Cyber Crime Awareness

By
MHCYBER & ICPF
 INDEX
• Introduction of Cyber Security • Morph Detection
• Fake Domain • VOIP call
• RDP Applications • System Hacking
• OLX Fraud • Malware
• Phishing Attack • Firewall
• Mobile Hacking • Cloud
• Social Media Hacking • OSINT
• Payment Request • Google Advance Search
• Data Base Hack • Website Intelligence
• Applications Permissions
 Introduction of Cyber Security
 The technique of protecting internet-connected systems such as computers, servers, mobile
devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity.

 Cyber refers to the technology that includes systems, networks, programs, and data. And security
is concerned with the protection of systems, networks, applications, and information. In some
cases, it is also called electronic information security or information technology security.

 Cyber Security is the set of

principles and practices designed to
protect our computing resources and
online information against threats.
 INTRODUCTION

What is Cyber Crime?

Cybercrime is a crime that involves a computer
and a network. The computer may have been
used in the commission of a crime, or it may be
the target. Cybercrime may harm someone's
security and financial health.

Types of Cyber Crime:

• Malware attacks
• Phishing
• Distributed DoS attacks
Types of Attacks
 WEBSITE PHISHING
What is Website Phishing?
• Website Phishing is a common phishing scam. A fraudster impersonates your brand by
misusing and misrepresenting your registered domain name.
• Scammers often use domain names that are almost like a real company's name, but not quite.
• They try to catch you out by, for example, using a name with a zero where the letter 'o' should
be. Or by slipping in an extra letter Or by special characters (å,â,!) that many users won't
notice.

Example :

Official address of Lady Tata Trust is : https://ladytatatrust.tatatrusts.org/

Fake address of Lady Tata Trust is :
1. http://www.ladytatatrust.org/
This address contains “http” instead of “https”, which indicates that you’re signing
into an insecure server.
Online Loan Fraud
Applications Permissions
KYC Fraud
 QR Code Fraud
A Quick Response (QR) code is a scannable barcode encoded with data. Fraudsters create
their QR code to steal banking or personal information and receive money from the victims
in a fraudulent manner.
 Matrimonial Fraud
• Go for verified matrimonial websites.
• Create new e-mail id for matrimonial websites
• Always do a background check of the prospective match.
• Always keep your family informed.
• Always meet in public place.
• Do not share personal information.
• Never share your sensitive personal photographs.
• Never entertain any request for money.
• Be cautious while dealing with NRI profiles.
 Investment Fraud

Investment Fraud ,This type includes selling

investments or securities with false,
misleading information. It could be false
promises, hiding facts, and insider trading
tips.
 Online Job Fraud
● A job scam occurs when a scammer poses as an employer or recruiter, and offers
attractive employment opportunities, which require the job seeker to pay some
money in advance. This is usually under the guise of work visas, travel expenses or
credit checks that are required for the job.

● Some examples of Online Job Fraud include:

 Stuffing envelopes
 Reselling merchandise
 Data entry scams
 Reshipping scams

● Prevention of job fraud: Do not make payments on unknown job search websites
Cyber Bullying
 SIM Swap Scam
● What is SIM Swap Scam:

A SIM swap scam is a type of account takeover fraud that generally targets a weakness in
two-factor authentication and two-step verification in which the second factor or step is a
text message or call placed to a mobile telephone.

● How SIM swapping works : SIM swapping happens when scammers contact your mobile
phone's carrier and trick them into activating a SIM card that the fraudsters have.

● Prevention: Lock your phone number with your service provider

 Insurance Fraud

Fraud occurs when someone knowingly lies

to obtain a benefit or advantage to which
they are not otherwise entitled or someone
knowingly denies a benefit that is due and to
which someone is entitled.
 Gift Fraud
• Social Media users often see Giveaways posts on Social Media
platforms like YouTube and Instagram. They ask the users to like or
comment on the post to win groceries or gain followers or a prize that
increases their brand value, and the user will be added to the
giveaway's draw list. Several Giveaways do not exist at all. Fake
social media influencers create them as it is the easiest way of
accumulating social media likes and followers.
 Lottery Fraud
• Lottery fraud begins with an attractive
e-mail/SMS sent to the victims. Lottery
fraudsters will try to convince the victim
that he has won the lottery.
 Cyber Bullying

Cyber Bullying

Cyberbullying or cyberharassment is a form of bullying or

harassment using electronic means.

o spreading lies about or posting embarrassing photos or videos

of someone on social media

o sending hurtful, abusive or threatening messages, images or

videos via messaging platforms
Electricity Bill Fraud
 Child Pornography
● What is Child Pornography :
Child pornography is pornography that unlawfully exploits children for sexual
stimulation. It may be produced with the direct involvement or sexual assault of
a child or it may be simulated child pornography.

Examples of Cyber Stalking:

• Post rude, offensive, or suggestive comments online
• Use technology to threaten or blackmail the target
• Message the target repeatedly
 Cyber Stalking
● What is Cyber Stalking :

Cyberstalking is the use of the Internet or other electronic means to stalk

or harass an individual, group, or organization.

● Examples of Cyber Stalking:

• Post rude, offensive, or suggestive comments online

• Use technology to threaten or blackmail the target
• Message the target repeatedly
 Sextortion

● What is Sextortion :

Sextortion occurs when someone threatens to distribute your private and sensitive material
if you don't provide them images of a sexual nature, sexual favors, or money.

● Examples of Cyber Stalking:

• Post rude, offensive, or suggestive comments online

• Use technology to threaten or blackmail the target
• Message the target repeatedly
Attacker’s Crime Strategies
Psychological Factors used by Fraudsters are:
• Trust: Exploiting that impulse is the basis of social engineering.
• Ignorance: Lack of knowledge about social engineering attacks makes people and
organizations vulnerable.
• Fear: People are afraid of loss, and fraudsters exploit people’s fears. For example, they
might send a message or make a call warning about the possible loss of employment or
money, or access.
• Greed: Fraudsters promise rewards in exchange for divulging information.
• Moral duty: People often feel obliged to help fraudsters when asked for help especially
seeking donations during floods or Pandemic like Covid19.
• Urgency: A fraudster might call or email in the guise of a high-ranking chief executive
officer who requires an urgent transfer of funds. They usually spoof emails posing as
their boss.
• Panic / Anger: People don’t think clearly when pressured to act quickly. When
Fraudsters call victims pretending to support and provide a frantic scenario that
compromises safety.
Different Stages:
 Information Gathering – Internal phone directory; birth dates;
organizational charts; personnel records, social activities, and
relationships
 Development of Relationship – Psychological aspect of trust. The
fraudster presents themselves as senior members of the organization
to target to strengthen the relationship and trust.
 The exploitation of Relationship – Manipulation of the victim and
obtaining the information like username and password and preparing
to perform an illegal action
 Execution to achieve the objective – Having obtained the required
personal/sensitive information, the fraudster can access the system
and complete the illegal action.
Remote Access Applications (RDP)
RDP stands for Remote Desktop Protocol
 TeamViewer
• TeamViewer is a comprehensive remote access, remote control and remote support
solution that works with almost every desktop and mobile platform, including Windows,
macOS, Android, and iOS.
• TeamViewer connects computers, smartphones, servers, IoT devices, robots anything with fast,
high performance connections through our global access network.
Is TeamViewer safe to use?
• TeamViewer traffic is secured using RSA public/private key
exchange and AES (256-bit) session encryption. This
technology is used in a comparable form for https/SSL and is
considered completely safe by today’s standards.

• The software can be applied any criminal activity; however, the

source of the problem, according to research, is careless use,
not a potential security breach on TeamViewer’s side, Neither
was TeamViewer hacked nor is there a security hole.
Team Viewer Mobile Application
 AnyDesk
 AnyDesk remote desktop software allows users with Internet access to connect to a computer
remotely from anywhere in the world.
 It offers remote control, file transfer, and VPN functionality.
AnyDesk Mobile Application
 Why Any Desk is more frequently used than Team Viewer?
Because of their application size, AnyDesk consumes less time to download the application.
 OLX Fraud
OLX is a leading platform to buy and sell goods and services. The public's lack of
knowledge of app-based payment services and UPI helps fraudsters in making quick
cash. In this type of fraud, the fraudster usually poses as an army/ paramilitary officer,
contacts a person selling products on websites like OLX and Quikr, and readily agrees to
pay the asked price.
 4 . Phishing Attack

Phishing: It is a type of cybersecurity attack during which malicious actors send messages pretending to be a
trusted person or entity.
Types of Phishing: Common Features of Phishing Emails:
1. Vishing 1. Sense of Urgency
2. Email phishing 2. Hyperlinks
3. Click jacking 3. Attachments
4. Smishing 4. Unusual Sender

Prevent Phishing Attacks: Pick Strong Passwords, Use Two-Factor Authentication, Be Careful What You
Click.
 Mobile Hacking
• The attackers are easily able to compromise the mobile
network because of various vulnerabilities, the majority of the
attacks are because of the untrusted apps.
• The main operating systems used are:
• Android
• IOS
• Windows
• Blackberry
Demo of Mobile Tracker Application
How to prevent WhatsApp Hacking

Two-Step Log out from

verification is every device
important
Wrong code entry leads to 10 - 12 hour wait on Attacker's Phone
Payment Request
 System Hacking
• System hacking is defined as the compromise between computer systems and software to access the target
computer and steal or misuse their sensitive information.
• Hackers use a variety of techniques and methods to access electronic systems, including phishing, social
engineering, and password guessing.
 SQL Injection
• A SQL injection is a technique that attackers use to gain unauthorized access to a web application
database by adding a string of malicious code to a database query.

How is SQL injection detected?

• The technique relies on detecting either a delay, or a change in the HTTP response, to distinguish
between a query resolving to TRUE or FALSE.
 VoIP Call
• Voice over Internet Protocol (VoIP), is a technology that allows you to make voice calls using a
broadband Internet connection instead of a regular (or analog) phone line.

__
ANY Call Application
 Morphing
• Morphing is altering or changing the pictures of the person using morphing tools available online. Young girls and
women usually fall prey at the hands of the online criminals, who use their photographs posted online and misuse
these images by changing the pictures.

• The altered pictures are then used by perpetrators for blackmailing you, creating fake online profile, sexting, sex
chats, pornographic content, nude pictures etc.
Caller ID spoofing Identity Spoofing
Caller ID spoofing is the practice of causing the telephone network to
indicate to the receiver of a call that the originator of the call is a station other
than the true originating station.
This can lead to a caller ID display showing a phone number different from
that of the telephone from which the call was placed.
The term is commonly used to describe situations in which the motivation is
considered malicious by the originator.
How caller id spoofing detects
5 Phases of Ethical Hacking
 SMS Bombing

What is SMS Bombing

 It is very easy to use SMS bomber tools. Users have to just enter the number, and
value (how many messages you want to send), hit the submit button and wait until
the success alert.

 Legal experts believe using SMS bombers qualifies as a form of harassment. “Such
apps/websites do not have a proper privacy policy or terms of service. Although it
calls itself a tool for fun, this has the potential to create immense harm. Incessant
messages can be a nuisance for the person targeted. This can be easily used to harass
persons. However, the terms of service state that it can be used only on friends and
family and with consent, but there is no way to monitor this,” said Prasanth
Sugathan, Legal Director at SFLC.in.

 Bombarding of SMSes even after activating DND service on one’s phone number is
not just a form of harassment and nuisance (I.P.C Section 268), but “are a trap, bait,
and a criminal act of theft, cheating and dishonestly inducing delivery of property
under I.P.C Sections 378 & 420,” said Bombay High Court lawyer Satya Muley.
 SMS Bombing

SMS Bomber Application

SMS received
 Social Media Frauds

In the era of digital technology, Social Media such

as Facebook, Twitter, and LinkedIn have become
key tools in conducting various activities in our day-
to-day lives. Fraudsters choose Social Media to
appear legitimate and to reach people easily. We live
in a time where privacy seems to be eroding as more
and more technologies are integrated into our daily
lives. Inappropriate use of our data has become a
topic of significant importance in recent years.
Whether it's phishing assaults, protecting business
accounts from intrusion, battling fraud, or defending
against social engineering like mimicking accounts,
social media comes with its own set of threats.
Social media accounts are vulnerable to exploitation; common attacks include
1. Hashtag Hijacking
2. Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
3. Pharming
4. Phishing and Click jacking
5. Identity Theft
6. Impersonation, all of which involve the risk of losing something valuable
(i.e., information, reputation, or goodwill)
 Email Spoofing

Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a
person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that client
software displays the fraudulent sender address, which most users take at face value. Unless they inspect the header
more closely, users see the forged sender in a message. If it’s a name they recognize, they’re more likely to trust it.
So they’ll click malicious links, open malware attachments, send sensitive data and even wire corporate funds.
 Malware

Malware is any software intentionally designed to cause disruption to a computer, server, client, or
computer network, leak private information, gain unauthorized access to information or systems, deprive
access to information, or which unknowingly interferes with the user's computer security and privacy.

Types of malware:

• Virus
• Worms
• Trojan virus
• Spyware
• Adware
• Ransomware
• Fileless malware
  Ransomware
Ransom malware, or ransomware, is a type of malware that prevents users from accessing
their system or personal files and demands ransom payment in order to regain access.

Types of Ransomware:
• WannaCry
• CryptoLocker
• NotPetya
• Bad Rabbit
• Revil
• Ryuk

How to defend against ransomware:

• Back up your data
• Secure your backups
• Practice safe surfing
• Stay informed
  Trojan
In computing, a Trojan horse is any malware that misleads users of its true intent. The
term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to
the fall of the city of Troy.

Common types of Trojan malware:

• Backdoor Trojan
• Distributed Denial of Service (DDoS) attack Trojan
• Game-thief Trojan
• Ransom Trojan
• Remote Access Trojan

Protect against Trojan:

• Be careful with email attachments.
• Back up your files regularly.
• Don’t visit unsafe websites.