and teachers now have
access to smart mobile devices as well as a variety of remote e-learning and
evaluation options. The various e-learning tools like smartboards, projectors
have been promoted in educational institutions for better understanding and
learning. Therefore, effective utilization of various online platforms becomes
imperative for building safe cyberspace for the users and ensuring digital
safety.
“Biggest myth is that I will never be hacked.” It is a prevalent cyber pronoun -
there are two kinds of people. One who has been hacked and the other who
will soon be hacked.

14.8 ANSWERS TO SAQs

SAQ 1
a) Cyberspace is “A global domain within the information environment
consisting of the interdependent network of information systems
infrastructures including the Internet, telecommunications networks,
computer systems, and embedded processors and controllers.”
b) In the big data world where “Right to be Forgotten” or “Right to be
Erased” is not that easy as the identity of an individual is disclosed
not only privately but on public platforms too. Digital footprints are
always left behind in one form or another to find the digital trail
towards an individual.
 c) Cyber security is the use of technology, processes, and policies to
prevent cybercrimes on systems, networks, programs, devices, and
data. This is mostly referred to in terms of an organization. On the
other hand, digital safety is the act of increasing a user's knowledge
about personal safety and security threats to personal data and
property while using the internet. This term is usually used for an
individual user.
SAQ 2
a) TARGETS - Target/victim could be an individual, organization, or nation.
THREAT ACTORS - The threat actors include cybercriminals, malicious
insiders, or hacker groups that are a threat to the IT Security of any
individual, organization, or nation.
MOTIVES/REASONS - Threat actors' motives for different cyberattacks
vary from an individual, organization, or nation which affects their
financial capacity through misleading, deceptive, or illegal practices, or
cyber espionage.
VECTORS - Vector is a kind of method which breaches security or
infiltrates the users’ network.
b) Social engineering, misinformation, impersonation, deep fakes, spoofing,
morphing, man-in-the-middle
c) Internet banking-related fraud, UPI fraud, debit/credit card fraud, sim
swap fraud, depository fraud, and cryptocurrency fraud.
Cryptocurrency Fraud: Because of its fast transactions, mobility, and
global reach, cryptocurrency can be used as a new tool for evading taxes,
money laundering, and bribery. Fraudsters may try to manipulate the
markets for cryptocurrency and similar derivative assets. Example:
Investors' crypto wallets can be hacked, allowing scammers to steal their
funds. They can create fake wallets to defraud counterparties, as well as
fake crypto exchanges to steal money from clients.
SAQ 3
a) Phishing, financial frauds, social media crimes, morphing, mobile
apps fraud, and malware types.
Phishing - A phishing attack is a means of tricking people into
disclosing confidential information by answering an email. It involves
obtaining or attempting to gain specific banking information (e.g.
username, password, credit card numbers, etc).
b) Yes, social media can be used to target victims using different
cybercrime techniques.
Cyberstalking: Cyberstalking is a crime when a victim is harassed by
the attacker utilizing e-mail, Instant Messaging (IM), internet
messages, discussion groups, etc., to communicate electronically with
the victim. A cyberstalker targets and follows victims through with
threatening/abusive communications.
Example: A boy is stalking a girl on social media and then bothering
her by texting her social media for her activities on social media.
SAQ 4
a) E-Commerce security refers to the practices that provide secure
online transactions. It contains protocols that protect people who
make purchases of goods and services on the internet.
b)
● DDoS threats and infectious incoming traffic can be blocked by a
Content Delivery Network (CDN). To avoid harmful traffic,
machine learning can be used. One can also use an extra security
layer called multi-factor authentication.
● One of the most important features of SSL Certificates is that
they encrypt sensitive data sent over the internet. It ensures that
only the intended receiver gets the information.
● To block untrusted networks and control the inflow and outflow
of web traffic, use effective e-commerce software and plugins.
They should have selective permeability, allowing only trusted
traffic to pass.
● Anti-malware software is a type of protection software that is
required for your electronic devices, computer systems, and
online systems. All hidden viruses on a website should be
rendered by effective anti-malware.
● Maintain the Payment Card Industry Data Security Standard
(PCI-DSS) regularly to protect any credit card data.
c)
● Be aware of what is being accessed or downloaded. Software
should always be downloaded from a reliable source.
● Before opening any email or clicking a link, double-check the
senders' identities.
● Do not save official data to the cloud or on devices that are
connected to the Internet.
● Stay away from services that demand location or ask for upload
of photos with GPS coordinates.
● Free downloading software should be avoided at all costs.
● Install Web Browser with HTTPS enforcement as well as reliable
anti-virus software. One can use a Virtual Private Network (VPN)
on their phone as a hotspot.
d)
Do’s -
➔ Look for spelling or grammatical mistakes in the email body
➔ Check the domain name if sent from a public domain email
Dont’s -
➔ Do not click on suspicious links or attachments
➔ Do not take phone calls from unknown sources
 ➔ Do not login to fake/illegal websites

14.9 REFERENCES
 Book on ‘ Introduction to Cyber Security: Guide to the World of Cyber
Security’, Author: Anand Shinde
 Cyber Law and Technology , Author: Ankit Tiwari, Ritanshi Jain