Guide To All Things Criminal On The Web

The idea of using the Internet to commit crimes isn’t new, but the problem continues to grow as people become more reliant on the Internet for making purchases and storing personal information. In this guide to cybercrime, we’ll explore the most potent threats on the Internet today.

We’re going to give you an overview of the common kinds of cybercrime, provide real-world examples and suggest tools you can use to protect yourself.

Unfortunately, you can’t justify assuming that common sense will get you past these hurdles. Just as you’d take steps to defend yourself from crime in a major city, you should do so while using the internet. Sometimes, avoiding a questionable area isn’t enough.

What Is Cybercrime?

Cybercrime is a criminal activity that involves a computer, or other networking devices. While some cybercrimes are meant to hurt the victim, most are used for financial gain.

Even though the goal is financial gain, individuals and businesses are both targets. Usually, individuals are one part of a larger attack in which the hacker intends to spread malware across machines to turn a profit. Business attacks, on the other hand, are generally a single shot.

Businesses are much more likely to be the target of hacktivist protests, too, which, in their own way, are a form of cybercrime.

There’s a long list of cybercrimes. The internet enables crimes such as fraud, money laundering, the sale of drugs and distribution of child pornography. We’re going to talk briefly about those, but this guide will focus on crimes that are sneakier and more relevant to you.

The US Department of Justice groups cybercrime into three areas: a computer is the target of an attack, is used as a weapon for an attack or is an accessory to an attack. As we go through the types of cybercrime, we’ll let you know in which area they are usually grouped.

Before getting into the types of cybercrime and what you can do to protect yourself, we’re going to look at some major examples and how they impacted normal users online.

Examples of Cybercrime

Yahoo was the target of one of the largest attacks in cybercrime history. It’s confusing how it happened, though. The company announced in September 2016 that it had been the target of an attack in 2014 in which 500 million accounts, including names, email addresses, dates of birth and phone numbers, were compromised.

A few months later, it announced that another attack, carried out in 2013 by a different group of hackers, accessed nearly a billion accounts, which included passwords and security question answers. The statement was then revised, revealing that just over 3 billion accounts were compromised.

At the time of the announcements, Yahoo was in negotiations with Verizon for sale. After the news broke, an estimated $350 million was taken off the sale price. It’s scary to think about, considering it was one of the largest data breaches in history and Yahoo waited three years to say anything about it.

Around the same time, and a bit before, the Blackshades RAT was a popular tool for extortion. An RAT, or Remote Access Tool, allows a remote computer to control yours without a physical connection. Most RATs are used legitimately, such as when a computer manufacturer provides support.

Blackshades, a hacker group, modified a commercially available RAT and used it for extortion. One of the most famous examples was Miss Teen USA Cassidy Wolf in 2014. Her webcam was hijacked and monitored for a year by Jared Abrahams, a classmate who had also cyber attacked 100-150 other women.

Photos of her dressing and undressing were used for sextortion. Abrahams demanded she make sexual videos or he would release the webcam images online. Nineteen other countries were affected by the Blackshades RAT, which was a prime example in our guide on how to secure your webcam.

The most potent threat today, though, is ransomware. The WannaCry ransomware 
attack was carried out in May 2017, infecting over 300,000 computers in 150 countries. In each case, it demanded payment of $300-$600 to unlock data it had encrypted.

Windows, which was the operating system targeted by the attack, released an emergency patch a few days later, but WannaCry had a transport protocol built in that allowed it to spread like a virus. By the time the security patch was released, the damage had been done.

The US, UK and Australia asserted that North Korea was behind the WannaCry attack. In September 2018, the U.S. Department of Justice brought formal charges against Park Jin-hyok for the 2014 Sony Pictures attack, claiming that he was part of the North Korea’s Reconnaissance General Bureau, to whom they also attributed the WannaCry attacks.

Types of Cybercrime

Let’s take a look at the different kinds of cybercrime out there.

Botnets

Botnets are networks of computers that have been infected with a bot. A bot is a form of malware that allows a remote machine to use the resources on your computer to carry out actions. Distributed denial-of-service attacks (you may know them as DDoS attacks) are the most recognizable use of botnets. For those, your computer is used as a weapon.

That said, a botnet can be used for many purposes. Any action that requires a lot of computing resources is ripe for a botnet. In some cases, they are used to carry out ad fraud, which is when fake traffic is sent to an advertisement, and crypto-mining, which uses a small amount of your system resources to solve hashes which in turn earns the crime in question bitcoin.

Botnets are scary because they’re intended to live on your machine undetected. Often, you won’t notice performance degradation. You can learn more about them and how to protect yourself in our what is a botnet guide, or read about Hola VPN, a service that slaves your comp into one.

Ransomware

Ransomware, which we provided an example of in the section above, is one of the most dangerous online threats. It’s a form of malware that searches your data and encrypts it, holding it hostage until you pay a ransom. In its case, your computer is the target.

Most ransomware cases ask for around $300 to be paid in crypto-currency over Tor. WannaCry’s demands, for example, ranged from $300-$600. Even after paying the ransom, though, your data may still be at risk.

In late June 2018, many users received an email from the alleged developers of WannaCry, demanding $650 in payment or their data would be destroyed. It was just a phishing scam, though, which we’ll talk about next.

There are different kinds of ransomware and learning them is a key part of keeping yourself protected. You can read more in our what is ransomware guide, or check out how to protect against ransomware.

Ransomware, which we provided an example of in the section above, is one of the most dangerous online threats. It’s a form of malware that searches your data and encrypts it, holding it hostage until you pay a ransom. In its case, your computer is the target.

Most ransomware cases ask for around $300 to be paid in crypto-currency over Tor. WannaCry’s demands, for example, ranged from $300-$600. Even after paying the ransom, though, your data may still be at risk.

In late June 2018, many users received an email from the alleged developers of WannaCry, demanding $650 in payment or their data would be destroyed. It was just a phishing scam, though, which we’ll talk about next.

There are different kinds of ransomware and learning them is a key part of keeping yourself protected. You can read more in our what is ransomware guide, or check out how to protect against ransomware.

Phishing

Phishing is meant to entice unsuspecting internet users into downloading unwanted applications or providing personal details. It isn’t just online, either. Phishing can take place over email, phone, text and more.

Phishing scheme can get you in many ways, too. The most common method is to send a malicious link to a user and have them download malware. That could be anything from ransomware to adware, both of which are covered in our best antivirus software guide.

There are forms of phishing that don’t require you to click a malicious link, though, and those are far scarier. You can learn about them in our what is phishing guide.

Browser Hijacking

Browser hijacking is a cybercrime that is typically used for ad fraud. Malware hijacks your browser settings, often changing the homepage, default search engine and more. The new destinations display advertisements that the hacker uses to generate revenue.

While your computer is the target of browser hijacking, ad fraud falls into the category of using your computer as an accessory.

Browser hijacking is common, mainly because many people don’t know they are a victim. Hijackers are usually bundled with free applications and masquerade as a more secure way to use the internet. That isn’t true, of course, and the attacker uses the misinformation to install malware on your machine.

Some browser hijackers redirect the websites you’re trying to go to, as well, which is a technique that can be used to download more malware on your machine. You can learn about that and ways to protect yourself in our what is browser hijacking guide.

Fraud and Identity Theft

Most cybercrime boils down to fraud and identity theft. Botnets are a form of fraud, for example, and phishing is often used for identity theft. Ransomware, botnets, phishing and browser hijackers are the most common tools used for those crimes, but there are others.

That’s why it’s important to be cautious with your information online. Even reputable companies, such as Yahoo, can be the target of massive data breaches, exposing billions of people to identity theft. If possible, it’s not a bad idea to provide inaccurate information on your accounts and use a burner email address.

The Cybercrime Economy

Cybercrime has its own economy that takes place on the dark web, which is different from the deep web. Criminals buy and sell malware, botnets, data lists and more to commit fraud and identity theft. That said, there’s a more sinister side to the dark web.

The dark web is used for sex trafficking, distribution of child pornography, hitmen and much more. There’s a corner of the internet, hidden by multiple redirects and encrypted pages, that opens up those horrible crimes. We’re calling it the “cybercrime economy.”

Because of the long paper trail left behind by using the internet, anonymity is the primary concern for criminals taking part in those activities. A combination of Tor and a secure virtual private network, along with the trust of others who run in those circles, usually allows people to access relevant areas of the dark web.

Your information, especially if it has been part of a data breach, is likely on the dark web and available for purchase. Experian, a company that provides identity theft protection, says your social security number could sell for as little as $1 on the dark web. Credit card numbers are sold for as little as $5.

In most cases, your identity used to make false purchases. On the internet, everyone can use a different name and face, though, so it’s sometimes used to carry out additional crimes. Protecting your personal data is paramount, not only for the number in your bank account, but also for your freedom.

How to Protect Yourself from Cybercrime

All the above is pretty terrifying, we know, but the upside to cybercrime is that it’s fairly easy to protect against, provided you’re willing to spend a few bucks. Let’s take a look at some simple steps.

Install an Antivirus

An antivirus is built for the purpose of protecting users against cybercrime. Modern applications scan the data on your machine for anything malicious and provide real-time protection against threats such as phishing.
Bitdefender, our top pick in our antivirus reviews, comes with ransomware protection, too. You can choose which files should be protected and it will monitor them for activity. In some cases, the ransomware protection will even block legitimate requests, such as saving a Word document. You can add exceptions, though.

Bitdefender got near-perfect scores from the three independent labs we consulted during our Bitdefender review. It also has an excellent feature set and a decent price, to boot.

There are many great antiviruses on the market, though. Bitdefender is just one of the choices at the top. You can read our guide to the most secure antivirus to learn about options such as Kaspersky (read our Kaspersky Anti-Virus review).

An antivirus should be your first line of defense against cybercrime. Many tools use behavior monitoring to pin down new malware that hasn’t been logged in the database yet. As long as you have one protecting you, it’s highly unlikely you’ll fall victim to cybercrime.

Use a Password Manager

Unfortunately, an antivirus can’t protect you from data breaches. Using one our picks for best password manager can, though. A password manager stores your account details in an encrypted vault, allowing you to use a unique password on every website.

Most websites keep your password on file in an encrypted form. Encryption is made to be cracked, though, and a weak password leaves you vulnerable. A single word password, such as “password,” can be cracked in a few seconds with a dictionary attack.

Each additional character you use to randomize your password increases your security exponentially. If you’re using a password of, say, 15 characters including numbers, lowercase letters, uppercase letters and special characters, it’ll take millions of years to crack (read more on this in our guide on creating a strong password).

A password manager enables you to do that, as well as use a strong, unique password for each of your accounts. Remembering “2bo*rn$8P47UjjQ4N” isn’t exactly possible, especially when using different passwords for different accounts, so a password manager handles it for you to increase your security.

We like Dashlane a great deal for its exceptional security and long list of features. The most recent version came with extra goodies, such as a VPN, but at a higher cost. It’s still an excellent choice for a password manager, though, as you can read in our Dashlane review.

We also like 1Password, especially given Dashlane’s price increase. It has fantastic security, though it’s not as good as Dashlane’s, and a large feature set. Our favorite feature is Travel Mode, which lets you wipe all personal data from your mobile device and store it in your vault while traveling. After arriving at your destination, you can restore it with a single tap.

You can learn more in our 1Password review or see how the two compare in our Dashlane vs. 1Password article.

1Password is cheap, too, but it’s not for everyone. If you need to shop around, make sure to read through our password manager reviews.

Use a VPN

Your browser sends an awful lot of information when you connect to a website. Even with a secure SSL/TLS connection, that data can be intercepted or redirected to expose your identity. That’s ignoring the possibility of an untrustworthy internet service provider, too.

A virtual private network will keep your privacy online. You connect to the VPN provider through a secure tunnel, meaning no one knows what websites you’re visiting. It’s a major tool for privacy which, in turn, provides you security from identity theft.

If you’re using a VPN, a cybercriminal won’t be able to trace you, so they won’t be able to target you, either. It has upsides in bypassing geoblocks and circumventing censorship, too. You can read our best VPN guide or skim through our VPN reviews to find a provider that suits your needs.

We’ll spoil it and let you know that ExpressVPN is our first choice, though. While the price is high, it has excellent speeds, security and features. The interface is easy to get around, too. You can learn more about it in our ExpressVPN review.

Backup Your Data

Backing up your data should be a normal process, but if the upsides of having a safety net aren’t enough for you, maybe your online security will be. The best cloud backup services allow you to offload sensitive documents to the cloud so that access to your key files becomes a nonfactor.

Ransomware looks silly if you can just restore the data that’s been encrypted. If you contract malware, no matter how dangerous, you can wipe your machine clean and restore your files. That’s if they’re backed up, of course: the best online backup with ransomware protection will help you on your way in this regard.

Our first choice is IDrive because it comes with a lot of storage for a low price and is quick to backup. It has an excellent list of features, including mobile backup, private encryption and advanced scheduling, too. You can learn more in our IDrive review.

Final Thoughts

Cybercrime is going to continue to be a problem. With the world being as connected as it’s ever been, a new breed of criminal needs to be dealt with. Thankfully, there are tools to handle online threats and they’ve gotten better over the years.

Protect yourself by using an antivirus, password manager, VPN and cloud backup service. 

Cloudwards:

You Might Also Read:

Europol Warning: 15 Ways To Become A Cybercrime Victim

« Mobile Security Threats Put Businesses At Risk
It's Time To Embrace Blockchain Technology »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cloud Industry Forum (CIF)

Cloud Industry Forum (CIF)

Cloud Industry Forum is a non-profit industry body that champions and advocates the adoption and use of Cloud-based services by businesses and individuals.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

Security BSides

Security BSides

Security BSides is the first grass roots, DIY, open security conference in the world!. BSides is a community-driven framework for building events for and by information security community members.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

APIsentry

APIsentry

APIsentry is a leading provider of comprehensive API security solutions, specializing in protecting organizations from a wide range of cyber threats targeting their Application Programming Interfaces.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.