Scribd
Upload
45 views27 pages

CSS Module 2

for study

Uploaded by

lovinidone
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views27 pages

CSS Module 2

for study

Uploaded by

lovinidone
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cybercrime: Planning, Techniques, and Security

Challenges

August 3, 2025

Contents
1 How Criminals Plan the Attacks 4
1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Passive Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.4 Active Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.5 Relation Between the Three . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2 Social Engineering 5
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Common Social Engineering Techniques . . . . . . . . . . . . . . . . . . 5
2.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.4 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3 Cyber Stalking 6
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.3 Methods Used by Cyber Stalkers . . . . . . . . . . . . . . . . . . . . . . 6
3.4 Real-World Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5 Legal Provisions in India . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.6 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4 Cyber Café and Cybercrimes 7


4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2 Why Cyber Cafés are Used for Cybercrime . . . . . . . . . . . . . . . . . 7
4.3 Common Cybercrimes from Cyber Cafés . . . . . . . . . . . . . . . . . . 7
4.4 Legal Provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.5 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1
5 Botnets 8
5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.2 How Botnets Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.3 Uses of Botnets in Cybercrime . . . . . . . . . . . . . . . . . . . . . . . . 9
5.4 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.5 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

6 Attack Vector 9
6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.2 Common Types of Attack Vectors . . . . . . . . . . . . . . . . . . . . . . 9
6.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.4 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

7 Cloud Computing in Cybercrime Context 10


7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7.2 Cloud-Related Cybercrime Risks . . . . . . . . . . . . . . . . . . . . . . 10
7.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
7.4 Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
7.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

8 How Cybercrimes Differ from Most Terrestrial Crimes 11


8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.2 Key Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
8.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

9 Proliferation of Mobile and Wireless Devices 13


9.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.2 Reasons for Proliferation . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.3 Impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.4 Cybersecurity Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

10 Trends in Mobility 14
10.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.2 Key Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.3 Security Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

11 Vishing Attack 14
11.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
11.2 How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
11.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
11.4 Protection Against Vishing . . . . . . . . . . . . . . . . . . . . . . . . . . 15
11.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

12 Mobile/Cell Phone Attacks 16

2
12.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
12.2 Common Types of Mobile Attacks . . . . . . . . . . . . . . . . . . . . . . 16
12.3 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
12.4 Prevention Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
12.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

13 Basic Security Precautions to Safeguard Laptops and Wireless Devices 17


13.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
13.2 Physical Security Precautions . . . . . . . . . . . . . . . . . . . . . . . . 17
13.3 Device & Data Protection . . . . . . . . . . . . . . . . . . . . . . . . . . 18
13.4 Network & Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . 18
13.5 Software & System Security . . . . . . . . . . . . . . . . . . . . . . . . . 18
13.6 Organizational Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
13.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

14 Security Challenges Posed by Mobile Devices 19


14.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
14.2 Key Security Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
14.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

15 Credit Card Frauds in the Mobile and Wireless Computing Era 20


15.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
15.2 Common Methods of Credit Card Fraud in Mobile & Wireless Era . . . . 20
15.3 Real-World Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
15.4 Prevention Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
15.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

16 Steps Involved in Planning of Cyberattacks by Criminals 22


16.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
16.2 Detailed Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
16.3 Example Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
16.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

17 Salami Attack 24
17.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
17.2 How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
17.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
17.4 Real-World Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
17.5 Prevention Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
17.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

18 Cyberstalking and Harassment 25


18.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
18.2 Forms of Cyberstalking and Harassment . . . . . . . . . . . . . . . . . . 25
18.3 Methods Used by Cyberstalkers . . . . . . . . . . . . . . . . . . . . . . . 26
18.4 Legal Provisions in India . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
18.5 Prevention & Safety Measures . . . . . . . . . . . . . . . . . . . . . . . . 26
18.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3
1 How Criminals Plan the Attacks
1.1 Introduction
Before launching a cyberattack, criminals rarely act randomly. They follow a planned
and structured approach to maximize success and avoid detection. The planning phase
often begins with information gathering (reconnaissance), followed by choosing the attack
type either passive (silent observation) or active (direct exploitation). Understanding
these stages helps cybersecurity professionals detect and prevent attacks early.

1.2 Reconnaissance
Definition: Initial stage where attackers collect as much information as possible about
the target.
Purpose: Identify potential weaknesses to exploit later.
Methods:
• Footprinting: Gathering publicly available data (domain names, IP addresses).

• Scanning: Checking open ports, running services.

• Social engineering: Manipulating people into revealing information.


Tools: Nmap, Whois lookup, Google hacking, Maltego.
Outcome: A blueprint of the target system to guide the attack.

1.3 Passive Attack


Definition: Attack where the criminal monitors or collects data without making any
changes to the system.
Objective: Remain undetected while gathering useful information.
Examples:
• Packet sniffing: Capturing data packets (e.g., Wireshark).

• Traffic analysis: Studying communication patterns.

• Eavesdropping: Listening to unencrypted communications.


Characteristics:
• No direct damage to systems.

• Very hard to detect because theres no visible alteration.

1.4 Active Attack


Definition: Attack where the criminal interferes with, modifies, or damages the targets
data or systems.
Objective: Cause immediate disruption or gain unauthorized access.
Examples:
• DoS/DDoS: Overloading servers to crash services.

4
• Data modification: Changing sensitive files.
• Malware injection: Installing viruses, ransomware.
• Session hijacking: Taking over a live session.
Characteristics:
• Usually detected quickly because of visible system issues.
• Can cause financial, reputational, and operational loss.

1.5 Relation Between the Three


• Reconnaissance → Find weaknesses.
• Passive attack → Collect deeper details quietly.
• Active attack → Exploit vulnerabilities for damage or gain.

1.6 Conclusion
Every major cyberattack usually starts with careful planning. Criminals first study the
target (reconnaissance), may then observe silently (passive attack), and finally strike
actively to achieve their goals. Awareness of these steps allows security teams to spot
threats early and take preventive action.

2 Social Engineering
2.1 Introduction
Social Engineering is a non-technical hacking technique that relies on manipulating hu-
man psychology rather than exploiting computer vulnerabilities. Attackers trick indi-
viduals into divulging confidential information or performing actions that compromise
security. It is often the first step before technical attacks.

2.2 Common Social Engineering Techniques


• Phishing: Sending fake emails/messages that look genuine to steal credentials.
• Pretexting: Pretending to be someone trustworthy to extract information.
• Baiting: Leaving infected USB drives or files for victims to use.
• Tailgating: Physically following someone into a restricted area.
• Quid Pro Quo: Offering a benefit in exchange for sensitive information.

2.3 Example
An attacker sends an email pretending to be from the bank, asking the victim to "verify
account details" by clicking a fake link. The victim unknowingly enters login credentials,
which go to the attacker.

5
2.4 Prevention
• Train employees on security awareness.

• Use multi-factor authentication.

• Verify requests through official channels.

• Avoid clicking suspicious links or downloading unknown files.

2.5 Conclusion
Social Engineering exploits trust and curiosity rather than technical flaws. Strong aware-
ness and verification habits are the best defense.

3 Cyber Stalking
3.1 Introduction
Cyber stalking is the use of the internet, email, social media, or other digital technologies
to harass, intimidate, or threaten an individual repeatedly. Unlike one-time harassment,
cyber stalking is persistent and intentional.

3.2 Characteristics
• Repeated unwanted contact (emails, messages, posts).

• Monitoring online activities without consent.

• Posting harmful or false information about the victim.

• Threats to the victim or their family.

3.3 Methods Used by Cyber Stalkers


• Email harassment: Sending abusive or threatening emails.

• Social media abuse: Fake profiles, spreading rumors.

• Tracking software: Using spyware to monitor the victims devices.

• Doxxing: Publishing personal details like address or phone number online.

3.4 Real-World Example


A stalker repeatedly sends threatening messages to a victim through multiple fake social
media accounts, making them feel unsafe.

6
3.5 Legal Provisions in India
• Section 354D of IPC: Covers stalking (including cyber stalking).
• Sections 66A, 66E of ITA 2000: Punish sending offensive messages and privacy
violations.

3.6 Prevention
• Restrict privacy settings on social media.
• Block and report suspicious accounts.
• Keep digital evidence for legal action.
• Avoid sharing sensitive personal details online.

3.7 Conclusion
Cyber stalking is a serious digital harassment crime that can cause emotional, psycholog-
ical, and physical distress. Awareness, digital hygiene, and strong legal action are crucial
to prevent and combat it.

4 Cyber Café and Cybercrimes


4.1 Introduction
Cyber cafés are public places that provide internet access to users on a temporary basis.
While they are useful for people without personal internet connections, they have also
become common points for cybercriminal activities because users can remain relatively
anonymous.

4.2 Why Cyber Cafés are Used for Cybercrime


• Anonymity: Criminals can use public systems without linking activity to their
personal devices.
• Poor monitoring: Many cafés lack strong user authentication.
• Shared devices: Makes it hard to trace specific users.
• Inadequate security: Weak antivirus, outdated software.

4.3 Common Cybercrimes from Cyber Cafés


• Hacking attempts: Attacks on websites or servers.
• Online fraud: Phishing, fake shopping sites.
• Email scams: Sending spam or malicious attachments.
• Identity theft: Logging in to steal passwords.
• Viewing/downloading illegal content: Including piracy or prohibited material.

7
4.4 Legal Provisions
Indian IT (Guidelines for Cyber Café) Rules, 2011 under ITA 2000:

• Maintain user identification records (photo ID).

• Keep usage logs for 1 year.

• Arrange computer terminals to prevent screen viewing by others.

• Install CCTV for monitoring.

4.5 Prevention
• Use strong authentication before allowing access.

• Keep antivirus and system software updated.

• Maintain logs of user activities.

• Educate staff to identify suspicious activity.

4.6 Conclusion
Cyber cafés can be breeding grounds for cybercrime if not properly monitored. Strict
implementation of IT rules and proper logging can help reduce misuse.

5 Botnets
5.1 Introduction
A botnet is a network of compromised computers (bots or zombies) controlled remotely
by a cybercriminal (called a botmaster) without the owners knowledge. Botnets are used
for large-scale cyberattacks.

5.2 How Botnets Work


• Infection: Computers are infected via malware from malicious websites, phishing
emails, or downloads.

• Control: The infected devices connect to the attackers Command and Control
(C&C) server.

• Execution: Botmaster sends commands to all bots to perform malicious activities.

• Stealth: Botnets run in the background without alerting the user.

8
5.3 Uses of Botnets in Cybercrime
• Distributed Denial of Service (DDoS): Overloading servers to crash websites.

• Spam campaigns: Sending millions of spam/phishing emails.

• Data theft: Stealing banking credentials, passwords.

• Click fraud: Generating fake clicks on ads for profit.

• Cryptojacking: Using victims CPU for cryptocurrency mining.

5.4 Examples
• Mirai Botnet (2016): Infected IoT devices, causing massive internet outages.

• Storm Botnet: Sent spam and malware globally.

5.5 Prevention
• Keep operating system and software updated.

• Use strong antivirus and firewall.

• Avoid clicking on suspicious links or downloading unknown files.

• Disable unused network services.

5.6 Conclusion
Botnets are one of the most dangerous tools in cybercrime because of their scale, automa-
tion, and anonymity. Preventing infections and monitoring network activity are essential
to stop botnet attacks.

6 Attack Vector
6.1 Introduction
An attack vector is the path or method used by a cybercriminal to gain unauthorized
access to a system or network. It represents how an attack is delivered and is a critical
concept in understanding and preventing cybercrimes.

6.2 Common Types of Attack Vectors


• Phishing: Fake emails/websites trick users into giving credentials.

• Malware: Viruses, worms, trojans installed through downloads or attachments.

• SQL Injection: Inserting malicious SQL code into database queries.

• Zero-day exploits: Using unknown vulnerabilities before they are patched.

• Man-in-the-Middle (MITM): Intercepting and altering communications.

9
• Password attacks: Brute force, dictionary attacks, credential stuffing.

• Drive-by downloads: Malware installed automatically when visiting a compro-


mised website.

• Social engineering: Manipulating people to reveal sensitive data.

6.3 Example
A hacker sends a phishing email pretending to be from a bank. Victim clicks the link →
enters login info on a fake site → hacker gains access to the account.

6.4 Prevention
• Use multi-factor authentication (MFA).

• Keep software updated to patch vulnerabilities.

• Train employees on security awareness.

• Use email filtering and anti-phishing tools.

6.5 Conclusion
Attack vectors are the entry doors for cybercriminals. Identifying and securing these
paths is the first step in preventing cyberattacks.

7 Cloud Computing in Cybercrime Context


7.1 Introduction
Cloud computing delivers computing resources (storage, processing, networking) over the
internet. While it offers flexibility and cost savings, it also introduces new security risks
that can be exploited by cybercriminals.

7.2 Cloud-Related Cybercrime Risks


• Data breaches: Sensitive customer data stored in the cloud may be hacked.

• Account hijacking: Stolen cloud credentials used to access data.

• Insecure APIs: Poorly secured cloud service interfaces exploited.

• Insider threats: Employees misusing access privileges.

• Malware injection: Malicious code injected into cloud apps.

• Denial-of-Service attacks: Cloud services overloaded to cause downtime.

10
7.3 Examples
• Capital One breach (2019): Cloud misconfiguration led to theft of personal data
of 100M+ customers.

• Attackers hosting phishing websites on compromised cloud servers.

7.4 Prevention
• Strong authentication for cloud accounts (MFA).

• Encrypt sensitive data before storing in cloud.

• Regular security audits and patch updates.

• Monitor access logs for suspicious activity.

• Choose cloud providers with strong compliance certifications.

7.5 Conclusion
Cloud computing has transformed IT, but its shared and online nature creates new op-
portunities for cybercrime. Organizations must adopt strong cloud security policies to
protect against these threats.

8 How Cybercrimes Differ from Most Terrestrial Crimes


8.1 Introduction
Traditional (terrestrial) crimes occur in the physical world, such as theft, assault, or
vandalism. Cybercrimes occur in the digital world, using computers, networks, or the
internet as the target or tool. While both aim to cause harm or gain illegal benefits,
cybercrimes differ significantly in execution, detection, and impact.

11
8.2 Key Differences
Aspect Cybercrimes Terrestrial Crimes
Location Committed in cyberspace, Require physical presence
can be done remotely from at the crime scene.
anywhere in the world.
Jurisdiction Crosses national and state Jurisdiction is usually clear
boundaries; difficult to de- within a physical location.
termine legal authority.
Speed of Crime Happens in seconds or min- Usually takes longer to plan
utes (e.g., hacking, data and execute.
theft).
Evidence Digital evidence logs, IP Physical evidence finger-
addresses, metadata; can be prints, CCTV footage, ob-
altered easily. jects.
Victim Aware- Victims may not know im- Victims usually notice the
ness mediately theyve been at- crime quickly (e.g., rob-
tacked. bery).
Scale of Impact Can affect millions instantly Usually affects a limited
(e.g., malware spreading area or number of people.
globally).
Cost to Commit Often low-cost (just a com- Often requires tools, vehi-
puter & internet connec- cles, manpower.
tion).
Anonymity Criminal can hide identity Harder to hide identity;
using VPNs, TOR, spoof- physical appearance or wit-
ing. nesses can expose them.
Law Enforce- Requires specialized cyber Investigated with tradi-
ment Challenges forensics and international tional policing methods.
cooperation.

8.3 Example
• Cybercrime: A hacker in another country steals banking credentials of thousands
of people via phishing in minutes.

• Terrestrial crime: A burglar breaks into a single house to steal valuables requires
physical entry and more time.

8.4 Conclusion
Cybercrimes are borderless, fast, and scalable, making them harder to detect and control
compared to most terrestrial crimes. Effective prevention requires advanced technology,
international cooperation, and strong cyber laws.

12
9 Proliferation of Mobile and Wireless Devices
9.1 Introduction
The proliferation of mobile and wireless devices refers to the rapid growth and widespread
adoption of smartphones, tablets, laptops, and other wireless-enabled devices globally.
Advancements in wireless technologies (Wi-Fi, 4G/5G, Bluetooth, NFC) and affordable
hardware have made mobile devices an essential part of daily life for both personal and
professional use.

9.2 Reasons for Proliferation


• Affordability: Lower cost smartphones accessible to more people.

• Network availability: Expansion of 4G/5G and public Wi-Fi.

• Portability: Small size, easy to carry.

• App ecosystem: Millions of applications for work, communication, entertainment.

• Cloud integration: Data accessible anywhere via cloud services.

• IoT expansion: Devices connected to smart appliances, wearables.

9.3 Impact
Positive:

• Enhanced connectivity and productivity.

• Access to e-commerce, e-learning, telemedicine.

Negative:

• Increased cybercrime risks (data theft, phishing, malware).

• Greater attack surface for hackers due to constant connectivity.

9.4 Cybersecurity Concerns


• Device theft leading to data compromise.

• Unsecured public Wi-Fi risks.

• Malicious apps stealing sensitive information.

• Bluetooth & NFC attacks (bluejacking, bluesnarfing).

9.5 Conclusion
While mobile and wireless devices have transformed modern life, they also expand op-
portunities for cybercriminals. Security awareness, encryption, and strong authentication
are essential for safe usage.

13
10 Trends in Mobility
10.1 Introduction
Trends in mobility describe how mobile technology usage, features, and applications are
evolving over time. Driven by innovations in wireless communication, hardware minia-
turization, and cloud computing, mobility trends impact both personal lifestyles and
enterprise strategies.

10.2 Key Trends


• 5G Connectivity: Ultra-fast speeds, low latency enabling advanced mobile appli-
cations.
• Mobile Payment Systems: Digital wallets (Google Pay, Apple Pay, Paytm)
replacing cash transactions.
• Bring Your Own Device (BYOD): Employees using personal devices for work,
raising security concerns.
• IoT Integration: Mobile devices controlling smart home, vehicles, wearables.
• Cloud-based Mobile Apps: Real-time data sync across devices.
• Augmented & Virtual Reality: Enhanced user experiences in gaming, shopping,
education.
• Edge Computing: Processing closer to the data source for faster performance.

10.3 Security Implications


• BYOD risks: Corporate data leakage from personal devices.
• Mobile malware: Targeting banking apps and payment gateways.
• Tracking & privacy issues: Location-based services collecting personal data.
• Public network vulnerabilities: Exposure to man-in-the-middle attacks.

10.4 Conclusion
Mobility trends are moving towards greater integration, personalization, and connectiv-
ity. However, increased mobility also means increased responsibility to secure devices,
networks, and user data.

11 Vishing Attack
11.1 Introduction
Vishing (Voice Phishing) is a social engineering attack where criminals use phone calls or
VoIP (Voice over Internet Protocol) to trick people into revealing confidential information
such as banking details, passwords, or personal data. It combines voice communication
with phishing techniques.

14
11.2 How It Works
• Preparation: Attacker gathers basic information about the victim (name, phone
number, bank details) through data leaks, social media, or previous scams.

• Spoofing Caller ID: Attacker uses VoIP technology to make the call appear from
a legitimate source (e.g., bank, government agency).

• Engaging the Victim: Attacker pretends to be a trusted authority and creates


urgency or fear (e.g., Your account will be blocked in 2 hours unless you verify your
details).

• Information Extraction: Victim is asked to share sensitive details such as:

– Bank account number


– OTP (One-Time Password)
– Credit/debit card details
– Internet banking login credentials

• Exploitation: Criminal uses the stolen information to commit financial fraud or


identity theft.

11.3 Example
A scammer calls claiming to be from a banks fraud department, saying there was a
suspicious withdrawal. They ask the victim to confirm account details and OTP which
are then used to steal money.

11.4 Protection Against Vishing


• Do not share sensitive information over phone calls.

• Verify the caller by calling the official number from the banks website.

• Be cautious of urgency banks never rush customers to disclose details.

• Register for DND (Do Not Disturb) services to reduce spam calls.

• Educate yourself about common phone scams.

• Report suspicious calls to the telecom provider or cybercrime portal ([Link]


in India).

11.5 Conclusion
Vishing attacks exploit trust and urgency rather than technology flaws. Awareness, caller
verification, and refusal to share sensitive details over the phone are the best defenses.

15
12 Mobile/Cell Phone Attacks
12.1 Introduction
Mobile phones are no longer just communication devices; they store personal, financial,
and business data and are connected to the internet 24/7. Because of this, they have
become a prime target for cybercriminals. Mobile attacks exploit hardware, software, or
user behavior to steal data, commit fraud, or disrupt services.

12.2 Common Types of Mobile Attacks


1. Malware Attacks
• Description: Malicious apps or files infect the mobile OS.
• Examples: Trojans disguised as games or utilities, ransomware locking the
phone.
• Impact: Data theft, financial fraud, device control.
2. Phishing & Smishing
• Phishing: Fake emails directing users to malicious websites.
• Smishing: Fraudulent SMS messages with harmful links.
• Impact: Credential theft, account compromise.
3. Vishing
• Description: Voice phishing via phone calls to trick users into sharing per-
sonal info.
• Impact: Banking fraud, identity theft.
4. Spyware
• Description: Software secretly monitoring user activity.
• Example: Pegasus spyware tracking messages, calls, and location.
• Impact: Total privacy breach.
5. Man-in-the-Middle (MITM) via Public Wi-Fi
• Description: Attackers intercept data sent over unsecured public Wi-Fi.
• Impact: Theft of login credentials, personal files.
6. SIM Cloning / SIM Swap
• Description: Duplicate SIM created or SIM ownership changed to attackers
device.
• Impact: Criminal receives OTPs and banking alerts.
7. Bluetooth/NFC Attacks
• Bluejacking: Sending unwanted messages.
• Bluesnarfing: Stealing data over Bluetooth.
• Impact: Unauthorized data transfer.

16
12.3 Examples
• Pegasus Spyware Case: Used to monitor journalists and activists via mobile
phones.

• Bank OTP Fraud: Criminals swapping SIMs to steal OTPs for online banking.

12.4 Prevention Measures


• Install apps only from trusted sources (Google Play Store, Apple App Store).

• Keep OS and apps updated with security patches.

• Avoid public Wi-Fi or use VPN.

• Enable screen lock and device encryption.

• Use multi-factor authentication for sensitive accounts.

• Be cautious with unknown links, SMS, and calls.

12.5 Conclusion
Mobile/cell phone attacks target personal data, finances, and privacy. With growing mo-
bile usage, strong digital hygiene, secure configurations, and user awareness are essential
to protect against these threats.

13 Basic Security Precautions to Safeguard Laptops


and Wireless Devices
13.1 Introduction
Laptops and wireless devices such as smartphones, tablets, and IoT gadgets are highly
portable and store sensitive data. Their portability also makes them vulnerable to theft,
hacking, and data loss. Implementing basic security precautions reduces the risk of data
compromise and unauthorized access.

13.2 Physical Security Precautions


• Use Laptop Locks: Attach a Kensington lock to prevent theft in public places.

• Secure Storage: Keep devices in locked drawers or cabinets when not in use.

• Avoid Unattended Use: Do not leave devices unattended in public areas.

• Asset Tagging: Label devices for easy identification and recovery.

17
13.3 Device & Data Protection
• Strong Passwords / Passcodes: Use complex, unique passwords.

• Multi-Factor Authentication (MFA): Extra security for login.

• Full Disk Encryption: Protects data even if the device is stolen.

• Automatic Screen Lock: Lock after a short period of inactivity.

• Regular Backups: Keep backups on external drives or cloud storage.

13.4 Network & Wireless Security


• Secure Wi-Fi: Use WPA3/WPA2 encryption; avoid WEP.

• VPN Usage: Encrypt data when using public Wi-Fi.

• Disable Auto-Connect: Prevents connecting to rogue networks.

• Firewall Protection: Enable OS firewall to block unauthorized traffic.

13.5 Software & System Security


• Keep OS & Software Updated: Install security patches regularly.

• Antivirus & Anti-Malware: Use reliable security software with real-time pro-
tection.

• Avoid Untrusted Apps: Download only from official stores.

• Disable Unused Services: Turn off Bluetooth, NFC, and file sharing when not
needed.

13.6 Organizational Measures


• Security Policies: Define rules for device use and data handling.

• Employee Training: Teach safe handling, phishing awareness, and reporting pro-
cedures.

• Device Management Systems: Use MDM (Mobile Device Management) to en-


force policies remotely.

• Remote Wipe: Erase data remotely in case of theft.

13.7 Conclusion
Laptops and wireless devices require both physical and digital security measures. A
combination of strong authentication, encryption, regular updates, and user awareness
ensures safety against theft, hacking, and data breaches.

18
14 Security Challenges Posed by Mobile Devices
14.1 Introduction
Mobile devices such as smartphones, tablets, and laptops are powerful computing tools
that store sensitive personal, financial, and organizational data. Their portability, con-
stant internet connectivity, and diverse applications make them a primary target for
cybercriminals. Security challenges arise from technical vulnerabilities, user behavior,
and network exposure.

14.2 Key Security Challenges


1. Device Theft and Loss

• Description: Small size makes mobile devices easy to lose or steal.


• Impact: Loss of confidential data, unauthorized access to corporate systems.
• Example: Stolen phone used to access saved banking apps.

2. Malware and Malicious Apps

• Description: Apps containing trojans, spyware, or ransomware can infect


devices.
• Impact: Data theft, financial fraud, remote device control.
• Example: Fake utility apps stealing contacts and messages.

3. Unsecured Public Wi-Fi

• Description: Public hotspots can be intercepted by attackers.


• Impact: Man-in-the-Middle (MITM) attacks stealing credentials.
• Example: Hacker capturing online banking login details on free Wi-Fi.

4. Phishing, Smishing, and Vishing

• Description: Social engineering attacks via email, SMS, or phone calls.


• Impact: Theft of login credentials, OTPs, or financial data.
• Example: Fake SMS link asking for UPI PIN.

5. Operating System Vulnerabilities

• Description: Outdated OS versions with unpatched security flaws.


• Impact: Exploitation by hackers for remote control or data theft.
• Example: Jailbroken iOS device infected with spyware.

6. BYOD (Bring Your Own Device) Risks

• Description: Employees using personal devices for work.


• Impact: Mixing personal and corporate data, leading to leakage.
• Example: Personal phone with weak security accessing corporate emails.

19
7. Bluetooth and NFC Exploits

• Description: Wireless short-range technologies can be abused.


• Impact: Data theft (bluesnarfing), spam messages (bluejacking).
• Example: Attacker nearby stealing files over Bluetooth.

8. Cloud Data Synchronization Risks

• Description: Automatic syncing of sensitive files to cloud services.


• Impact: Data leaks if cloud account is compromised.
• Example: Stolen cloud credentials exposing corporate documents.

14.3 Conclusion
Mobile devices face multi-layered security challenges from theft and malware to network
and cloud risks. A combination of technical controls (encryption, updates, antivirus) and
user awareness is essential to safeguard against these threats.

15 Credit Card Frauds in the Mobile and Wireless


Computing Era
15.1 Introduction
Credit card fraud involves unauthorized use of a credit card or its details to obtain
goods, services, or funds. In the mobile and wireless computing era, fraudsters exploit
smartphones, mobile apps, wireless networks, and online transactions to commit these
crimes faster and at a larger scale. The combination of always-connected devices and
cashless payments has made credit card fraud one of the most common cybercrimes.

15.2 Common Methods of Credit Card Fraud in Mobile & Wire-


less Era
1. Phishing / Smishing / Vishing

• Phishing: Fake emails asking for card details.


• Smishing: Fraudulent SMS links to fake payment portals.
• Vishing: Fake calls pretending to be from banks asking for OTPs or CVV
numbers.

2. Malware & Spyware on Mobile Devices

• Malicious apps log keystrokes or capture screenshots of payment details.


• Example: Fake banking apps stealing credit card credentials.

3. Man-in-the-Middle (MITM) Attacks

• Occur over unsecured public Wi-Fi.

20
• Attacker intercepts payment details during online purchases.

4. App-Based Payment Frauds

• Rogue payment apps mimicking legitimate UPI or wallet services.


• Example: Fake Google Pay or Paytm apps harvesting card info.

5. Card Cloning & Skimming

• Fraudsters copy card data using skimmers attached to ATMs or POS machines.
• Data is later used for mobile-based transactions.

6. Data Breaches

• Large-scale breaches of e-commerce or payment gateway databases.


• Stolen card details sold on the dark web for mobile-based misuse.

15.3 Real-World Examples


• 2018 Cosmos Bank Cyberattack (Pune): Hackers stole card data and with-
drew 94 crore using cloned cards.

• Fake SMS links leading to phishing sites tricking users into revealing OTPs.

15.4 Prevention Measures


For Users:

• Use official banking apps only from trusted sources.

• Avoid public Wi-Fi for financial transactions.

• Enable two-factor authentication (2FA).

• Do not share OTP, CVV, or PIN with anyone.

• Monitor bank statements regularly for unauthorized transactions.

For Organizations:

• Implement end-to-end encryption for mobile payments.

• Regularly update payment apps with security patches.

• Use fraud detection systems to monitor unusual activity.

• Educate customers about common fraud tactics.

15.5 Conclusion
In the mobile and wireless computing era, credit card fraud has become faster, harder
to trace, and more sophisticated. Strong digital hygiene, secure payment practices, and
user awareness are the best defenses against these crimes.

21
16 Steps Involved in Planning of Cyberattacks by
Criminals
16.1 Introduction
Cyberattacks are rarely random events most are well-planned operations designed to
steal data, disrupt systems, or cause financial loss. Criminals follow a systematic, step-
by-step approach to maximize the chances of success while minimizing the risk of being
caught. Understanding these steps helps in predicting, detecting, and preventing such
attacks.

16.2 Detailed Steps


1. Reconnaissance (Information Gathering)

• The attackers first move is to study the target.


• Goal: Learn as much as possible about the targets systems, people, and
security measures.
• Techniques:
– Passive Recon: Observing without touching the target (searching social
media, company websites, WHOIS data, news articles).
– Active Recon: Interacting with the system (port scanning, ping sweeps).
• Example: An attacker finds employee email IDs from LinkedIn to use in
phishing.

2. Target Selection

• Attackers decide who or what to attack based on:


– Value of the data (banks, payment gateways).
– Vulnerability level (small businesses with poor cybersecurity).
• Example: Choosing a poorly secured e-commerce site instead of a well-
protected bank.

3. Vulnerability Assessment

• After choosing a target, criminals look for weaknesses:


– Unpatched operating systems.
– Weak or reused passwords.
– Misconfigured firewalls.
– Human errors (clicking unsafe links).
• Example: Discovering a web server running outdated PHP version.

4. Choosing the Attack Vector

• An attack vector is the path used to gain access.


• Common attack vectors include:

22
– Phishing / Spear-phishing.
– Malware / Ransomware.
– SQL Injection.
– Man-in-the-Middle over public Wi-Fi.
• Example: Attacker selects phishing emails with malicious links.

5. Exploitation

• The actual execution of the attack.


• Methods depend on the chosen vector:
– Delivering a malicious email attachment.
– Injecting harmful SQL commands into a vulnerable form.
– Overloading a server with traffic (DDoS).
• Example: Victim opens a malicious Excel file, activating malware.

6. Maintaining Access (Persistence)

• Once inside, criminals ensure they can return.


• They may:
– Install backdoors or Remote Access Trojans (RATs).
– Create new user accounts with admin privileges.
– Disable antivirus alerts.
• Example: Attacker plants a hidden script to re-enable access even after
cleanup.

7. Covering Tracks

• Attackers remove evidence to avoid detection:


– Deleting log files.
– Disabling security monitoring.
– Routing through anonymous networks (VPN, Tor).
• Example: Changing system time stamps so logs appear normal.

8. Monetization / Final Objective

• The stolen data or compromised system is used for profit or damage:


– Selling data on the dark web.
– Demanding ransom for decryption keys.
– Using stolen credentials for future attacks.
• Example: Credit card numbers sold to underground forums.

23
16.3 Example Flow
Imagine a phishing attack on a bank employee:

• Attacker studies bank staff profiles online (Recon).

• Chooses junior employees as likely weak targets (Selection).

• Finds staff email format & old breach data (Vulnerability Assessment).

• Crafts fake HR notice with a malicious link (Attack Vector).

• Employee clicks link malware installs (Exploitation).

• Backdoor created for future access (Persistence).

• Logs deleted to hide entry (Covering Tracks).

• Customer data stolen and sold online (Monetization).

16.4 Conclusion
Cyberattacks are methodical and organized. From reconnaissance to monetization, each
step is designed to maximize gain and minimize detection. By understanding this cycle,
security teams can intervene early and break the chain before serious damage occurs.

17 Salami Attack
17.1 Introduction
A Salami Attack is a type of cybercrime or financial fraud in which criminals make many
small, often unnoticeable changes or steal small amounts of money/data over time. The
changes are so minor that they go undetected individually, but together they result in
significant loss. The term comes from the idea of slicing a salami into thin, unnoticed
pieces.

17.2 How It Works


• Target Identification: Criminal selects a system handling large volumes of trans-
actions.

• Small-Scale Manipulation: Each transaction is altered by a tiny fraction (e.g.,


rounding down amounts).

• Accumulation: The criminal collects the small amounts over many transactions.

• Exploitation: Stolen amounts are transferred to an account controlled by the


attacker.

24
17.3 Example
In a bank system, interest on savings accounts is calculated monthly. Attacker manipu-
lates the program to truncate fractions of a cent and deposit them into their own account.
Each transaction loss is negligible, but across millions of accounts, it becomes a large sum.

17.4 Real-World Scenario


In the 1980s, employees in financial institutions used salami slicing to steal small amounts
from many customer accounts. Similar attacks have been seen in online billing systems,
payroll software, and e-commerce platforms.

17.5 Prevention Measures


• Regular audits of transaction systems.

• Integrity checks on financial calculations.

• Separation of duties so no single employee controls all stages of a transaction.

• Anomaly detection systems to flag unusual patterns.

• Access control and logging to track system changes.

17.6 Conclusion
Salami attacks are dangerous because they avoid detection by being small and gradual.
Strong auditing, monitoring, and transaction verification are essential to prevent such
frauds.

18 Cyberstalking and Harassment


18.1 Introduction
Cyberstalking refers to the use of the internet, email, social media, or other digital com-
munication tools to repeatedly harass, threaten, or intimidate a person. It is a form
of online harassment where the attacker monitors and targets a victim over time, of-
ten causing fear, emotional distress, and reputational damage. Unlike offline stalking,
cyberstalking can be done anonymously, from anywhere, and 24Œ7.

18.2 Forms of Cyberstalking and Harassment


• Direct Threats

– Sending threatening emails, messages, or posts.


– Example: If you dont do what I say, I will ruin your life.

• Online Defamation

– Posting false or harmful statements to damage someones reputation.

25
– Example: Creating fake social media accounts to spread lies.

• Identity Theft for Harassment

– Using stolen personal information to impersonate the victim online.


– Example: Sending fake emails from the victims name.

• Monitoring & Tracking

– Using spyware, GPS tracking, or hacking accounts to follow the victims activ-
ities.
– Example: Installing a keylogger on the victims laptop.

• Doxxing

– Publishing private information (address, phone number) online to encourage


harassment.
– Example: Posting the victims home address on a public forum.

18.3 Methods Used by Cyberstalkers


• Social Media Misuse: Creating fake profiles, sending abusive comments.

• Email Harassment: Flooding inbox with unwanted or threatening messages.

• Malware Installation: Spyware to track keystrokes, screenshots, or location.

• Phishing: To gain passwords and access private accounts.

• Spoofing: Sending messages appearing to come from someone the victim trusts.

18.4 Legal Provisions in India


• Section 354D, IPC: Criminalizes stalking, including online stalking.

• Section 67, IT Act 2000: Punishes publishing obscene material online.

• Section 66E, IT Act 2000: Punishes violation of privacy.

• Section 507, IPC: Punishes criminal intimidation by anonymous communication.

18.5 Prevention & Safety Measures


• Use strong, unique passwords and change them regularly.

• Limit personal information shared online.

• Block and report stalkers on all platforms.

• Enable two-factor authentication (2FA) on accounts.

• Keep evidence (screenshots, messages) for legal action.

• Avoid clicking unknown links in messages or emails.

26
18.6 Conclusion
Cyberstalking and harassment are serious online crimes that can cause psychological,
social, and financial harm to victims. Awareness, digital security practices, and timely
legal action are essential to protect individuals from such threats.

27

You might also like