UNIT –II

CYBER CRIMES

https://indiafreenotes.com/cybercrime-targeting-computers-and-mobiles/
Cyber crimes targeting computer systems and mobile devices are illegal activities that exploit technology
for malicious purposes. Here are some common types:

1. Malware: Malicious software like viruses, worms, and ransomware designed to damage, disrupt,
or gain unauthorized access to systems. Ransomware encrypts files and demands payment for
decryption.
2. Phishing: Scams that trick individuals into divulging sensitive information, such as passwords or
credit card numbers, by pretending to be a trustworthy entity.
3. Hacking: Unauthorized access to computer systems or networks to steal, alter, or destroy data.
This can involve exploiting vulnerabilities or using stolen credentials.
4. Spyware: Software that secretly monitors and collects user data, often without their knowledge
or consent.
5. Identity Theft: Stealing personal information to impersonate someone else, often for financial
gain or to commit further fraud.
6. Denial of Service (DoS) Attacks: Overloading a system or network with traffic to make it
unavailable to users. Distributed Denial of Service (DDoS) attacks use multiple compromised
systems to amplify the effect.
 7. Mobile Threats: Attacks targeting mobile devices, including malware apps, phishing messages,
and exploits that take advantage of vulnerabilities in mobile operating systems.
8. Data Breaches: Unauthorized access to sensitive information, often leading to the theft or
exposure of personal, financial, or corporate data.

These crimes can have serious consequences for individuals and organizations, including financial loss,
reputational damage, and legal ramifications.

ONLINE SCAMS AND FRAUDS

1. Phishing Scams

 Description: Scammers send fake emails or messages that look like they're from a legitimate
source (e.g., a bank or a popular website) to trick you into providing personal information.
 Protection: Always verify the sender's email address and be cautious of links in unsolicited
messages. Use two-factor authentication for added security.

2. Ransomware

 Description: Malicious software that encrypts your files and demands a ransom for their release.
 Protection: Keep your software and antivirus programs up-to-date, avoid downloading
suspicious attachments or clicking on unknown links, and regularly back up important data.

3. Online Shopping Scams

 Description: Fake online stores or auction sites that trick you into paying for items that never
arrive.
 Protection: Research sellers, read reviews, and use secure payment methods. Check if the
website uses HTTPS and look for contact information.

4. Tech Support Scams

 Description: Scammers pose as tech support agents and convince you to grant them remote
access to your computer or pay for unnecessary services.
 Protection: Don't trust unsolicited tech support calls or messages. If you need help, contact tech
support through official channels.

5. Investment Scams

 Description: Offers that promise high returns with little risk, often involving cryptocurrency or
other high-risk investments.
 Protection: Be skeptical of offers that seem too good to be true. Research investments thoroughly
and consult financial advisors.

6. Social Media Scams

 Description: Scammers use social media platforms to promote fake contests, fake charities, or
phishing schemes.
  Protection: Be cautious about sharing personal information or clicking on links in messages or
posts. Verify the legitimacy of contests or charitable organizations before donating.

7. Romance Scams

 Description: Scammers create fake profiles on dating sites or social media to establish
relationships and eventually ask for money.
 Protection: Be wary of online relationships that progress too quickly or involve requests for
money. Verify the identity of the person you're communicating with.

8. Impersonation Scams

 Description: Scammers pose as someone you know or a trusted authority figure to get money or
personal information.
 Protection: If you receive a suspicious request for

Common Social Media Scams

1. Phishing Scams
o Description: Scammers send messages or create fake profiles that look like legitimate
companies or organizations, asking for personal information or login credentials.
o Protection: Avoid clicking on links or downloading attachments from unsolicited
messages. Verify the authenticity of requests by contacting the company directly through
official channels.

2. Fake Contests and Giveaways

o Description: Posts or ads claiming you’ve won a prize or asking you to enter a contest,
often requiring you to share personal information or pay a fee.
o Protection: Be skeptical of contests or giveaways that require personal information or
payment. Check the legitimacy of the contest through the official website or organization.

3. Impersonation Scams
o Description: Scammers create fake profiles pretending to be someone you know or a
celebrity, often to solicit money or personal information.
o Protection: Verify the identity of the person by contacting them through known and
trusted means. Be cautious of friend requests or messages from unknown profiles.

4. Fake Job Offers

o Description: Fraudulent job postings or messages offering high-paying jobs that require
you to pay for training, equipment, or other expenses upfront.
o Protection: Research job offers and companies thoroughly. Legitimate employers do not
ask for payment for job applications or training.

5. Romance Scams
o Description: Scammers create fake profiles to build romantic relationships, eventually
asking for money or financial assistance.
o Protection: Be wary of relationships that develop too quickly online. Avoid sending
money or sharing sensitive information with people you haven’t met in person.
 6. Investment Scams
o Description: Ads or posts promoting investment opportunities that promise high returns
with little risk, often involving cryptocurrency or other high-risk ventures.
o Protection: Be cautious of investment schemes that seem too good to be true. Research
thoroughly and consult with financial advisors before investing.

7. Charity Scams
o Description: Fake charitable organizations or fundraising campaigns that ask for
donations under false pretenses.
o Protection: Verify the legitimacy of charities by checking their official website or using
a charity watchdog service. Avoid donating through unsolicited messages.

8. Clickbait and Malware Links

o Description: Posts or messages with sensational headlines or links that lead to malware
or phishing sites.
o Protection: Avoid clicking on suspicious links or headlines. Use a reputable antivirus
program to scan for malware and be cautious of pop-ups or unexpected downloads.

General Tips for Protection

 Privacy Settings: Adjust your social media privacy settings to limit who can see your personal
information and posts.
 Two-Factor Authentication: Enable two-factor authentication on your accounts for added
security.
 Educate Yourself: Stay informed about the latest scams and techniques used by scammers.
 Report Suspicious Activity: Use the platform’s reporting tools to report fake profiles, scams,
and fraudulent activity.

Fake News is Used in Cybercrime

1. Defamation and Harassment

o Description: Fake news stories or misleading information can be spread to damage
someone's reputation, cause emotional distress, or manipulate public opinion against an
individual.
o Impact: Victims may face social ostracism, loss of job opportunities, or emotional harm.
o Protection: Monitor your online presence, set up Google Alerts for your name, and
address misinformation by providing correct information through reputable channels.

2. Fraudulent Schemes
o Description: Fake news can be used to promote fraudulent schemes, such as fake
investment opportunities or fake charity drives, convincing individuals to part with their
money.
o Impact: Victims may lose money or become involved in scams that affect their financial
security.
o Protection: Verify the legitimacy of news sources and financial offers. Research
thoroughly and consult trusted advisors before making financial decisions.

3. Phishing Attacks
 o Description: Fake news articles or sensational headlines may be used to trick individuals
into clicking on malicious links that lead to phishing websites designed to steal personal
information.
o Impact: Victims may have their personal data, such as login credentials or financial
details, stolen.
o Protection: Be cautious of clicking on links in unsolicited messages or suspicious news
stories. Check URLs carefully and ensure websites are secure (look for HTTPS).

4. Social Engineering
o Description: Scammers may use fake news to create a sense of urgency or fear,
manipulating individuals into divulging sensitive information or taking specific actions.
o Impact: Victims might be tricked into providing personal details or compromising their
security.
o Protection: Verify the authenticity of news before acting on it. Be skeptical of urgent
requests or sensational claims that seem designed to provoke immediate reactions.

5. Political or Social Manipulation

o Description: Fake news can be used to spread misinformation for political gain or to
incite social unrest, influencing public opinion or elections.
o Impact: Individuals may be misled about political issues, candidates, or social
movements, affecting their decisions and behavior.
o Protection: Cross-check information with multiple reliable sources. Stay informed
through credible news organizations and avoid spreading unverified information.

6. Impersonation and Identity Theft

o Description: Fake news stories might involve impersonation or identity theft, where
criminals pose as someone else to commit fraud or damage reputations.
o Impact: Victims may experience identity theft, financial loss, or reputational damage.
o Protection: Monitor your credit reports and online accounts for unusual activity. Report
any identity theft to the relevant authorities immediately.

General Tips for Protection

 Verify Sources: Check the credibility of news sources and cross-reference information with
reputable news outlets.
 Educate Yourself: Learn about common tactics used in fake news and misinformation
campaigns.
 Secure Your Accounts: Use strong, unique passwords and enable two-factor authentication on
your online accounts.
 Report Misinformation: Use social media platforms' reporting tools to flag fake news and
misinformation.
 Stay Critical: Be cautious of sensational headlines and emotionally charged content. Always
seek out additional sources before accepting or sharing information as true.

SOCIAL ENGINEERING ATTACKS

1. Phishing
 o Description: Attackers send fraudulent emails or messages that appear to be from
legitimate sources (e.g., banks, email providers) to trick individuals into revealing
personal information or credentials.
o Example: An email that looks like it's from your bank asking you to click a link and
enter your account details.
o Defense: Verify the sender’s email address, avoid clicking on links in unsolicited
messages, and use two-factor authentication for added security.

2. Spear Phishing
o Description: A more targeted form of phishing where attackers customize their messages
for a specific individual or organization, often using personal information to make the
attack more convincing.
o Example: An email that appears to come from a trusted colleague or superior, asking for
sensitive company data.
o Defense: Be cautious of unexpected requests, especially if they involve sensitive
information. Verify requests through alternate communication channels.

3. Pretexting
o Description: Attackers create a fabricated scenario (pretext) to obtain information or gain
access to systems. This often involves impersonating someone with authority or a trusted
figure.
o Example: A scammer calls pretending to be an IT support specialist and requests login
credentials to "fix a problem."
o Defense: Verify the identity of the requester through official channels before providing
any information.

4. Baiting
o Description: Attackers lure victims into a trap by offering something enticing, such as
free software or downloads, which then installs malware or collects personal information.
o Example: A fake advertisement offering free software that, once downloaded, infects
your computer with malware.
o Defense: Avoid downloading software or clicking on ads from unknown or suspicious
sources. Use reputable antivirus software and check reviews.

5. Tailgating
o Description: An attacker physically follows an authorized person into a restricted area
without proper credentials or authorization.
o Example: Someone dressed as a delivery person follows an employee into a secure
building.
o Defense: Be vigilant about who you allow into secure areas. Ensure that employees are
trained to challenge unknown individuals and report suspicious behavior.

6. Quizzes and Surveys

o Description: Scammers use seemingly innocent quizzes or surveys to collect personal
information that can be used to answer security questions or gain unauthorized access.
o Example: An online quiz that asks for answers to questions like “What is your mother’s
maiden name?” or “Where did you go to high school?”
o Defense: Avoid sharing personal information in online quizzes or surveys. Be mindful of
the information you provide and who is collecting it.
 7. Vishing (Voice Phishing)
o Description: Attackers use phone calls or voice messages to impersonate legitimate
entities and trick individuals into providing sensitive information.
o Example: A phone call claiming to be from your bank’s fraud department asking for
your account details.
o Defense: Hang up and call back using the official contact number from the organization’s
website to verify the request.

8. Smishing (SMS Phishing)

o Description: Scammers send text messages that contain malicious links or requests for
personal information.
o Example: A text message claiming to be from a delivery service asking you to click a
link to track your package.
o Defense: Avoid clicking on links in unsolicited text messages and verify any claims
through official channels.

General Tips for Protection

 Educate and Train: Regularly train employees and individuals on recognizing social
engineering tactics and how to respond appropriately.
 Verify Requests: Always verify the legitimacy of requests for sensitive information through
trusted and secure channels.
 Use Strong Authentication: Implement strong, multi-factor authentication methods to add layers
of security.
 Be Skeptical: Maintain a healthy skepticism toward unsolicited communications, especially those
requesting personal or financial information.
 Monitor and Respond: Keep an eye on your accounts and systems for unusual activity, and have
a response plan in place for potential breaches.

cyber police station

A "cyber police station" refers to a specialized law enforcement unit or department focused on addressing
cybercrimes and digital security issues. These units are dedicated to investigating crimes that involve
computers, the internet, and other digital technologies. Here’s an overview of what a cyber police station
typically entails and how it functions:

Functions of a Cyber Police Station

1. Investigating Cybercrimes
o Types of Crimes: They handle a range of cybercrimes, including hacking, phishing,
ransomware attacks, online fraud, identity theft, and cyberstalking.
o Methods: Use digital forensics, data analysis, and cyber intelligence to investigate and
track down perpetrators.

2. Digital Forensics
o Description: Collecting, analyzing, and preserving digital evidence from computers,
mobile devices, and other electronic media.
o Tools: Employ specialized software and techniques to recover deleted files, trace
communications, and identify criminal activities.
 3. Online Threat Prevention
o Description: Work to identify and mitigate potential threats to individuals, businesses,
and national security.
o Activities: Monitor online forums, social media, and dark web activities to detect and
prevent emerging threats.

4. Public Awareness and Education

o Description: Conduct campaigns and provide resources to educate the public about
online safety, cybersecurity best practices, and how to recognize and report cybercrimes.
o Programs: Offer workshops, seminars, and online resources to raise awareness.

5. Collaboration with Other Agencies

o Description: Work with other law enforcement agencies, international bodies, and
private sector organizations to tackle cross-border cybercrimes and share intelligence.
o Partnerships: Engage in joint operations, share information, and participate in global
cybercrime task forces.

6. Incident Response
o Description: Respond to and manage cyber incidents, including breaches and attacks, to
minimize damage and recover from attacks.
o Procedures: Implement response protocols to contain and mitigate the effects of cyber
incidents.

7. Legal and Policy Support

o Description: Provide expertise on cyber laws and policies, assist in drafting legislation,
and offer advice on legal matters related to cybercrimes.
o Role: Work with lawmakers and regulators to develop and update cybercrime legislation
and policies.

How to Contact or Utilize a Cyber Police Station

1. Local Law Enforcement

o Description: In many regions, local police departments may have a cybercrime unit or
specialized officers dealing with digital crimes.
o Action: Report incidents to your local police department, which can direct you to the
appropriate cybercrime resources.

2. National Cybercrime Agencies

o Description: Some countries have national agencies dedicated to cybercrime, such as the
FBI’s Cyber Division in the U.S., the National Cyber Crime Unit in the UK, or the Cyber
Crime Branch in India.
o Action: Visit the agency’s website or contact them directly for guidance on reporting
cybercrimes and seeking assistance.

3. Online Reporting Platforms

o Description: Many countries have online platforms or hotlines for reporting cybercrimes
and seeking help.
o Examples: The Internet Crime Complaint Center (IC3) in the U.S., Action Fraud in the
UK, and the Cyber Crime Reporting Platform in India.
 4. Cybersecurity Organizations
o Description: Some non-governmental organizations and private companies provide
support and resources for cybercrime victims.
o Examples: Contact organizations like the Cyber Threat Alliance or local cybersecurity
firms for assistance and advice.

Tips for Dealing with Cybercrimes

 Report Quickly: The sooner you report a cybercrime, the better the chances of mitigating
damage and recovering stolen assets.
 Preserve Evidence: Keep records of communications, screenshots, and any other evidence
related to the incident.
 Seek Professional Help: Consult with cybersecurity experts or legal professionals to understand
your options and take appropriate actions.

Dark Net

The darknet is a part of the internet that's not indexed by traditional search engines and requires specific
software to access, like Tor (The Onion Router) or I2P (Invisible Internet Project). It’s often associated
with privacy and anonymity, and while it can be used for legitimate purposes—like protecting the privacy
of journalists and activists in oppressive regimes—it’s also known for hosting illegal activities, such as
black markets for drugs, weapons, and stolen data.

The darknet's decentralized nature and encrypted communications make it difficult for authorities to
monitor, which is why it can be a double-edged sword. While it helps protect privacy and freedom of
speech, it also provides a haven for illegal and unethical behavior.

CRIME REPORTING PROCEDURES

Reporting a crime, particularly in the context of cybercrimes or other incidents, involves several steps to
ensure that the crime is properly documented, investigated, and addressed. Here’s a general guide to
crime reporting procedures:

1. Immediate Action

 Ensure Safety: If you are in immediate danger, prioritize your safety and call emergency services
(e.g., 911 in the U.S., 999 in the UK).
 Preserve Evidence: Do not alter or destroy any potential evidence related to the crime. This
could include digital evidence such as emails, messages, or files, as well as physical evidence.

2. Report the Crime to Local Authorities

 Contact Local Police: Report the crime to your local police department. You can do this in
person, by phone, or through their online reporting system if available.
 Provide Details: Be prepared to provide detailed information about the crime, including the
nature of the incident, location, time, and any suspects or witnesses.
 Obtain a Report Number: After filing a report, ask for a report number or reference to track the
progress of your case.
3. Report to Specialized Agencies (for Cybercrimes)

 National Cybercrime Agencies: In some countries, specific agencies handle cybercrime cases.
For example, the FBI’s Internet Crime Complaint Center (IC3) in the U.S., or Action Fraud in the
UK.
o Submit a Report: Use the agency’s online portal or contact them directly to file a
complaint or report cybercrime.
o Provide Evidence: Submit all relevant information and evidence related to the
cybercrime, such as screenshots, emails, and descriptions.

4. Report to Financial Institutions (if applicable)

 Contact Your Bank: If the crime involves financial transactions, such as fraud or unauthorized
charges, notify your bank or credit card company immediately.
 Freeze Accounts: Request to freeze or lock your accounts to prevent further unauthorized
transactions.
 Dispute Charges: Work with your financial institution to dispute any fraudulent charges and
potentially recover lost funds.

5. Report to Online Platforms

 Social Media and Online Services: If the crime occurred on social media or an online platform,
report the incident to the platform’s support team. Most platforms have dedicated processes for
reporting abuse or fraud.
 Provide Evidence: Share any relevant evidence with the platform’s support team to assist in their
investigation.

6. File a Formal Complaint

 Documentation: Prepare a written account of the incident, including all relevant details and
evidence. This can be useful for legal proceedings or insurance claims.
 Consult Legal Counsel: If necessary, seek advice from a legal professional to understand your
rights and options for pursuing legal action.

7. Follow Up

 Stay in Contact: Keep in touch with the authorities and agencies handling your case. Follow up
periodically to check on the status of the investigation.
 Keep Records: Maintain records of all communications, reports, and actions taken related to the
crime.

8. Additional Considerations

 Cybersecurity Measures: If the crime involved digital threats, review and enhance your
cybersecurity practices. Change passwords, update security settings, and run antivirus scans.
 Support Services: Consider seeking support from victim assistance programs or counseling
services if you are experiencing emotional distress or trauma as a result of the crime.
Example Reporting Procedures:

 Cybercrime Report (U.S.): Visit the Internet Crime Complaint Center (IC3) website to file a
complaint.
 Fraud Report (UK): Report to Action Fraud using their online form or phone line.
 Financial Fraud: Contact your bank’s fraud department immediately.