Guide To All Things Criminal On The Web

The idea of using the Internet to commit crimes isn’t new, but the problem continues to grow as people become more reliant on the Internet for making purchases and storing personal information. In this guide to cybercrime, we’ll explore the most potent threats on the Internet today.

We’re going to give you an overview of the common kinds of cybercrime, provide real-world examples and suggest tools you can use to protect yourself.

Unfortunately, you can’t justify assuming that common sense will get you past these hurdles. Just as you’d take steps to defend yourself from crime in a major city, you should do so while using the internet. Sometimes, avoiding a questionable area isn’t enough.

What Is Cybercrime?

Cybercrime is a criminal activity that involves a computer, or other networking devices. While some cybercrimes are meant to hurt the victim, most are used for financial gain.

Even though the goal is financial gain, individuals and businesses are both targets. Usually, individuals are one part of a larger attack in which the hacker intends to spread malware across machines to turn a profit. Business attacks, on the other hand, are generally a single shot.

Businesses are much more likely to be the target of hacktivist protests, too, which, in their own way, are a form of cybercrime.

There’s a long list of cybercrimes. The internet enables crimes such as fraud, money laundering, the sale of drugs and distribution of child pornography. We’re going to talk briefly about those, but this guide will focus on crimes that are sneakier and more relevant to you.

The US Department of Justice groups cybercrime into three areas: a computer is the target of an attack, is used as a weapon for an attack or is an accessory to an attack. As we go through the types of cybercrime, we’ll let you know in which area they are usually grouped.

Before getting into the types of cybercrime and what you can do to protect yourself, we’re going to look at some major examples and how they impacted normal users online.

Examples of Cybercrime

Yahoo was the target of one of the largest attacks in cybercrime history. It’s confusing how it happened, though. The company announced in September 2016 that it had been the target of an attack in 2014 in which 500 million accounts, including names, email addresses, dates of birth and phone numbers, were compromised.

A few months later, it announced that another attack, carried out in 2013 by a different group of hackers, accessed nearly a billion accounts, which included passwords and security question answers. The statement was then revised, revealing that just over 3 billion accounts were compromised.

At the time of the announcements, Yahoo was in negotiations with Verizon for sale. After the news broke, an estimated $350 million was taken off the sale price. It’s scary to think about, considering it was one of the largest data breaches in history and Yahoo waited three years to say anything about it.

Around the same time, and a bit before, the Blackshades RAT was a popular tool for extortion. An RAT, or Remote Access Tool, allows a remote computer to control yours without a physical connection. Most RATs are used legitimately, such as when a computer manufacturer provides support.

Blackshades, a hacker group, modified a commercially available RAT and used it for extortion. One of the most famous examples was Miss Teen USA Cassidy Wolf in 2014. Her webcam was hijacked and monitored for a year by Jared Abrahams, a classmate who had also cyber attacked 100-150 other women.

Photos of her dressing and undressing were used for sextortion. Abrahams demanded she make sexual videos or he would release the webcam images online. Nineteen other countries were affected by the Blackshades RAT, which was a prime example in our guide on how to secure your webcam.

The most potent threat today, though, is ransomware. The WannaCry ransomware 
attack was carried out in May 2017, infecting over 300,000 computers in 150 countries. In each case, it demanded payment of $300-$600 to unlock data it had encrypted.

Windows, which was the operating system targeted by the attack, released an emergency patch a few days later, but WannaCry had a transport protocol built in that allowed it to spread like a virus. By the time the security patch was released, the damage had been done.

The US, UK and Australia asserted that North Korea was behind the WannaCry attack. In September 2018, the U.S. Department of Justice brought formal charges against Park Jin-hyok for the 2014 Sony Pictures attack, claiming that he was part of the North Korea’s Reconnaissance General Bureau, to whom they also attributed the WannaCry attacks.

Types of Cybercrime

Let’s take a look at the different kinds of cybercrime out there.

Botnets

Botnets are networks of computers that have been infected with a bot. A bot is a form of malware that allows a remote machine to use the resources on your computer to carry out actions. Distributed denial-of-service attacks (you may know them as DDoS attacks) are the most recognizable use of botnets. For those, your computer is used as a weapon.

That said, a botnet can be used for many purposes. Any action that requires a lot of computing resources is ripe for a botnet. In some cases, they are used to carry out ad fraud, which is when fake traffic is sent to an advertisement, and crypto-mining, which uses a small amount of your system resources to solve hashes which in turn earns the crime in question bitcoin.

Botnets are scary because they’re intended to live on your machine undetected. Often, you won’t notice performance degradation. You can learn more about them and how to protect yourself in our what is a botnet guide, or read about Hola VPN, a service that slaves your comp into one.

Ransomware

Ransomware, which we provided an example of in the section above, is one of the most dangerous online threats. It’s a form of malware that searches your data and encrypts it, holding it hostage until you pay a ransom. In its case, your computer is the target.

Most ransomware cases ask for around $300 to be paid in crypto-currency over Tor. WannaCry’s demands, for example, ranged from $300-$600. Even after paying the ransom, though, your data may still be at risk.

In late June 2018, many users received an email from the alleged developers of WannaCry, demanding $650 in payment or their data would be destroyed. It was just a phishing scam, though, which we’ll talk about next.

There are different kinds of ransomware and learning them is a key part of keeping yourself protected. You can read more in our what is ransomware guide, or check out how to protect against ransomware.

Ransomware, which we provided an example of in the section above, is one of the most dangerous online threats. It’s a form of malware that searches your data and encrypts it, holding it hostage until you pay a ransom. In its case, your computer is the target.

Most ransomware cases ask for around $300 to be paid in crypto-currency over Tor. WannaCry’s demands, for example, ranged from $300-$600. Even after paying the ransom, though, your data may still be at risk.

In late June 2018, many users received an email from the alleged developers of WannaCry, demanding $650 in payment or their data would be destroyed. It was just a phishing scam, though, which we’ll talk about next.

There are different kinds of ransomware and learning them is a key part of keeping yourself protected. You can read more in our what is ransomware guide, or check out how to protect against ransomware.

Phishing

Phishing is meant to entice unsuspecting internet users into downloading unwanted applications or providing personal details. It isn’t just online, either. Phishing can take place over email, phone, text and more.

Phishing scheme can get you in many ways, too. The most common method is to send a malicious link to a user and have them download malware. That could be anything from ransomware to adware, both of which are covered in our best antivirus software guide.

There are forms of phishing that don’t require you to click a malicious link, though, and those are far scarier. You can learn about them in our what is phishing guide.

Browser Hijacking

Browser hijacking is a cybercrime that is typically used for ad fraud. Malware hijacks your browser settings, often changing the homepage, default search engine and more. The new destinations display advertisements that the hacker uses to generate revenue.

While your computer is the target of browser hijacking, ad fraud falls into the category of using your computer as an accessory.

Browser hijacking is common, mainly because many people don’t know they are a victim. Hijackers are usually bundled with free applications and masquerade as a more secure way to use the internet. That isn’t true, of course, and the attacker uses the misinformation to install malware on your machine.

Some browser hijackers redirect the websites you’re trying to go to, as well, which is a technique that can be used to download more malware on your machine. You can learn about that and ways to protect yourself in our what is browser hijacking guide.

Fraud and Identity Theft

Most cybercrime boils down to fraud and identity theft. Botnets are a form of fraud, for example, and phishing is often used for identity theft. Ransomware, botnets, phishing and browser hijackers are the most common tools used for those crimes, but there are others.

That’s why it’s important to be cautious with your information online. Even reputable companies, such as Yahoo, can be the target of massive data breaches, exposing billions of people to identity theft. If possible, it’s not a bad idea to provide inaccurate information on your accounts and use a burner email address.

The Cybercrime Economy

Cybercrime has its own economy that takes place on the dark web, which is different from the deep web. Criminals buy and sell malware, botnets, data lists and more to commit fraud and identity theft. That said, there’s a more sinister side to the dark web.

The dark web is used for sex trafficking, distribution of child pornography, hitmen and much more. There’s a corner of the internet, hidden by multiple redirects and encrypted pages, that opens up those horrible crimes. We’re calling it the “cybercrime economy.”

Because of the long paper trail left behind by using the internet, anonymity is the primary concern for criminals taking part in those activities. A combination of Tor and a secure virtual private network, along with the trust of others who run in those circles, usually allows people to access relevant areas of the dark web.

Your information, especially if it has been part of a data breach, is likely on the dark web and available for purchase. Experian, a company that provides identity theft protection, says your social security number could sell for as little as $1 on the dark web. Credit card numbers are sold for as little as $5.

In most cases, your identity used to make false purchases. On the internet, everyone can use a different name and face, though, so it’s sometimes used to carry out additional crimes. Protecting your personal data is paramount, not only for the number in your bank account, but also for your freedom.

How to Protect Yourself from Cybercrime

All the above is pretty terrifying, we know, but the upside to cybercrime is that it’s fairly easy to protect against, provided you’re willing to spend a few bucks. Let’s take a look at some simple steps.

Install an Antivirus

An antivirus is built for the purpose of protecting users against cybercrime. Modern applications scan the data on your machine for anything malicious and provide real-time protection against threats such as phishing.
Bitdefender, our top pick in our antivirus reviews, comes with ransomware protection, too. You can choose which files should be protected and it will monitor them for activity. In some cases, the ransomware protection will even block legitimate requests, such as saving a Word document. You can add exceptions, though.

Bitdefender got near-perfect scores from the three independent labs we consulted during our Bitdefender review. It also has an excellent feature set and a decent price, to boot.

There are many great antiviruses on the market, though. Bitdefender is just one of the choices at the top. You can read our guide to the most secure antivirus to learn about options such as Kaspersky (read our Kaspersky Anti-Virus review).

An antivirus should be your first line of defense against cybercrime. Many tools use behavior monitoring to pin down new malware that hasn’t been logged in the database yet. As long as you have one protecting you, it’s highly unlikely you’ll fall victim to cybercrime.

Use a Password Manager

Unfortunately, an antivirus can’t protect you from data breaches. Using one our picks for best password manager can, though. A password manager stores your account details in an encrypted vault, allowing you to use a unique password on every website.

Most websites keep your password on file in an encrypted form. Encryption is made to be cracked, though, and a weak password leaves you vulnerable. A single word password, such as “password,” can be cracked in a few seconds with a dictionary attack.

Each additional character you use to randomize your password increases your security exponentially. If you’re using a password of, say, 15 characters including numbers, lowercase letters, uppercase letters and special characters, it’ll take millions of years to crack (read more on this in our guide on creating a strong password).

A password manager enables you to do that, as well as use a strong, unique password for each of your accounts. Remembering “2bo*rn$8P47UjjQ4N” isn’t exactly possible, especially when using different passwords for different accounts, so a password manager handles it for you to increase your security.

We like Dashlane a great deal for its exceptional security and long list of features. The most recent version came with extra goodies, such as a VPN, but at a higher cost. It’s still an excellent choice for a password manager, though, as you can read in our Dashlane review.

We also like 1Password, especially given Dashlane’s price increase. It has fantastic security, though it’s not as good as Dashlane’s, and a large feature set. Our favorite feature is Travel Mode, which lets you wipe all personal data from your mobile device and store it in your vault while traveling. After arriving at your destination, you can restore it with a single tap.

You can learn more in our 1Password review or see how the two compare in our Dashlane vs. 1Password article.

1Password is cheap, too, but it’s not for everyone. If you need to shop around, make sure to read through our password manager reviews.

Use a VPN

Your browser sends an awful lot of information when you connect to a website. Even with a secure SSL/TLS connection, that data can be intercepted or redirected to expose your identity. That’s ignoring the possibility of an untrustworthy internet service provider, too.

A virtual private network will keep your privacy online. You connect to the VPN provider through a secure tunnel, meaning no one knows what websites you’re visiting. It’s a major tool for privacy which, in turn, provides you security from identity theft.

If you’re using a VPN, a cybercriminal won’t be able to trace you, so they won’t be able to target you, either. It has upsides in bypassing geoblocks and circumventing censorship, too. You can read our best VPN guide or skim through our VPN reviews to find a provider that suits your needs.

We’ll spoil it and let you know that ExpressVPN is our first choice, though. While the price is high, it has excellent speeds, security and features. The interface is easy to get around, too. You can learn more about it in our ExpressVPN review.

Backup Your Data

Backing up your data should be a normal process, but if the upsides of having a safety net aren’t enough for you, maybe your online security will be. The best cloud backup services allow you to offload sensitive documents to the cloud so that access to your key files becomes a nonfactor.

Ransomware looks silly if you can just restore the data that’s been encrypted. If you contract malware, no matter how dangerous, you can wipe your machine clean and restore your files. That’s if they’re backed up, of course: the best online backup with ransomware protection will help you on your way in this regard.

Our first choice is IDrive because it comes with a lot of storage for a low price and is quick to backup. It has an excellent list of features, including mobile backup, private encryption and advanced scheduling, too. You can learn more in our IDrive review.

Final Thoughts

Cybercrime is going to continue to be a problem. With the world being as connected as it’s ever been, a new breed of criminal needs to be dealt with. Thankfully, there are tools to handle online threats and they’ve gotten better over the years.

Protect yourself by using an antivirus, password manager, VPN and cloud backup service. 

Cloudwards:

You Might Also Read:

Europol Warning: 15 Ways To Become A Cybercrime Victim

« Mobile Security Threats Put Businesses At Risk
It's Time To Embrace Blockchain Technology »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Maureen Data Systems (MDS)

Maureen Data Systems (MDS)

Our mission at Maureen Data Systems is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

ioXt Alliance

ioXt Alliance

The ioXt Alliance is a group of manufacturers, industry alliances and government organizations dedicated to harmonizing best security practices in a highly connected world.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

Measured Insurance

Measured Insurance

Measured Insurance are bridging the gap between technology and Insurance using AI-Powered analytics that track clients’ exposure in real time to create smarter insurance products.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.