Types of Cybercrime and How to Protect against Them
Cybercrime is rising at an unprecedented rate. Here is a guide on cybercrime types and tips to protect against them.
Key Points
- Cybercrime is mounting against individuals, businesses and governments.
- Common types of cybercrime include identity theft, ransomware and denial of service attacks.
- Organizations can help thwart attacks through services such as email protection, business continuity and data archiving, as well as employee training.
Cybercrime is a growing threat, with the number of attacks and their costs both rising swiftly. How fast? The FBI’s Internet Crime Complaint Center recently noted that it took 20 years to log 5 million complaints before its 20th anniversary in 2020, but only 14 months to log the next million complaints.[1] And these figures represent just a tip of the iceberg of unreported incidents.
What is Cybercrime?
The Merriam-Webster dictionary defines cybercrime as “criminal activity committed using a computer, especially to illegally access, transmit or manipulate data.” But that definition may not cover the full scope of what cybercrime is today. At its root, cybercrime is any illegal activity using a computer, either as the attacker’s weapon or target. That covers a wide variety of types of crime, from phishing emails and identity theft that affect individuals, to ransomware and denial of service (DoS) attacks targeting businesses and organizations. There are also multiple categories of cybercrime offenders, from the hacker-in-a-hoodie stereotype to organized crime syndicates, cyberterrorists and nation-states.
Categories of Cybercrime
The list of cybercrimes is long and varied, but cybercrime falls into three main categories:
- Individual: This category includes a variety of cybercrimes carried out against a single person, including cyberstalking, identity theft and child pornography.
- Property: As more business activity continues to move online, stealing data and intellectual property is one of the most profitable and common types of cybercrime. This can include phishing attacks that scam credit card numbers and personal information, sophisticated spear phishing that uses impersonation to request funds, or ransomware attacks that seek to steal an organization’s files and extort a payment in exchange for returning them.
- Government: This category of cybercrime often involves state-sponsored attackers and cyberterrorists in targeting another country’s secrets and critical infrastructure. Attacks include disseminating misinformation and propaganda, as well as outright digital sabotage affecting critical infrastructure systems.
Cybercrime Types
The types of cybercrime continue to grow and evolve as new channels of digital communication develop. Here are broad varieties:
- Phishing: Perhaps the “original” email scam, phishing is when fraudsters spam users online with emails promising prizes or threatening an account suspension, for example, then asking them to click on a link or go to a site to sort things out. Instead of winning a gift or reactivating that frozen credit card, users instead get their identities stolen or their computers infected with viruses. Phishing remains the most popular form of cyberattack, and it has endured despite all efforts to fight it off. In recent years, phishing has evolved in new directions, such as targeted spear phishing, smishing (via text message) or vishing (using voicemail).
- Identity theft: Just as it sounds, identity theft involves stealing personal information to use for fraudulent purposes. Cybercriminals can attack individuals through phishing scams or break into corporate systems and steal databases of sensitive information such as credit card or Social Security numbers. Entire catalogs of information are up for sale on the Dark Web, where fraudsters acquire them for their various exploits.
- Ransomware: Cybercriminals have developed the highly profitable tactic of breaking into databases, extracting and deleting files, or encrypting them so the organization they belong to can’t get access. The attackers then extort payments — usually in cryptocurrency — in exchange for returning or unlocking compromised data. This practice has grown into a veritable ransomware crime wave in 2021. Recently, some groups have upped the ante by threatening to publish sensitive or proprietary information to force victims to pay up.
- Denial of service (DoS): In the traditional DoS version, attackers flood a service or computer network with requests. This overwhelms the website’s servers, causing them to crash and taking the site offline. Another version of this type of cybercrime, distributed denial of service (DDoS), uses multiple attackers in different geographical locations to swamp the network from different IP addresses and make it harder to fight off the attack.
- Malware attacks: Ransomware is one type of malware attack, but malicious software comes in many varieties, all designed to infiltrate a computer system and perform an unscrupulous activity on behalf of a cybercriminal. Spyware, just as its name implies, records activity without the user’s knowledge, while keyloggers record each keystroke users make on their keyboard. Rootkits can give a hacker control of a user’s device, such as a webcam. Malware sneaks into systems in many ways: Trojans come disguised as harmless software, until they are downloaded into the system, while worms exploit security vulnerabilities in existing software to crawl into the system without the need for a user to download.
- Cyberstalking: This is the digital evolution of the “analog” crime. In this case, a stalker tracks the victim online, gleans information from online sources and communicates via digital channels, harassing and threatening the victim. Some cyberstalkers use spyware and gain access to webcams and digital speakers in order to stalk their victims. Some cyberstalking escalates to “sextortion,” a form of blackmail where the criminal uses photos or videos of the victim to extort money or sex. The FBI has recently become more concerned about this particular crime after seeing a spike among young people.[2]
- Webjacking and brand exploitation: In webjacking, criminals don’t steal something from a website, they take the whole site, or the traffic meant for it. This is usually done by gaining administrator access through fraudulent means and tampering with the Domain Name System (DNS) to bring users to a criminal site. Webjacking is different from URL phishing, where the fraudsters create a lookalike website similar to a legitimate one and direct victims there through phishing emails. But the result is the same: The website collects passwords, credit card numbers and other sensitive information.
How to Protect Against Cybercrimes
The types of cybercrime are constantly evolving so companies must remain alert. Yet, there are ways to protect against cybercrime:
- Police your email: Fraudulent emails are at the heart of many types of cybercrime, so organizations need to pay close attention to this channel. Employees need training to get in the habit of spotting and avoiding suspicious emails and reporting phishing attempts to their company’s security team. Some security tools will screen emails, looking for known phishing exploits and keep suspicious attachments from reaching their target.
- Set up web browsing guardrails: Users need to be careful when browsing online, to make sure they are dealing with legitimate websites before entering sensitive information. Organizations can train employees to help them spot webjacking and URL phishing, to help avoid these types of cybercrime. Additionally, browser protection tools can block unwanted programs and malware from being installed in the organization’s computers, and block internet domains known to be used by cybercriminals.
- Update your software regularly: Making sure operating systems and antivirus software are kept up to date is a basic best practice in cybersecurity. Vendors release patches regularly to solve vulnerabilities in their software and boost security against emerging threats.
- Deploy a VPN: Virtual private networks (VPNs) offer a layer of protection, especially when working remotely or in the cloud. These services encrypt data to keep outsiders from spying on web traffic.
- Enforce strong password hygiene: Too many users rely on easy passwords like birthdates and pet names, and reuse them across multiple sites and apps. This makes the hacker’s work easier. One compromised password can become a master key to break into many sites. Cybersecurity starts with a complicated password that changes often and is used only with one site. Employee awareness training can reinforce this behavior.
The Bottom Line about Cybercrime Types
Although the list of cybercrimes keeps growing, defenders can match the industriousness of the bad guys by preventing cybercrime through services implemented at scale. Services such as email protection, business continuity and data archiving, as well as employee training, will enable organizations to maintain operations and recover from attacks while minimizing their effects.
[1] “IC3 Logs 6 Million Complaints,” FBI
[2] “FBI Warns About an Increase in Sextortion Complaints,” FBI
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!