Although it's been a great boon to almost everyone in Britain, the Internet has also proven itself a risky place to work and play. As going online has become more and more popular, petty and experienced criminals have sat up and taken notice. Wrongdoers from across the world with an array of motivations, tools, and methods have moved into the sphere of cybercrime.
What Is Cybercrime?
Cybercrime is a broad label which covers any crime or malicious act committed by someone with a computer and an internet connection. In practice, cybercrime is an enormously diverse category. It can refer to the most serious offences, ranging from blackmail to fraud. It can also be used to describe interpersonal threats such as intimidation, trolling, and harassment. Petty, 'victimless' online crimes, such as using a program to illegally mod and cheat at a videogame, are sometimes mixed in. Here are the most common serious types of malicious cybercrime and some simple strategies for staying safe.
Malware is any program that causes deliberate criminal damage to you, your devices, or your computer. It can be spread through misleading links, malicious websites, fraudulent email attachments, or by copying itself from another computer or storage device if it's classified as a virus or worm.
Professionally-made malware is overwhelmingly aimed at making money. Cybercriminals strive to relieve you of your wealth by encrypting and ransoming your files, keylogging your passwords and internet searches, selling your personal data, or stealing your credit or debit card details.
Malware can infect personal computers, laptops, tablets, phones, servers, and routers of any age, running any OS. Older Windows devices (before Windows 10) that are no longer receiving security updates are considered most at risk of being infected with current malware.
It's less common these days, but malware can also be designed for pure vandalism. Destructive malware will maul your OS via the registry to wreck your computer or redirect your web calls to form part of a larger denial of service (DDoS) remote network. These two methods allow sophisticated hackers to take down large organisations and websites quickly on request. A destructive malware hack is usually performed either for political reasons or for a third-party fee.
Avoid malware infecting your corporate devices by installing good anti-virus and anti-malware programs and keeping them up to date, scanning for malware regularly, and by avoiding untrustworthy banner ads, websites, and unsolicited emails. Secure IT asset disposal is also essential for ensuring that sensitive passwords don’t fall into the wrong hands.
Anything calling for urgent action on your part from an unverified, untrusted source should be viewed with suspicion. Administrator privileges and installation permissions should only be given to programs and people you absolutely trust.
Another common tactic used by financial cybercriminals and scammers in conjunction with malware is phishing. Phishing refers to the art of imitating a legitimate authority to lift personal and confidential data from unsuspecting users.
It's particularly appealing to inexperienced cybercriminals looking for a quick score. Phishing requires a much lower level of technical knowledge to pull off than writing malware and often involves elements of social engineering. Phishing works by providing a fake email or form-based website that borrows the style, name, and details of a major institution such as a government department, corporation, or bank. The user is asked to verify their details for 'security' reasons or provide them again for a special promotion or bonus that never materialises.
It can also appear in conjunction with malware. Some malicious downloads will subtly redirect the user to a phishing webpage, prompt, or splash screen. The stolen data is then sent back to the phisherman (of any gender). The hacker can then use it to charge their personal orders to the user's bank accounts or steal their identity to commit further crimes.
In newer cases such as cloud storage and social media focused phishing, it can be used to obtain access to confidential files and information. Photographs, personal chat logs, and personal information can all be used in blackmail, for personal gratification, or to compromise a user's reputation or public presence. The 2017 iCloud breech used garden-variety phishing tactics to obtain the login details and 'personal' photographs of popular celebrities.
You can avoid phishing by only entering your details on secure, encrypted, verified websites, and by establishing clear work-based procedures for personal Internet use. Any unexpected emails requesting logins or card details should be viewed with extreme suspicion. Most companies now make it a policy to never request these details from users via email or third-party websites.
Phishing emails and webpages often contain obvious, amateurish mistakes. These include misspelt or mistranslated words, poor grammar and punctuation, off-model fonts or branding, and stretched graphics copied from elsewhere.
Most real-world interpersonal crimes are committed by someone already known to the victim. Cybercrime is no different. Many older offences such as stalking, bullying, scamming, slander, and intimidation have all moved online. Vendettas pursued online by disgruntled former employees against their erstwhile place of work also fall into this category. These crimes are much the same as they ever were, with a few added shards of nastiness mixed in.
The advent of social media with integrated messaging has only worsened the situation. Criminal activities, such as crowdfunding scams and 'catfishing', have arisen from how easy it is to misrepresent yourself and your intentions online to manipulate others. The sheer ubiquity of Facebook and Instagram have also meant that moving out of a neighbourhood, school, or town is no longer an effective solution to escape your abusers.
Online harassment is particularly appealing to bullies for a number of reasons. Platforms such as Twitter allow so-called 'trolls' to hide their identities behind blank or fraudulent accounts and to mob or 'dogpile' victims with like-minded cybercriminals. The open nature of social media means that politically motivated harassers have a direct hotline to their ideological enemies.
Humiliating, exposing, or frightening victims usually forms part of the cycle of unsolicited harassment. And an 'online disinhibition effect' has been long recognised by psychologists. Some people will do and say things online they wouldn't dare consider in real life. Interpersonal cybercrime can also include the local installation of unwanted software on company computers. While remote map tracking programs and parental supervision spyware are legal and have their legitimate uses, they've also become a worryingly common part of the cyber criminal’s toolkit.
Spyware can monitor and relay web browsing history and any outside communications (including sensitive customer transactions) to abusers. Off-the-shelf software allows even the most technologically inexperienced narcissists and sociopaths to keep closer tabs on their victims. Poorly-defined UK legal frameworks have led to some considerable public confusion as to whether it's a corporate, public, or police responsibility to tackle harassment and intimidation. In reality, it's the duty of all of these bodies to work to prevent interpersonal cybercrime.
What To Do About Cyber Threats
You should contact both your local administrators and the police immediately if you've received repeated harassment or unsolicited communication after you've asked the other user to stop, or any other threats (regardless of whether you think they're feasible or not). Many forums and discussion groups have named moderators who have been given the executive power to ban, report, or 'time out' unpleasant individuals.
Establish clear procedures for countering online harassment at work. The best way is not to rise to it and respond - play dead if you possibly can. A response to an unsolicited message shows that your account is live and a viable target. Report and block the user, contact the relevant authorities, and seek professional help if you feel threatened or upset.
Find Out More
For reliable advice on IT asset security and safe disposal of data – thereby reducing the overall risk of cybercrime to your business, employees and customers – please call 01332 371989 today.
Image source: Pixabay