1

2
 3

Cybersecurity is the practice of protecting systems, networks, devices, and data from cyber
threats, such as hacking, data breaches, malware, and other malicious attacks.

It involves a combination of technologies, processes, and measures designed to safeguard

digital assets from unauthorized access, exploitation, or damage.

Cyber crime

A cybercrime is any criminal activity that involves a computer, network, or digital device as
either the target or the means for committing the offense.
 4

Essentially, it refers to crimes that are facilitated or carried out using technology.

These crimes can affect individuals, businesses, governments, or society at large, and they often
involve the unauthorized access, theft, or damage of digital information or systems.

Key Characteristics of Cybercrime:

 Use of Technology: The crime is either committed with or against a computer or digital
system.

 Illegal Actions: It typically involves illegal actions such as theft, fraud, identity theft,
data breaches, or even harassment.

 Impact on Data or Systems: The crime may disrupt, damage, or steal information,
disrupt services, or cause harm to a network or device.

Common Types of Cybercrime:

1. Hacking: Unauthorized access to computer systems to steal data or cause damage.

2. Phishing: Fraudulent attempts to gain sensitive information (e.g., passwords, credit card
details) by posing as a trustworthy entity in electronic communications.

3. Ransomware: Malicious software that locks users out of their data or system and
demands a ransom to restore access.

4. Identity Theft: Stealing someone's personal information to commit fraud or other crimes
in their name.

5. Cyberbullying: Using digital platforms to intimidate, threaten, or harass others.

6. Malware Distribution: Creating or spreading malicious software like viruses, worms, or

spyware that can harm or compromise data and systems.

7. Online Fraud: Activities like fake online shopping sites, investment scams, or deceptive
services that cheat victims out of money.

8. DDoS Attacks (Distributed Denial of Service): Overloading a website or server with

traffic, causing it to crash and become inaccessible.

9. Child Exploitation: Using the internet to exploit, harm, or abuse children, including the
production or distribution of child pornography.

Examples of Cybercrime:

 A hacker breaching a company's database and stealing customer information.

 A scammer sending fake emails to trick people into giving away credit card details.
 5

 A group using ransomware to lock a hospital's data and demanding payment to restore
access.

What is Malware? And its Types

Malware is malicious software and refers to any software that is designed to cause harm to
computer systems, networks, or users.

Malware is software that gets into the system without user consent to steal the user’s private
and confidential data, including bank details and passwords. They also generate annoying
pop-up ads and change system settings.

Malware includes computer viruses, worms, Trojan horses, ransomware, spyware, and other
malicious programs.

Individuals and organizations need to be aware of the different types of malware and take
steps to protect their systems, such as using antivirus software, keeping software and systems
up-to-date, and being cautious when opening email attachments or downloading software
from the internet.

Why Do Cybercriminals Use Malware?

 Cybercriminals use malware, including all forms of malicious software including viruses,
for various purposes.
 Using deception to induce a victim to provide personal information for identity theft
 Theft of customer credit card information or other financial information
 Taking over several computers and using them to launch denial-of-service attacks against
other networks

Advantages of Detecting and Removing Malware

 Improved Security: By detecting and removing malware, individuals, and organizations
can improve the security of their systems and reduce the risk of future infections.
 Prevent Data Loss: Malware can cause data loss, and by removing it, individuals and
organizations can protect their important files and information.
 Protect Reputation: Malware can cause harm to a company's reputation, and by detecting
and removing it, individuals and organizations can protect their image and brand.
 Increased Productivity: Malware can slow down systems and make them less efficient, and
by removing it, individuals and organizations can increase the productivity of their systems
and employees.

Disadvantages of Detecting and Removing Malware

 Time-Consuming: The process of detecting and removing malware can be time-consuming
and require specialized tools and expertise.
 Cost: Antivirus software and other tools required to detect and remove malware can be
expensive for individuals and organizations.
 6

 False Positives: Malware detection and removal tools can sometimes result in false
positives, causing unnecessary alarm and inconvenience.
 Difficulty: Malware is constantly evolving, and the process of detecting and removing it
can be challenging and require specialized knowledge and expertise.
 Risk of Data Loss: Some malware removal tools can cause unintended harm, resulting in
data loss or system instability.
Types of Malware
 Worms - Worms replicate themselves on the system, attaching themselves to different files
and looking for pathways between computers, such as computer network that shares
common file storage areas. Worms usually slow down networks. A virus needs a host
program to run but worms can run by themselves. After a worm affects a host, it is able to
spread very quickly over the network.
 Trojan horse - A Trojan horse is malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game. A Trojan horse varies
from a virus because the Trojan binds itself to non-executable files, such as image files,
and audio files.
Adware

Adware is a type of malware (malicious software) that automatically displays or downloads

unwanted advertisements on a user's computer or mobile device, often without the user's
permission. Its main goal is to generate revenue for the developer by showing ads.

 It comes along with software downloads and packages.

 Shows pop-up ads, banner ads, or redirects to advertising websites.

 Often comes bundled with free software.
 May track user behavior (like browsing history) to show targeted ads.
 Can slow down system performance and compromise privacy.

Here are five ways through which adware negatively affects systems:

1. Performance Degradation: High CPU or memory consumed by advertisements when

loading or rendering.
2. Privacy Loss: Gathering browsing history for advertising or potential unauthorized use.
3. Excessive Consumption of Bandwidth: Frequent data retrieval for ads could result in
increased monthly usage and slow networks.
4. Pop-up Ad Interference: Frequent interruptions in the form of new ad windows disrupt
working efficiency and increase user irritation.
5. Increased Security Risks: Redirects to malicious domains or forced installation of
additional harmful software
 7

How Do You Get Adware?

1. Bundled Apps: Some adwares are hidden in other genuine app installers.
2. Phishing Links: These are emails or ads that contain links to other sites with hidden
adware modules.
3. Trojanized Mobile Apps: Free games or utilities with embedded ad-serving libraries
4. Browser Hijacker: These are extensions or plug-ins that silently modify various
configuration files.
5. Infected USB Drives: These include installing adware executables when inserted into
unprotected computers.

Spyware
 Spyware is a breach of cyber security as it usually gets into the laptop/ computer system
when a user unintentionally clicks on a random unknown link or opens an unknown
attachment, which downloads the spyware alongside the attachment.
Spyware enters the laptop/computer system through the below-listed ways:
 Phishing: It is a form of a security breach where spyware enters the system when a
suspicious link is clicked or an unknown dangerous attachment is downloaded.
 Spoofing: It goes alongside phishing and makes the unauthorized emails appear to come
from legitimate users or business units.
 Free SoftwareSoftware or Shared Software: It gets into the system when a user installs
software that is free of cost but has additional spyware added to it.
 Misleading software: This is advertised as very beneficial for the system and boosts the
speed of the system, but it leads to the theft of confidential information from the system.
Types of spyware
Here are some common types:
 Keyloggers: These record keystrokes typed in by the user, and they can record passwords
and other sensitive messages.
 Adware: Though not necessarily badware, adware provides advertisements that are not
wanted and tracks your Internet activity to provide relevant advertisements.
 Trojans: These are rogue programs that disguise themselves as genuine applications, but
in reality, they contain spyware that spies on or steals information.
 Tracking Cookies: These are small data files that are created on your browser by the sites
that you visit to keep track of your browsing history and preferences. They can be useful
for advertising purposes since the users of these gateways would prefer only this kind of
content.
 System Monitors: These capture user activity relative to the online mode and use of the
system for other ill intentions.
 Data Harvesters: These are intended for the capture and transfer of messages or data,
which may be in the form of personal identity, log-in data, or even a credit card number,
among others.
 8

 Browser hijackers: These make changes to your browser, like the home page or search
page, and can forward you to sites that contain malware.
 Remote Access Trojans (RATs): These grant the attackers full control of your device from
a distance that they cannot be noticed, and they have access to all files, among other
things.

Computer Virus
 A computer virus is a type of malicious software program ("malware") that, when
executed, replicates itself by modifying other computer programs and inserting its
code.
 When this replication succeeds, the affected areas are then said to be "infected".
 Viruses can spread to other computers and files when the software or documents
they are attached to are transferred from one computer to another using a network,
a disk, file-sharing methods, or through infected email attachments.
 A virus can harm or destroy data, slow down system resources, and log keystrokes,
among other things.
 A virus can have unexpected or harmful outcomes during this procedure, such
as destroying system software by corrupting data.
 Some viruses are made to mess things up by deleting files, messing up programs, or
even wiping out your hard drive completely.
 Even if they're not super harmful, viruses can still slow down your computer a
lot, using up memory and making it crash often.
How to Prevent Your Computer From Viruses?
Install Antivirus Software
Update Regularly
Be Cautious with Emails and Downloads
Use Strong Passwords
Backup Your Data
Computer Worm
 A computer worm is a type of harmful software that copy itself and spread from
one computer to another without requiring any user intervention.
 It's like a sickness that can move through a network of computers, searching for
weaknesses to infect.
 Worms often spread through email attachments that may seem safe, but they can
actually cause a lot of trouble.
 Once a computer is infected, the worm can send itself to the person's contacts,
using their email account. This way, it keeps spreading to more and more
computers.
How To Prevent Computer Worm Infections ?
1. Keep your software updated and use strong passwords
 9

2. Enable and properly configure firewalls on your computer and network devices.
3. Be cautious with email when dealing with email attachments and links.
4. Practice safe web browsing by avoiding clicking on suspicious advertisements or pop-up
windows.
5. Install and keep updated a reliable antivirus or anti-malware software .
Types of Computer Worms
Email Worms: Email worms spread through email attachments or links
Network Worms: Network worms move through computer networks by exploiting
security weaknesses in network services or protocols
File-Sharing Worms: File Sharing worms target shared folders or peer-to-peer file-
sharing networks.
Instant Messaging (IM) Worms: IM worms spread through instant messaging platforms.
They send infected links or files to a person's contacts. By tricking users into clicking on
these links, they can infect more systems.
Internet Worms: Internet worms target vulnerabilities in websites, web servers, or web
applications. They can infect computers when people visit compromised websites or
interact with infected web content.

Trojan Horse
It is a code that is malicious and has the capacity to take control of the computer. It is
designed to steal, damage, or do some harmful actions on the computer. It tries to
deceive the user to load and execute the files on the device. After it executes, this allows
attackers to perform actions on the user's computer like deleting data from files,
modifying data from files, and more. Now like many viruses or worms, Trojan Horse
does not have the ability to replicate itself.
Features of a Trojan Horse
 Steals Information: Trojan horses are often designed to steal sensitive information such
as passwords, banking details, and other personal data stored on the victim's computer.
 Remote Access: A Trojan horse can grant remote access to an attacker, allowing them to
control the infected system and perform actions without the user's knowledge or consent.
 Data Deletion: Some Trojan horses are capable of deleting or corrupting data on the
user's computer, causing data loss or system instability.

Types of Trojan Horse

 Backdoor trojan: gives the attacker remote access to the compromised machine.
 Ransom trojan: encrypt the data on the compromised system and then demand payment
in exchange for its decryption.
 Trojan Banker: steal the account data for online banking, credit and debit cards, etc.
 10

Cyber Laws

Cyber Law is the area of law that deals with the legal issues related to the use of the internet,
digital communications, and information technology. It is also known as Internet Law or IT
Law.

Cyber law refers to the set of rules and regulations that govern online behavior, the internet, and
digital interactions, including the protection of data, privacy, intellectual property, and
prevention of cybercrimes.

Advantages of Cyber Law

Protection Against Cybercrimes: prescribing penalties for various cybercrimes

Data Privacy: These regulations ensure that organizations handle personal data responsibly,

E-commerce Regulation: It defines rules for online transactions, contracts, and consumer
protection, thereby fostering a fair and secure online marketplace.

Intellectual Property Protection: prevent the unauthorized use and distribution of digital content,

Cybersecurity Standards: organizations to implement measures for the protection of their networks
and systems.

Information Technology Act, 2000 (IT Act)

 The IT Act, 2000 is the first cyber law in India.

 It was passed to regulate digital transactions, cybercrimes, and e-commerce.
 Enacted on 17 October 2000.
 Information Technology Act, 2000 (IT Act) – The main cyber law in India which:
o Legalizes digital signatures and e-documents.
o Penalizes cybercrimes like hacking, identity theft, and online fraud.
o Establishes legal procedures for electronic evidence.
o
 The Information Technology Act of 2000, also known as IT Act, is the
primary legislation in India that deals with cybercrime and e-commerce. The
act was implemented on October 17, 2000, to provide legal recognition for
electronic documents and facilitate e-governance.
 It consists of various sections and clauses addressing different forms of cyber
offenses such as hacking, data theft, online fraud, virus attacks, identity theft,
and cybersecurity breaches.
 Under the IT Act of 2000, individuals found guilty of unauthorized access to
computer systems can face imprisonment for up to two years or a fine
extending up to one lakh rupees. Moreover, Section 66C provides punishment
for identity theft with imprisonment which may extend to three years or with a
fine not exceeding two lakh rupees or both.
 11

 In addition to these provisions is Section 43A which imposes penalties on

companies failing to protect sensitive personal data from being disclosed
without consent. As per the section's regulations’ non-compliance could result
in significant compensation claims made by those affected by data leaks due to
negligence on part of the company concerned.

 Penalties for different cybercrimes

 In India, penalties for cybercrimes are outlined under various sections of the
Information Technology Act of 2000. The Act specifies fines, imprisonment,
or both, depending on the severity and nature of the cybercrime committed

Section Provision Description

Penalty for unauthorized If someone accesses a computer or data without permission,
Section 43
access they have to pay compensation.
Punishment for hacking into a system, up to 3 years in jail or
Section 66 Hacking
fine.
Section Using someone else’s password or digital signature –
Identity Theft
66C punishable.
Section
Cheating by Personation Online frauds like phishing or fake emails.
66D
Publishing obscene
Section 67 Punishment for sending or posting vulgar content online.
material
If any person leaks sensitive data from a computer without
Section 72 Breach of confidentiality
consent.
Cyber security and Punishment
Key Provisions and Punishments Under the IT Act
The IT Act outlines various offenses and their respective penalties:

1. Unauthorized Access (Section 43)

o Offense: Unauthorized access to a computer, computer system, or
network.
o Punishment: Compensation to the affected party, which can go up to
₹1 crore.
2. Hacking (Section 66)
o Offense: Dishonestly or fraudulently accessing a computer resource.
o Punishment: Imprisonment up to three years and/or a fine up to ₹5
lakh.
3. Identity Theft (Section 66C)
o Offense: Using someone else’s password or digital signature without
authorization.
o Punishment: Imprisonment up to three years and/or a fine up to ₹1
lakh.
4. Cheating by Personation Using Computer Resource (Section 66D)
o Offense: Cheating by pretending to be someone else using a
computer resource.
o Punishment: Imprisonment up to three years and/or a fine up to ₹1
lakh.
5. Cyber Terrorism (Section 66F)
o Offense: Acts that threaten the integrity, sovereignty, or security of
India using cyber means.
o Punishment: Imprisonment for life.
6. Publishing Obscene Material (Section 67)
 12

o Offense: Publishing or transmitting obscene material in electronic

form.
o Punishment: First-time offenders face imprisonment up to three years
and a fine up to ₹5 lakh; subsequent convictions lead to imprisonment
up to five years and a fine up to ₹10 lakh.
7. Child Pornography (Section 67B)
o Offense: Publishing or transmitting child pornography in electronic
form.
o Punishment: First-time offenders face imprisonment up to five years
and a fine up to ₹10 lakh; subsequent convictions lead to
imprisonment up to seven years and a fine up to ₹10 lakh.
8. Breach of Confidentiality and Privacy (Section 72)
o Offense: Unauthorized disclosure of information without consent.
o Punishment: Imprisonment up to two years and/or a fine up to ₹1
lakh.

Relevant Indian Penal Code Sections

Certain cybercrimes are also punishable under the IPC:

1. Forgery (Section 463)

o Offense: Creation of fake documents or electronic records.
o Punishment: Imprisonment up to two years, or a fine, or both.
2. Criminal Intimidation (Section 506)
o Offense: Threatening someone with injury to person, reputation, or
property.
o Punishment: Imprisonment up to two years, or with fine, or both. If the
threat is to cause death or grievous hurt, the punishment can extend to
seven years.
3. Defamation (Section 499)
o Offense: Making false statements that harm someone’s reputation.
o Punishment: Imprisonment up to two years, or with fine, or both.

Regulations and Laws:

Information Technology Act, 2000 (IT Act)
 Purpose: First law to provide legal recognition for e-commerce and cybercrime.
 Key Areas:
o Legal recognition of electronic records and digital signatures.
o Penalties for cybercrimes (e.g., hacking, phishing, data theft).
o Defines cyber offences and prescribes punishment.
o Establishes CERT-In (Indian Computer Emergency Response Team) under Section
70B for incident response.

🔹 2. IT (Amendment) Act, 2008

 Why amended: To handle growing cyber threats and add data protection elements.
 Major Additions:
o Introduced terms like cyber terrorism, identity theft, and phishing.
o Strengthened legal enforcement mechanisms.
o Empowered the government to block websites and monitor communications.

🔹 3. Digital Personal Data Protection (DPDP) Act, 2023

 Focus: Protect digital personal data and regulate its processing.
 13

 Key Concepts:
o Data Principal: The individual whose data is collected.
o Data Fiduciary: Entity that processes the data.
 Rights of Individuals:
o Right to consent, access, correction, and erasure of personal data.
o Right to grievance redressal.
 Enforcement: Through the Data Protection Board of India.

🔹 4. National Cyber Security Policy, 2013

 Vision: Create a secure cyber ecosystem in the country.
 Objectives:
o Protect critical information infrastructure (CII).
o Develop cyber security skills.
o Encourage public-private partnerships.
o Promote awareness and research in cyber technologies.

🔹 5. National Cyber Security Strategy, 2020

Prepared by: National Security Council Secretariat
(NSCS).
 Goals:
o Strengthen cyber governance.
o Protect digital infrastructure and build response capabilities.
o Promote indigenous cyber products.
 Status: Awaiting official release/implementation.

🔹 6. IT (Intermediary Guidelines and Digital Media Ethics

Code) Rules, 2021
 Applicability:
o Social media platforms (e.g., WhatsApp, Twitter).
o OTT platforms (e.g., Netflix, Amazon Prime).
o Digital news media.
 Key Requirements:
o Appointment of grievance officer and compliance officer.
o Monthly compliance reports.
o Traceability of message originators.
o Classification and regulation of OTT content.

🔹 7. National Cyber Security Reference Framework (NCRF)

2023
 Purpose: To help government and private organizations strengthen cyber defenses.
 Features:
o Provides guidelines for designing secure IT systems.
o Includes reference architectures, compliance models, and best practices.
o Promotes risk assessment and response planning.

🔹 8. CERT-In (Indian Computer Emergency Response Team)

 Established: Under Section 70B of IT Act.
 Role:
o Acts as the nodal agency for cyber incident response.
o Issues advisories, guidelines, vulnerability notes.
o Mandates reporting of breaches within 6 hours (as of 2022).
 14

o Conducts audits and awareness programs.

🔹 9. NCSC (National Cyber Security Centre)

 Objective: Strengthen coordination on cyber threats at the national level.
 Functions:
o Coordinate among ministries, CERT-In, law enforcement, and private players.
o Develop response mechanisms for national-level cyber attacks.

🔹 10. SEBI (Securities and Exchange Board of India)

 Responsibility: Regulates the securities market.
 Cybersecurity Role:
o Mandates regular cyber audits for stock exchanges, brokers, and depositories.
o Enforces guidelines on data protection, incident response, and risk mitigation.

🔹 11. IRDAI (Insurance Regulatory and Development

Authority of India)
 Responsibility: Regulates the insurance sector.
 Cybersecurity Measures:
o Issued guidelines for insurers to implement cyber security frameworks.
o Promotes cyber insurance policies.
o Mandates reporting of cyber incidents.

🔹 12. Cybercrime Reporting Platform (I4C/NCRP)

 Operated by: Indian Cyber Crime Coordination Centre (I4C).
 Platform: https://cybercrime.gov.in
 Purpose:
o Allows public to report cybercrimes like financial frauds, social media abuse,
cyberbullying, etc.
o Separate portal for law enforcement to investigate cases.
o Supports both anonymous and official reporting.

Regulation/Body Focus Area

IT Act, 2000 Legal framework for electronic transactions & cybercrime

IT Amendment, 2008 Expanded coverage for new-age cyber threats

DPDP Act, 2023 Protecting digital personal data

NCSP 2013 National cyber security policy framework

Cyber Strategy 2020 Future vision for cyber defense

Intermediary Rules 2021 Governs digital content, social media & OTT

NCRF 2023 Standard cyber framework for orgs.

CERT-In Incident handling & awareness

NCSC National-level coordination

SEBI & IRDAI Sector-specific cyber compliance

I4C Public platform to report cybercrimes

 15

Unit II : Methods of Malware Attacks

In the section above, we identified the various types of malware along with the method by
which they spread. The ways that malware can infiltrate and spread through networks
continues to expand along with the threat vectors in the digital landscape, including the
following:

 Unsecure devices that access the network such as personal mobile devices, PCs, and IoT
devices open an attack vector for malware.
 Unsecure networks that are part of a supply chain or unsecure third-party partners’ networks,
can infect the networks of other suppliers or give malware access to the enterprise network.
 Older devices on the network with software that is not routinely updated can become
compromised and spread malware.
 Email attachments containing malicious code can be opened and forwarded to other users,
spreading the malware across the enterprise.
 Phishing or spear phishing emails trick the recipient into sharing passwords that give
access to the corporate network where malware can spread.
 Smishing texts, similar to phishing emails but on mobile phones, trick distracted users into
clicking on malware links and entering personal or business credentials that enable malware
to spread on the network.
 File servers, such as those based on the common internet file system or network file system
can spread malware as users download infected files.
 File-sharing software can allow malware to replicate itself onto removable media such as
thumb drives and then on to computer systems and networks.
 Peer to peer (P2P) file sharing can introduce malware by sharing infected files as seemingly
harmless as video, music, or images,
 Remotely exploitable network vulnerabilities can enable a hacker to access systems
regardless of geographic location

Social Engineering attacks

 Social engineering refers to a wide range of attacks that leverage human interaction
and emotions to manipulate the target.
 During the attack, the victim is fooled into giving away sensitive information or
compromising security.
 A social engineering attack typically takes multiple steps.
 The attacker will research the potential victim, gathering information about them and
how they can use them to bypass security protocols or get information.
 Then the attacker does something to gain the target’s trust before finally manipulating
them into divulging -revealing sensitive information or violating security policies.
 16

Traits of a Social Engineering Attack

 Heightened emotions: An attacker threatens the loss of an account to trick users into providing their
credentials, or the attacker might pretend to be an executive demanding money from a targeted user to
instil a sense of urgency in an employee fearful of losing their job.

 Spoofed sender address: Most users are unaware that a sender email address can be spoofed, but
proper email security will stop spoofed senders from accessing a targeted user’s inbox. Instead, an
attacker will register a domain similar to an official one and hope that a targeted user does not notice the
misspelling.

 Strange friend requests: It’s not uncommon for an attacker to compromise an email account and spam
malicious messages to the victim’s contact list. Messages are usually short and don’t have the
personalized element from friends, so be hesitant to click links from friends if the message does not
sound like personalized communication.

 Unprofessional website links: Phishing links are sometimes used with social engineering to trick users
into divulging-revealing sensitive information. Never enter credentials into a website directly from an
email link, even if it looks like an official site (e.g., PayPal).

 Too good to be true: Scammers often promise money in exchange for monetary compensation. For
example, a targeted user could get a free iPhone in exchange for shipping payments. If the offer is
too good to be true, then it is probably a scam.

 Suspicious attachments: Instead of tricking targeted users into divulging private information, a
sophisticated attack might work towards installing malware on a corporate machine using email
attachments. Never run macros or executables on a machine from a seemingly harmless email
message.

 Questionable sender: Many social engineering techniques are designed to mimic a familiar source,
such as a friend, boss, or co-worker.

 In the event you receive a suspicious email message, always check in and ask yourself “did my
boss/friend/co-worker actually send this to me?” Before responding to the email in question, contact the
actual person via phone call, text, or social media message to validate whether or not their being
impersonated.

 Refusal to respond to questions: If a message seems suspicious, reply to the message and ask the
sender to identify themselves. An attacker will avoid identifying themselves and might just ignore the
request.

 Unidentifiable sender: If the sender is unable or unwilling to verify their identity with the organization,
do not provide any additional information or access that they're requesting. While email messages are the
most common, this applies to other social engineering tactics as well, such as text messages, phone calls,
etc.

The overall technique used in social engineering is using emotions to trick users, but attackers use
several standard methods to push the user into performing an action (e.g., sending money to a bank
account) and making the attack look more legitimate. Usually, the techniques involve email or text
messages, because they can be used without voice conversations.

A few common examples of social engineering techniques include:

 Phishing: With social engineering, an attacker usually pretends to be a corporate executive to trick users
into sending money to an offshore bank account.

 Vishing and smishing: Attackers use text messages and voice-changing software to send SMS
messages or robo-call users. The messages usually promise gifts or services in exchange for payment.
These types of scams are called vishing (voice phishing) and smishing (SMS phishing).

 CEO (executive) fraud: Users often feel urgency when an executive requests action, so an attacker will
pretend to be the CEO or another executive to instill a sense of urgency for the targeted employee to
perform an action. This is known as CEO fraud.
 17

 Baiting: It’s common for attackers to promise prizes or money in exchange for a small payment. The
offer is usually too good to be true, and the payment is usually for shipping or some other cost coverage.

 Pretexting: Attackers may create a false pretext to gain sensitive information or access to a system. For
example, an attacker might impersonate a bank teller and contact a target individual to claim that
there’s been suspicious activity on their account and ask them to share sensitive information to
confirm their account.

 Tailgating or piggybacking: Corporations that use security scanners to block unauthorized access
to the premises. An attacker uses tailgating or piggybacking to trick users into using their own access
cards to give the attacker physical access to the premises.

 Quid pro quo: Disgruntled employees could be tricked into providing sensitive information to an
attacker in exchange for money or other promises.

 Watering hole: This form of social engineering attack involves targeting certain groups by infecting
websites that the group is likely to visit. For example, an attacker might infect a popular news site with
malware with the intention that employees of a certain company will visit the site and inadvertently
download the malware.

 Responding to a question never asked: The targeted victim will receive an email “responding” to a
question, but the response will ask for personal details, contain a link to a malicious website, or
include a malware attachment.

 Threaten loss of money or accounts, or threaten prosecution: Fear is a useful tool in social
engineering, so an effective way to trick users is to tell them that they will suffer money loss or go to
jail if they do not comply with the attacker’s request.

Term Description
Phishing Fake emails/websites to steal info
Vishing Voice call scams
Smishing SMS-based phishing
Pretexting Fake identities to get data
Baiting Using physical devices with malware
Tailgating Unauthorized entry to secure areas
Quid Pro Quo Trade offer for sensitive information


How to Prevent Social Engineering Attacks

 Think before you click — Don’t open suspicious emails or links.

 Verify identities — Confirm before sharing any sensitive info.
 Use strong passwords and enable multi-factor authentication.
 Educate and train users regularly.
 Update software to avoid exploits.
 Report suspicious activities immediately.

Web application attack

Web Application:

A web application is a software program that runs on a web server and is accessed through a
browser. Examples include:

 Online banking platforms

 E-commerce websites (like Amazon, Flipkart)
 Social media sites (like Facebook, Instagram)
 Online forms, login portals, feedback systems, etc.

A web application attack is any exploit that takes advantage of weaknesses in a website or web-
based software to compromise its security.
 18

Web application attacks in cyber security are malicious attempts to exploit vulnerabilities in web
applications to gain unauthorized access, disrupt operations, or steal sensitive data.

These attacks target weaknesses in the application's code, infrastructure, or user

interactions. Common examples include SQL injection, cross-site scripting (XSS), and cross-site
request forgery (CSRF).

SQL Injection (SQLi)

SQL injection is a code injection technique that might destroy your database.

SQL injection is one of the most common web hacking techniques.

SQL injection is the placement of malicious code in SQL statements, via web page input.

SQL Injection Based on 1=1 is Always True

Username: ' OR '1'='1
Password: anything
The condition '1'='1' always evaluates to true, so the attacker bypasses authentication and logs
in as an admin.
SQL Injection Based on ""="" is Always True
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass
="" or ""=""
The SQL above is valid and will return all rows from the "Users" table,
since OR ""="" is always TRUE.

 Consequences:
o Unauthorized access to user data
o Data loss or corruption
o Full control over the database

Cross-Site Scripting (XSS)

 What It Is:
XSS occurs when attackers inject malicious JavaScript or code into a trusted web page.
When another user loads the page, the code executes in their browser.
 What Happens:
The script runs as if it came from the site itself, often stealing session cookies or redirecting
users.
 Example:
<script>document.location='http://malicious-site.com'</script>
 Consequences:
o Stolen login sessions
o Defaced websites
o Misleading users into revealing data

Example Scenario:
A website allows users to comment on blog posts but does not sanitize input.
Attacker posts:
 <script> alert('Your session is stolen'); </script>
  What Happens:
Anyone viewing that post triggers the alert. In real attacks, this script could steal cookies or
redirect users to malicious websites.

Cross-Site Request Forgery (CSRF)

 What It Is:
CSRF tricks a user into submitting a malicious request unknowingly while logged into a
trusted site.
 19

 What Happens:
A user might click a hidden link in an email or webpage that executes an action like
transferring money or changing a password.
 Example Scenario:
A user is logged into their online banking. While visiting a malicious website, an invisible
form is auto-submitted:

html
CopyEdit
<form action="https://bank.com/transfer" method="POST">
<input type="hidden" name="amount" value="1000">
<input type="hidden" name="to" value="attacker_account">
</form>
<script> document.forms[0].submit(); </script>

 The bank thinks the request came from the user and processes the transfer.

 Consequences:
o Unauthorized transactions
o User data or settings changed without consent

Security Misconfigurations

 What It Is:
These occur when developers or system administrators leave systems in an insecure state.
 Common Misconfigurations:
o Default passwords left unchanged
o Error messages revealing sensitive information
o Unused features or services left enabled
 Example Scenario:
A developer leaves the admin dashboard exposed at https://example.com/admin using
default credentials:
 Username: admin
 Password: admin123

An attacker guesses the URL and logs in easily using default credentials, gaining full control over
the site.

 Consequences:
o Easy entry points for attackers
o Data leaks through misconfigured servers

Sensitive Data Exposure

 Failure to properly protect sensitive information such as passwords, credit card numbers, or
personal data.
 Examples of Poor Practices:
o Storing passwords in plain text
o Using outdated encryption methods
o No HTTPS encryption
 Consequences:
o Identity theft
o Financial fraud
o Legal and reputational consequences
 Example Scenario:
A website uses HTTP instead of HTTPS during login. A user connects over public Wi-Fi.
 What Happens:
A hacker on the same network uses a packet sniffer to capture the unencrypted username
and password.
 20

Broken Access Control

 Access control ensures users can only access resources they're authorized to. Broken access
control means users can access things they shouldn’t.
 Examples:
o A user accessing admin pages without permission
o Modifying the URL to access other users’ data
 Consequences:
o Data leaks
o Unauthorized actions like deleting records
  Example Scenario:
A normal user visits:
 https://example.com/account/view?user=1002
 Then changes the URL to:
 https://example.com/account/view?user=1001
  What Happens:
If the application doesn’t check authorization properly, the user can see another person’s
account details.

API Attacks

APIs (Application Programming Interfaces) allow systems to communicate. If APIs are

insecure, attackers can manipulate them to access data or take control.

 Example:
Changing an API call’s user ID to access someone else’s profile or data.
 Consequences:
o Unauthorized data access
o Service disruption
o Misuse of business logic

Real-World Case Studies

Attack Type Real Example Impact

Hackers stole massive amounts of employee data and leaked it

SQL Injection Sony Pictures (2011)
online.

Millions of user profiles were infected through self-replicating XSS

XSS MySpace Worm (2005)
code.

Attackers posted malicious comments that tricked users into

CSRF YouTube exploit (2008)
rating videos.

Data Exposure Equifax Breach (2017) 147 million users' data stolen due to poor security practices.

Facebook Graph API A bug allowed attackers to harvest personal data of millions of
API Abuse
(2018) users.

How XSS Works:

1. Injection: Attacker injects a malicious script into a website.

2. Execution: The script runs in the victim's browser.
3. Attack: Can steal cookies, redirect users, or perform other malicious actions.

Prevention Methods:

1. Input Validation: Validate and sanitize all user inputs.

2. Output Encoding: Encode user inputs before rendering them on the page.
3. Content Security Policy (CSP): Restrict what content can be executed on the site.
 21

4. HttpOnly and Secure Cookies: Protect session cookies from being accessed by JavaScript.
5. Avoid Inline JavaScript: Use external scripts to prevent inline code execution.

Supply chain Attacks

A supply chain attack is a type of cyberattack that targets an organization by exploiting
vulnerabilities in its supply chain — the network of vendors, partners, and third-party services it
relies on. Instead of directly attacking the primary target, the attacker compromises a third-party
supplier or service provider, which is then used as a conduit to attack the target organization.

Key Points:

1. Targeting Third Parties: Attackers usually target smaller, less secure companies that have
access to a larger organization’s systems or data.
2. Indirect Attack Path: The attacker doesn’t breach the main target directly; instead, they go
after suppliers or software providers that interact with the target.
3. Compromising Software or Hardware: The attacker may compromise software updates,
hardware components, or other parts of the supply chain that interact with the target.

Examples of Supply Chain Attacks:

1. Software Supply Chain Attacks:

o Attackers compromise software updates or libraries that are used by the target
organization. For example, SolarWinds (2020) was a famous attack where attackers
inserted malware into a software update that was pushed to thousands of customers,
including high-profile organizations like government agencies and large companies.
2. Hardware Supply Chain Attacks:
o Attackers tamper with hardware components (e.g., computers, network devices)
during manufacturing or shipping. This could allow the attacker to install malicious
hardware or implants that could provide long-term access to an organization’s
network.
3. Vendor Compromise:
o Attackers might compromise a trusted third-party service provider that works with
the target organization. For example, if a target company uses a third-party service
for cloud hosting, an attacker could breach that provider to gain access to the target
company's systems.

How Supply Chain Attacks Work:

1. Compromise Vendor or Supplier: The attacker targets a third-party vendor or service

provider (e.g., a software vendor, hardware manufacturer, or cloud service provider).
2. Infiltration: The attacker injects malicious code, backdoors, or vulnerabilities into the
vendor's products or services.
3. Delivery to Target: The compromised vendor delivers the malicious software or service to
the main target as part of their normal business process (e.g., through software updates or
hardware shipments).
4. Exploitation: Once the target receives the compromised product or service, the attacker can
exploit it to gain access to the target’s systems or data.

Why Supply Chain Attacks are Dangerous:

1. Hard to Detect: Attackers bypass traditional security measures because they exploit trusted
relationships with vendors.
2. Wider Reach: Attackers can gain access to many organizations through a single
compromise.
3. Long-Term Impact: These attacks can go undetected for months or years, causing long-
term damage to the target.
 22

Examples:

 SolarWinds Attack (2020): Hackers compromised SolarWinds' software update process to

distribute malware to thousands of companies and U.S. government agencies.
 NotPetya (2017): Initially spread through a compromised update to accounting software
used by Ukrainian companies, which then spread globally, affecting major corporations.
 Target (2013): Hackers gained access to Target’s network through a third-party vendor,
compromising payment card data of millions of customers.

Online job fraud

The rapid growth of information and communication technology has completely changed the way
of job search.

Nowadays all our employment search begins online and this gives an opportunity to cybercriminals
to trick us into scams. Job frauds are a sophisticated fraud, offering fictitious-false job opportunities
to job seekers.

This type of fraud is normally done through online services such as bogus-fake websites, or through
unsolicited-unwanted e-mails claiming to be from known companies or brands. It has become
difficult to determine whether a job offer is legitimate or fake.

Online job scams are fraudulent schemes designed to steal personal information or money from job
seekers. These scams often involve fake job postings, unrealistic offers, requests for upfront fees, or
the use of fake websites and email addresses.

You can always stay one step ahead of fraudsters and find legitimate job by following below given
tips:

Avoid opportunities on search engine advertisements:

Always search and apply for jobs posted on authentic job portals or newspapers.

Do not apply for jobs posted on search engine ads, social media advertisements or labelled
sponsored links or results.

2.Check privacy policy of job sites: Before registering on any job search portal, check the privacy
policy of the website to know the type of information collected from the user and how it will be
processed by the website.

3. Do research: Always try to check the company's website if you have found a job opportunity on
any other website to check the authenticity of the job and know more about the profile.Very often
companies put their manpower requirements on their official website under the 'careers' section.

4. Always keep a note of where you've applied for the job. Do not respondto any generic emails
from an unknown company, as it could be a scam

5. Fake Government Jobs: Always check the website of the Government organisations for details
about the job openings in a Government department. All government websites have gov.in or nic.in
as part of their website address (e.g. www.mha.gov.in). All Government organisations always
advertise vacancies in the leading newspapers and Employment News.

6. Check for spelling mistakes: Always look for the spelling errors in the e-mail address and job
descriptions. If an email has spelling, grammatical and punctuationerrors, it could be a scam. The
email address looks similar to the actual company. Examples of suspicious addresses include
 23

"[email protected]" instead of "[email protected]," and misspelled company names like

"[email protected]" [email protected].

7. Never pay for a job: Beware of the emails, which offer jobs in exchange for money as such e-
mails are spam. No organization/ company ever asks for money to work for them.

8. Online interview: These days many organisations conduct interviews through telephone, chat
services, Skype calls or Google hangouts. Alwaysdo proper research about the organisation and its
representative before the online interview. Make sure to ask detailed questions related to the job
and the organisation from the interviewer.

SIM Swap Scam

SIM swap scams, also known as SIM hijacking, involve fraudsters taking control of a victim's
phone number by convincing a mobile carrier to transfer the number to a SIM card controlled by
the attacker. This allows the fraudster to intercept calls, texts, and two-factor authentication codes,
gaining access to the victim's accounts and potentially leading to financial theft or other serious
consequences.

How SIM Swap Scams Work:

1. Information Gathering:
Attackers gather personal information about the victim, including their phone number, mobile
carrier, and potentially answers to security questions, often through social media, data breaches,
or phishing.
2. Social Engineering:
The attacker contacts the victim's mobile carrier, impersonating the victim, and claims their SIM
is lost or damaged.
3. SIM Activation:
The attacker convinces the carrier to activate a new SIM card with the victim's phone number,
effectively taking over the number.
4. Account Access:
With control of the phone number, the attacker can access the victim's accounts that rely on SMS-
based two-factor authentication, reset passwords, and potentially steal money or sensitive data.

Signs of a SIM Swap Attack

Red Flag What It Means

Sudden loss of mobile signal SIM may have been deactivated remotely

Not receiving OTPs or verification codes Calls/SMS being routed to hacker’s SIM

Unable to access mobile banking/UPI apps Attacker might have changed credentials

Notification of SIM change from provider Your SIM might have been swapped

How to Protect Yourself

1. Use Strong PINs/Passwords – For mobile accounts and online services.

2. Enable Two-Factor Authentication (2FA) – Prefer authenticator apps over SMS.
3. Do Not Share Personal Info – On social media or with unknown callers.
4. Register Email for Account Alerts – To catch unauthorized activity.
5. Contact Mobile Provider Immediately – If your SIM stops working suddenly.
6. Report to Cyber Crime – If SIM swap is suspected.
 24

Debit & Credit Card Fraud

What is Card Fraud?

Debit and credit card fraud involves the unauthorized use of a person’s card information to
withdraw money, make purchases, or access bank services. It is one of the most common types of
financial cybercrime and can happen online or offline.

How Does Card Fraud Happen?

Fraudsters use various techniques to gain access to your:

 Card number (16 digits)

 CVV (3-digit code on the back of the card)
 Expiry date
 OTP (One-Time Password)
 PIN (Personal Identification Number)

Once they have this information, they can:

 Make online purchases

 Withdraw money from ATMs
 Clone your card for physical use

Example:

A student gets an SMS saying, "Your account will be blocked. Click the link to verify your card."
On clicking, they enter their card details. Soon, unauthorized withdrawals occur.
🔸 Another person uses their debit card at an ATM. Later, they notice multiple withdrawals they
didn’t do. A skimmer on the ATM captured their card info.

Signs You May Be a Victim of Card Fraud

 Receiving OTPs without initiating a transaction.

 Sudden drop in bank balance.
 Unknown or unauthorized transactions in your account.
 Card stopped working unexpectedly.
 Email/SMS alerts of purchases you didn’t make.

How to Protect Yourself

✅ Online Safety Tips

 Never share your PIN, CVV, or OTP with anyone—not even bank officials.
 Shop only on secure websites (check for https:// and 🔒 lock symbol).
 Avoid saving your card info on public/shared devices.
 Use Virtual Cards for online payments (offered by many banks).
 Enable 2FA (Two-Factor Authentication) on banking apps.

✅ ATM & POS Safety Tips

 Use ATMs in well-lit, secure areas.

 Cover the keypad with your hand while entering your PIN.
 Check the ATM or swipe machine for tampering or skimming devices.
 Do not let anyone distract you while you are using the machine.

✅ General Security

 Enable SMS and email alerts for all transactions.

 Regularly monitor your bank statements and app.
 Use strong passwords and update them regularly.
 Install antivirus software on your phone and computer.
 25

📞 7. What to Do If You're a Victim

1. Immediately block your card through net banking, mobile app, or customer care.
2. Call your bank and report the fraud.
3. Register a complaint on the Cyber Crime portal:
🔗 https://cybercrime.gov.in
4. Call the Cybercrime Helpline: ☎️1930
5. File an FIR at the nearest police station if required.

⚖️8. Legal Protection (India)

 IT Act, 2000: Covers electronic fraud and imposes punishment for hacking and identity
theft.
 Section 66C and 66D of the IT Act: Punish identity theft and cheating by impersonation
using digital means.

Online Payment Fraud

Online payment fraud is a type of cyber security risk where criminals use online methods to steal
money or sensitive financial information. This can involve various tactics like identity theft,
phishing, and social engineering attacks to gain access to bank accounts or credit card
details. Protecting yourself involves using strong passwords, being cautious online, and enabling
two-factor authentication

Types of Online Payment Fraud:

 Phishing: Scammers use fake emails or websites to trick users into revealing sensitive
information.
 Identity Theft: Fraudsters steal personal information to open fraudulent accounts or make
unauthorized purchases.
 Credit/Debit Card Skimming: Criminals steal card information from card readers or ATMs to
clone cards.
 Money Mule Scams: Fraudsters use individuals to transfer illegally obtained money, often through
social media.
 Fake Contact Numbers: Scammers provide fake contact details for banks or service providers.
 Social Media Hacks: Fraudsters impersonate friends or relatives on social media to request
money.
 QR Code Scams: Fraudsters send fake QR codes via messaging apps, asking users to scan and
approve payments.
Cyber Security Measures:

 Strong Passwords:
Use complex, unique passwords for all online accounts and update them regularly.
 Two-Factor Authentication:
Enable this feature on all relevant accounts for an extra layer of security.
 Be Cautious Online:
Avoid clicking on suspicious links or entering card details on unsecured websites.
 Monitor Statements:
Regularly check bank and credit card statements for any unauthorized transactions.