How Criminals Plan the Attacks

1. Introduction

Before launching a cyberattack, criminals rarely act randomly.

They follow a planned and structured approach to maximize success and avoid detection.

The planning phase often begins with information gathering (reconnaissance), followed by choosing the
attack type — either passive (silent observation) or active (direct exploitation).

Understanding these stages helps cybersecurity professionals detect and prevent attacks early.

2. Reconnaissance

Definition: Initial stage where attackers collect as much information as possible about the target.

Purpose: Identify potential weaknesses to exploit later.

Methods:

Footprinting – Gathering publicly available data (domain names, IP addresses).

Scanning – Checking open ports, running services.

Social engineering – Manipulating people into revealing information.

Tools: Nmap, Whois lookup, Google hacking, Maltego.

Outcome: A blueprint of the target system to guide the attack.

3. Passive Attack
Definition: Attack where the criminal monitors or collects data without making any changes to the
system.

Objective: Remain undetected while gathering useful information.

Examples:

Packet sniffing – Capturing data packets (e.g., Wireshark).

Traffic analysis – Studying communication patterns.

Eavesdropping – Listening to unencrypted communications.

Characteristics:

No direct damage to systems.

Very hard to detect because there’s no visible alteration.

4. Active Attack

Definition: Attack where the criminal interferes with, modifies, or damages the target’s data or systems.

Objective: Cause immediate disruption or gain unauthorized access.

Examples:
DoS/DDoS – Overloading servers to crash services.

Data modification – Changing sensitive files.

Malware injection – Installing viruses, ransomware.

Session hijacking – Taking over a live session.

Characteristics:

Usually detected quickly because of visible system issues.

Can cause financial, reputational, and operational loss.

5. Relation Between the Three

Reconnaissance → Find weaknesses.

Passive attack → Collect deeper details quietly.

Active attack → Exploit vulnerabilities for damage or gain.

6. Conclusion

Every major cyberattack usually starts with careful planning.

Criminals first study the target (reconnaissance), may then observe silently (passive attack), and finally
strike actively to achieve their goals.

Awareness of these steps allows security teams to spot threats early and take preventive action.
Q)

1. Social Engineering

1. Introduction

Social Engineering is a non-technical hacking technique that relies on manipulating human psychology
rather than exploiting computer vulnerabilities.

Attackers trick individuals into divulging confidential information or performing actions that
compromise security.

It is often the first step before technical attacks.

2. Common Social Engineering Techniques

Phishing – Sending fake emails/messages that look genuine to steal credentials.

Pretexting – Pretending to be someone trustworthy to extract information.

Baiting – Leaving infected USB drives or files for victims to use.

Tailgating – Physically following someone into a restricted area.

Quid Pro Quo – Offering a benefit in exchange for sensitive information.

3. Example

An attacker sends an email pretending to be from the bank, asking the victim to "verify account
details" by clicking a fake link.

The victim unknowingly enters login credentials, which go to the attacker.

4. Prevention

Train employees on security awareness.

Use multi-factor authentication.

Verify requests through official channels.

Avoid clicking suspicious links or downloading unknown files.

5. Conclusion

Social Engineering exploits trust and curiosity rather than technical flaws.

Strong awareness and verification habits are the best defense.

2. Cyber Stalking

1. Introduction

Cyber stalking is the use of the internet, email, social media, or other digital technologies to harass,
intimidate, or threaten an individual repeatedly.

Unlike one-time harassment, cyber stalking is persistent and intentional.

2. Characteristics

Repeated unwanted contact (emails, messages, posts).

Monitoring online activities without consent.

Posting harmful or false information about the victim.

Threats to the victim or their family.

3. Methods Used by Cyber Stalkers

Email harassment – Sending abusive or threatening emails.

Social media abuse – Fake profiles, spreading rumors.

Tracking software – Using spyware to monitor the victim’s devices.

Doxxing – Publishing personal details like address or phone number online.

4. Real-World Example

A stalker repeatedly sends threatening messages to a victim through multiple fake social media
accounts, making them feel unsafe.

5. Legal Provisions in India

Section 354D of IPC – Covers stalking (including cyber stalking).

Sections 66A, 66E of ITA 2000 – Punish sending offensive messages and privacy violations.

6. Prevention

Restrict privacy settings on social media.

Block and report suspicious accounts.

Keep digital evidence for legal action.

Avoid sharing sensitive personal details online.

7. Conclusion

Cyber stalking is a serious digital harassment crime that can cause emotional, psychological, and
physical distress.

Awareness, digital hygiene, and strong legal action are crucial to prevent and combat it.

1. Cyber Café and Cybercrimes

1. Introduction

Cyber cafés are public places that provide internet access to users on a temporary
basis.

While they are useful for people without personal internet connections, they have
also become common points for cybercriminal activities because users can remain
relatively anonymous.

2. Why Cyber Cafés are Used for Cybercrime

Anonymity – Criminals can use public systems without linking activity to their
personal devices.

Poor monitoring – Many cafés lack strong user authentication.

Shared devices – Makes it hard to trace specific users.

Inadequate security – Weak antivirus, outdated software.

3. Common Cybercrimes from Cyber Cafés

Hacking attempts – Attacks on websites or servers.

Online fraud – Phishing, fake shopping sites.

Email scams – Sending spam or malicious attachments.

Identity theft – Logging in to steal passwords.

Viewing/downloading illegal content – Including piracy or prohibited material.

4. Legal Provisions

Indian IT (Guidelines for Cyber Café) Rules, 2011 under ITA 2000:

Maintain user identification records (photo ID).

Keep usage logs for 1 year.

Arrange computer terminals to prevent screen viewing by others.

Install CCTV for monitoring.

5. Prevention

Use strong authentication before allowing access.

Keep antivirus and system software updated.

Maintain logs of user activities.

Educate staff to identify suspicious activity.

6. Conclusion

Cyber cafés can be breeding grounds for cybercrime if not properly monitored.

Strict implementation of IT rules and proper logging can help reduce misuse.

2. Botnets

1. Introduction

A botnet is a network of compromised computers (bots or zombies) controlled

remotely by a cybercriminal (called a botmaster) without the owner’s knowledge.

Botnets are used for large-scale cyberattacks.

2. How Botnets Work

Infection – Computers are infected via malware from malicious websites, phishing
emails, or downloads.

Control – The infected devices connect to the attacker’s Command and Control
(C&C) server.

Execution – Botmaster sends commands to all bots to perform malicious activities.

Stealth – Botnets run in the background without alerting the user.

3. Uses of Botnets in Cybercrime

Distributed Denial of Service (DDoS) – Overloading servers to crash websites.

Spam campaigns – Sending millions of spam/phishing emails.

Data theft – Stealing banking credentials, passwords.

Click fraud – Generating fake clicks on ads for profit.

Cryptojacking – Using victim’s CPU for cryptocurrency mining.

4. Examples

Mirai Botnet (2016) – Infected IoT devices, causing massive internet outages.

Storm Botnet – Sent spam and malware globally.

5. Prevention

Keep operating system and software updated.

Use strong antivirus and firewall.

Avoid clicking on suspicious links or downloading unknown files.

Disable unused network services.

6. Conclusion

Botnets are one of the most dangerous tools in cybercrime because of their scale,
automation, and anonymity.
Preventing infections and monitoring network activity are essential to stop botnet
attacks.

1. Attack Vector

1. Introduction

An attack vector is the path or method used by a cybercriminal to gain

unauthorized access to a system or network.

It represents how an attack is delivered and is a critical concept in understanding

and preventing cybercrimes.

2. Common Types of Attack Vectors

Phishing – Fake emails/websites trick users into giving credentials.

Malware – Viruses, worms, trojans installed through downloads or attachments.

SQL Injection – Inserting malicious SQL code into database queries.

Zero-day exploits – Using unknown vulnerabilities before they are patched.

Man-in-the-Middle (MITM) – Intercepting and altering communications.

Password attacks – Brute force, dictionary attacks, credential stuffing.

Drive-by downloads – Malware installed automatically when visiting a

compromised website.
Social engineering – Manipulating people to reveal sensitive data.

3. Example

A hacker sends a phishing email pretending to be from a bank.

Victim clicks the link → enters login info on a fake site → hacker gains access to
the account.

4. Prevention

Use multi-factor authentication (MFA).

Keep software updated to patch vulnerabilities.

Train employees on security awareness.

Use email filtering and anti-phishing tools.

5. Conclusion

Attack vectors are the entry doors for cybercriminals.

Identifying and securing these paths is the first step in preventing cyberattacks.

2. Cloud Computing in Cybercrime Context

1. Introduction

Cloud computing delivers computing resources (storage, processing, networking)

over the internet.

While it offers flexibility and cost savings, it also introduces new security risks that
can be exploited by cybercriminals.
2. Cloud-Related Cybercrime Risks

Data breaches – Sensitive customer data stored in the cloud may be hacked.

Account hijacking – Stolen cloud credentials used to access data.

Insecure APIs – Poorly secured cloud service interfaces exploited.

Insider threats – Employees misusing access privileges.

Malware injection – Malicious code injected into cloud apps.

Denial-of-Service attacks – Cloud services overloaded to cause downtime.

3. Examples

Capital One breach (2019) – Cloud misconfiguration led to theft of personal data of
100M+ customers.

Attackers hosting phishing websites on compromised cloud servers.

4. Prevention

Strong authentication for cloud accounts (MFA).

Encrypt sensitive data before storing in cloud.

Regular security audits and patch updates.

Monitor access logs for suspicious activity.

Choose cloud providers with strong compliance certifications.

5. Conclusion

Cloud computing has transformed IT, but its shared and online nature creates new
opportunities for cybercrime.

Organizations must adopt strong cloud security policies to protect against these
threats.

How Cybercrimes Differ from Most Terrestrial Crimes

1. Introduction

Traditional (terrestrial) crimes occur in the physical world, such as theft, assault,
or vandalism.

Cybercrimes occur in the digital world, using computers, networks, or the internet
as the target or tool.

While both aim to cause harm or gain illegal benefits, cybercrimes differ
significantly in execution, detection, and impact.

2. Key Differences

Aspect CybercrimesTerrestrial Crimes

Location Committed in cyberspace, can be done remotely from anywhere in the

[Link] physical presence at the crime scene.

Jurisdiction Crosses national and state boundaries; difficult to determine legal

authority. Jurisdiction is usually clear within a physical location.

Speed of Crime Happens in seconds or minutes (e.g., hacking, data theft).

Usually takes longer to plan and execute.

Evidence Digital evidence — logs, IP addresses, metadata; can be altered easily.

Physical evidence — fingerprints, CCTV footage, objects.
Victim Awareness Victims may not know immediately they’ve been attacked.
Victims usually notice the crime quickly (e.g., robbery).

Scale of Impact Can affect millions instantly (e.g., malware spreading globally).
Usually affects a limited area or number of people.

Cost to Commit Often low-cost (just a computer & internet connection). Often
requires tools, vehicles, manpower.

Anonymity Criminal can hide identity using VPNs, TOR, spoofing. Harder to
hide identity; physical appearance or witnesses can expose them.

Law Enforcement Challenges Requires specialized cyber forensics and

international cooperation. Investigated with traditional policing methods.

3. Example

Cybercrime: A hacker in another country steals banking credentials of thousands

of people via phishing in minutes.

Terrestrial crime: A burglar breaks into a single house to steal valuables —

requires physical entry and more time.

4. Conclusion

Cybercrimes are borderless, fast, and scalable, making them harder to detect and
control compared to most terrestrial crimes.

Effective prevention requires advanced technology, international cooperation, and

strong cyber laws.

1. Proliferation of Mobile and Wireless Devices

1. Introduction

The proliferation of mobile and wireless devices refers to the rapid growth and
widespread adoption of smartphones, tablets, laptops, and other wireless-enabled
devices globally.

Advancements in wireless technologies (Wi-Fi, 4G/5G, Bluetooth, NFC) and

affordable hardware have made mobile devices an essential part of daily life — for
both personal and professional use.

2. Reasons for Proliferation

Affordability – Lower cost smartphones accessible to more people.

Network availability – Expansion of 4G/5G and public Wi-Fi.

Portability – Small size, easy to carry.

App ecosystem – Millions of applications for work, communication, entertainment.

Cloud integration – Data accessible anywhere via cloud services.

IoT expansion – Devices connected to smart appliances, wearables.

3. Impact

Positive:

Enhanced connectivity and productivity.

Access to e-commerce, e-learning, telemedicine.

Negative:

Increased cybercrime risks (data theft, phishing, malware).

Greater attack surface for hackers due to constant connectivity.

4. Cybersecurity Concerns

Device theft leading to data compromise.

Unsecured public Wi-Fi risks.

Malicious apps stealing sensitive information.

Bluetooth & NFC attacks (bluejacking, bluesnarfing).

5. Conclusion

While mobile and wireless devices have transformed modern life, they also expand
opportunities for cybercriminals.

Security awareness, encryption, and strong authentication are essential for safe
usage.

2. Trends in Mobility

1. Introduction

Trends in mobility describe how mobile technology usage, features, and

applications are evolving over time.

Driven by innovations in wireless communication, hardware miniaturization, and

cloud computing, mobility trends impact both personal lifestyles and enterprise
strategies.

2. Key Trends

5G Connectivity – Ultra-fast speeds, low latency enabling advanced mobile

applications.
Mobile Payment Systems – Digital wallets (Google Pay, Apple Pay, Paytm)
replacing cash transactions.

Bring Your Own Device (BYOD) – Employees using personal devices for work,
raising security concerns.

IoT Integration – Mobile devices controlling smart home, vehicles, wearables.

Cloud-based Mobile Apps – Real-time data sync across devices.

Augmented & Virtual Reality – Enhanced user experiences in gaming, shopping,

education.

Edge Computing – Processing closer to the data source for faster performance.

3. Security Implications

BYOD risks – Corporate data leakage from personal devices.

Mobile malware – Targeting banking apps and payment gateways.

Tracking & privacy issues – Location-based services collecting personal data.

Public network vulnerabilities – Exposure to man-in-the-middle attacks.

4. Conclusion

Mobility trends are moving towards greater integration, personalization, and

connectivity.

However, increased mobility also means increased responsibility to secure devices,

networks, and user data.

Vishing Attack

1. Introduction

Vishing (Voice Phishing) is a social engineering attack where criminals use phone
calls or VoIP (Voice over Internet Protocol) to trick people into revealing
confidential information such as banking details, passwords, or personal data.

It combines voice communication with phishing techniques.

2. How It Works

Preparation – Attacker gathers basic information about the victim (name, phone
number, bank details) through data leaks, social media, or previous scams.

Spoofing Caller ID – Attacker uses VoIP technology to make the call appear from a
legitimate source (e.g., bank, government agency).

Engaging the Victim – Attacker pretends to be a trusted authority and creates

urgency or fear (e.g., “Your account will be blocked in 2 hours unless you verify
your details”).

Information Extraction – Victim is asked to share sensitive details such as:

Bank account number

OTP (One-Time Password)

Credit/debit card details

Internet banking login credentials

Exploitation – Criminal uses the stolen information to commit financial fraud or
identity theft.

3. Example

A scammer calls claiming to be from a bank’s fraud department, saying there was a
suspicious withdrawal.

They ask the victim to “confirm” account details and OTP — which are then used to
steal money.

4. Protection Against Vishing

Do not share sensitive information over phone calls.

Verify the caller by calling the official number from the bank’s website.

Be cautious of urgency — banks never rush customers to disclose details.

Register for DND (Do Not Disturb) services to reduce spam calls.

Educate yourself about common phone scams.

Report suspicious calls to the telecom provider or cybercrime portal

([Link] in India).

5. Conclusion

Vishing attacks exploit trust and urgency rather than technology flaws.

Awareness, caller verification, and refusal to share sensitive details over the phone
are the best defenses.
Mobile/Cell Phone Attacks

1. Introduction

Mobile phones are no longer just communication devices; they store personal,
financial, and business data and are connected to the internet 24/7.

Because of this, they have become a prime target for cybercriminals.

Mobile attacks exploit hardware, software, or user behavior to steal data, commit
fraud, or disrupt services.

2. Common Types of Mobile Attacks

1. Malware Attacks

Description: Malicious apps or files infect the mobile OS.

Examples: Trojans disguised as games or utilities, ransomware locking the phone.

Impact: Data theft, financial fraud, device control.

2. Phishing & Smishing

Phishing: Fake emails directing users to malicious websites.

Smishing: Fraudulent SMS messages with harmful links.

Impact: Credential theft, account compromise.

3. Vishing

Description: Voice phishing via phone calls to trick users into sharing personal
info.

Impact: Banking fraud, identity theft.

4. Spyware

Description: Software secretly monitoring user activity.

Example: Pegasus spyware tracking messages, calls, and location.

Impact: Total privacy breach.

5. Man-in-the-Middle (MITM) via Public Wi-Fi

Description: Attackers intercept data sent over unsecured public Wi-Fi.

Impact: Theft of login credentials, personal files.

6. SIM Cloning / SIM Swap

Description: Duplicate SIM created or SIM ownership changed to attacker’s

device.

Impact: Criminal receives OTPs and banking alerts.

7. Bluetooth/NFC Attacks

Bluejacking – Sending unwanted messages.

Bluesnarfing – Stealing data over Bluetooth.

Impact: Unauthorized data transfer.

3. Examples

Pegasus Spyware Case – Used to monitor journalists and activists via mobile
phones.
Bank OTP Fraud – Criminals swapping SIMs to steal OTPs for online banking.

4. Prevention Measures

Install apps only from trusted sources (Google Play Store, Apple App Store).

Keep OS and apps updated with security patches.

Avoid public Wi-Fi or use VPN.

Enable screen lock and device encryption.

Use multi-factor authentication for sensitive accounts.

Be cautious with unknown links, SMS, and calls.

5. Conclusion

Mobile/cell phone attacks target personal data, finances, and privacy.

With growing mobile usage, strong digital hygiene, secure configurations, and user
awareness are essential to protect against these threats.

Basic Security Precautions to Safeguard Laptops and Wireless Devices

1. Introduction

Laptops and wireless devices such as smartphones, tablets, and IoT gadgets are
highly portable and store sensitive data.

Their portability also makes them vulnerable to theft, hacking, and data loss.

Implementing basic security precautions reduces the risk of data compromise and
unauthorized access.
2. Physical Security Precautions

Use Laptop Locks – Attach a Kensington lock to prevent theft in public places.

Secure Storage – Keep devices in locked drawers or cabinets when not in use.

Avoid Unattended Use – Do not leave devices unattended in public areas.

Asset Tagging – Label devices for easy identification and recovery.

3. Device & Data Protection

Strong Passwords / Passcodes – Use complex, unique passwords.

Multi-Factor Authentication (MFA) – Extra security for login.

Full Disk Encryption – Protects data even if the device is stolen.

Automatic Screen Lock – Lock after a short period of inactivity.

Regular Backups – Keep backups on external drives or cloud storage.

4. Network & Wireless Security

Secure Wi-Fi – Use WPA3/WPA2 encryption; avoid WEP.

VPN Usage – Encrypt data when using public Wi-Fi.

Disable Auto-Connect – Prevents connecting to rogue networks.

Firewall Protection – Enable OS firewall to block unauthorized traffic.

5. Software & System Security

Keep OS & Software Updated – Install security patches regularly.

Antivirus & Anti-Malware – Use reliable security software with real-time

protection.

Avoid Untrusted Apps – Download only from official stores.

Disable Unused Services – Turn off Bluetooth, NFC, and file sharing when not
needed.

6. Organizational Measures

Security Policies – Define rules for device use and data handling.

Employee Training – Teach safe handling, phishing awareness, and reporting

procedures.

Device Management Systems – Use MDM (Mobile Device Management) to enforce

policies remotely.

Remote Wipe – Erase data remotely in case of theft.

7. Conclusion

Laptops and wireless devices require both physical and digital security measures.

A combination of strong authentication, encryption, regular updates, and user

awareness ensures safety against theft, hacking, and data breaches.

Security Challenges Posed by Mobile Devices

1. Introduction
Mobile devices such as smartphones, tablets, and laptops are powerful computing
tools that store sensitive personal, financial, and organizational data.

Their portability, constant internet connectivity, and diverse applications make

them a primary target for cybercriminals.

Security challenges arise from technical vulnerabilities, user behavior, and

network exposure.

2. Key Security Challenges

1. Device Theft and Loss

Description: Small size makes mobile devices easy to lose or steal.

Impact: Loss of confidential data, unauthorized access to corporate systems.

Example: Stolen phone used to access saved banking apps.

2. Malware and Malicious Apps

Description: Apps containing trojans, spyware, or ransomware can infect devices.

Impact: Data theft, financial fraud, remote device control.

Example: Fake utility apps stealing contacts and messages.

3. Unsecured Public Wi-Fi

Description: Public hotspots can be intercepted by attackers.

Impact: Man-in-the-Middle (MITM) attacks stealing credentials.

Example: Hacker capturing online banking login details on free Wi-Fi.

4. Phishing, Smishing, and Vishing

Description: Social engineering attacks via email, SMS, or phone calls.

Impact: Theft of login credentials, OTPs, or financial data.

Example: Fake SMS link asking for UPI PIN.

5. Operating System Vulnerabilities

Description: Outdated OS versions with unpatched security flaws.

Impact: Exploitation by hackers for remote control or data theft.

Example: Jailbroken iOS device infected with spyware.

6. BYOD (Bring Your Own Device) Risks

Description: Employees using personal devices for work.

Impact: Mixing personal and corporate data, leading to leakage.

Example: Personal phone with weak security accessing corporate emails.

7. Bluetooth and NFC Exploits

Description: Wireless short-range technologies can be abused.

Impact: Data theft (bluesnarfing), spam messages (bluejacking).

Example: Attacker nearby stealing files over Bluetooth.

8. Cloud Data Synchronization Risks

Description: Automatic syncing of sensitive files to cloud services.

Impact: Data leaks if cloud account is compromised.

Example: Stolen cloud credentials exposing corporate documents.

3. Conclusion

Mobile devices face multi-layered security challenges — from theft and malware to
network and cloud risks.

A combination of technical controls (encryption, updates, antivirus) and user

awareness is essential to safeguard against these threats.

Credit Card Frauds in the Mobile and Wireless Computing Era

1. Introduction

Credit card fraud involves unauthorized use of a credit card or its details to obtain
goods, services, or funds.

In the mobile and wireless computing era, fraudsters exploit smartphones, mobile
apps, wireless networks, and online transactions to commit these crimes faster and
at a larger scale.

The combination of always-connected devices and cashless payments has made

credit card fraud one of the most common cybercrimes.

2. Common Methods of Credit Card Fraud in Mobile & Wireless Era

1. Phishing / Smishing / Vishing

Phishing: Fake emails asking for card details.

Smishing: Fraudulent SMS links to fake payment portals.

Vishing: Fake calls pretending to be from banks asking for OTPs or CVV numbers.
2. Malware & Spyware on Mobile Devices

Malicious apps log keystrokes or capture screenshots of payment details.

Example: Fake banking apps stealing credit card credentials.

3. Man-in-the-Middle (MITM) Attacks

Occur over unsecured public Wi-Fi.

Attacker intercepts payment details during online purchases.

4. App-Based Payment Frauds

Rogue payment apps mimicking legitimate UPI or wallet services.

Example: Fake Google Pay or Paytm apps harvesting card info.

5. Card Cloning & Skimming

Fraudsters copy card data using skimmers attached to ATMs or POS machines.

Data is later used for mobile-based transactions.

6. Data Breaches

Large-scale breaches of e-commerce or payment gateway databases.

Stolen card details sold on the dark web for mobile-based misuse.

3. Real-World Examples

2018 Cosmos Bank Cyberattack (Pune) – Hackers stole card data and withdrew
₹94 crore using cloned cards.

Fake SMS links leading to phishing sites tricking users into revealing OTPs.

4. Prevention Measures

For Users

Use official banking apps only from trusted sources.

Avoid public Wi-Fi for financial transactions.

Enable two-factor authentication (2FA).

Do not share OTP, CVV, or PIN with anyone.

Monitor bank statements regularly for unauthorized transactions.

For Organizations

Implement end-to-end encryption for mobile payments.

Regularly update payment apps with security patches.

Use fraud detection systems to monitor unusual activity.

Educate customers about common fraud tactics.

5. Conclusion

In the mobile and wireless computing era, credit card fraud has become faster,
harder to trace, and more sophisticated.
Strong digital hygiene, secure payment practices, and user awareness are the best
defenses against these crimes.

Steps Involved in Planning of Cyberattacks by Criminals

1. Introduction

Cyberattacks are rarely random events — most are well-planned operations

designed to steal data, disrupt systems, or cause financial loss.

Criminals follow a systematic, step-by-step approach to maximize the chances of

success while minimizing the risk of being caught.

Understanding these steps helps in predicting, detecting, and preventing such

attacks.

2. Detailed Steps

Step 1 – Reconnaissance (Information Gathering)

The attacker’s first move is to study the target.

Goal: Learn as much as possible about the target’s systems, people, and security
measures.

Techniques:

Passive Recon – Observing without touching the target (searching social media,
company websites, WHOIS data, news articles).

Active Recon – Interacting with the system (port scanning, ping sweeps).

Example: An attacker finds employee email IDs from LinkedIn to use in phishing.

Step 2 – Target Selection

Attackers decide who or what to attack based on:

Value of the data (banks, payment gateways).

Vulnerability level (small businesses with poor cybersecurity).

Example: Choosing a poorly secured e-commerce site instead of a well-protected

bank.

Step 3 – Vulnerability Assessment

After choosing a target, criminals look for weaknesses:

Unpatched operating systems.

Weak or reused passwords.

Misconfigured firewalls.

Human errors (clicking unsafe links).

Example: Discovering a web server running outdated PHP version.

Step 4 – Choosing the Attack Vector

An attack vector is the path used to gain access.

Common attack vectors include:

Phishing / Spear-phishing.
Malware / Ransomware.

SQL Injection.

Man-in-the-Middle over public Wi-Fi.

Example: Attacker selects phishing emails with malicious links.

Step 5 – Exploitation

The actual execution of the attack.

Methods depend on the chosen vector:

Delivering a malicious email attachment.

Injecting harmful SQL commands into a vulnerable form.

Overloading a server with traffic (DDoS).

Example: Victim opens a malicious Excel file, activating malware.

Step 6 – Maintaining Access (Persistence)

Once inside, criminals ensure they can return.

They may:

Install backdoors or Remote Access Trojans (RATs).

Create new user accounts with admin privileges.

Disable antivirus alerts.

Example: Attacker plants a hidden script to re-enable access even after cleanup.

Step 7 – Covering Tracks

Attackers remove evidence to avoid detection:

Deleting log files.

Disabling security monitoring.

Routing through anonymous networks (VPN, Tor).

Example: Changing system time stamps so logs appear normal.

Step 8 – Monetization / Final Objective

The stolen data or compromised system is used for profit or damage:

Selling data on the dark web.

Demanding ransom for decryption keys.

Using stolen credentials for future attacks.

Example: Credit card numbers sold to underground forums.

3. Example Flow

Imagine a phishing attack on a bank employee:

Attacker studies bank staff profiles online (Recon).

Chooses junior employees as likely weak targets (Selection).

Finds staff email format & old breach data (Vulnerability Assessment).

Crafts fake HR notice with a malicious link (Attack Vector).

Employee clicks link — malware installs (Exploitation).

Backdoor created for future access (Persistence).

Logs deleted to hide entry (Covering Tracks).

Customer data stolen and sold online (Monetization).

4. Conclusion

Cyberattacks are methodical and organized.

From reconnaissance to monetization, each step is designed to maximize gain and

minimize detection.

By understanding this cycle, security teams can intervene early and break the
chain before serious damage occurs.

Salami Attack

1. Introduction

A Salami Attack is a type of cybercrime or financial fraud in which criminals make

many small, often unnoticeable changes or steal small amounts of money/data over
time.

The changes are so minor that they go undetected individually, but together they
result in significant loss.

The term comes from the idea of slicing a salami into thin, unnoticed pieces.

2. How It Works

Target Identification – Criminal selects a system handling large volumes of

transactions.

Small-Scale Manipulation – Each transaction is altered by a tiny fraction (e.g.,

rounding down amounts).

Accumulation – The criminal collects the small amounts over many transactions.

Exploitation – Stolen amounts are transferred to an account controlled by the

attacker.

3. Example

In a bank system, interest on savings accounts is calculated monthly.

Attacker manipulates the program to truncate fractions of a cent and deposit them
into their own account.

Each transaction loss is negligible, but across millions of accounts, it becomes a

large sum.

4. Real-World Scenario

In the 1980s, employees in financial institutions used salami slicing to steal small
amounts from many customer accounts.
Similar attacks have been seen in online billing systems, payroll software, and
e-commerce platforms.

5. Prevention Measures

Regular audits of transaction systems.

Integrity checks on financial calculations.

Separation of duties so no single employee controls all stages of a transaction.

Anomaly detection systems to flag unusual patterns.

Access control and logging to track system changes.

6. Conclusion

Salami attacks are dangerous because they avoid detection by being small and
gradual.

Strong auditing, monitoring, and transaction verification are essential to prevent

such frauds.

Cyberstalking and Harassment

1. Introduction

Cyberstalking refers to the use of the internet, email, social media, or other digital communication tools
to repeatedly harass, threaten, or intimidate a person.

It is a form of online harassment where the attacker monitors and targets a victim over time, often
causing fear, emotional distress, and reputational damage.

Unlike offline stalking, cyberstalking can be done anonymously, from anywhere, and 24×7.
2. Forms of Cyberstalking and Harassment

Direct Threats

Sending threatening emails, messages, or posts.

Example: “If you don’t do what I say, I will ruin your life.”

Online Defamation

Posting false or harmful statements to damage someone’s reputation.

Example: Creating fake social media accounts to spread lies.

Identity Theft for Harassment

Using stolen personal information to impersonate the victim online.

Example: Sending fake emails from the victim’s name.

Monitoring & Tracking

Using spyware, GPS tracking, or hacking accounts to follow the victim’s activities.

Example: Installing a keylogger on the victim’s laptop.

Doxxing

Publishing private information (address, phone number) online to encourage harassment.

Example: Posting the victim’s home address on a public forum.

3. Methods Used by Cyberstalkers

Social Media Misuse – Creating fake profiles, sending abusive comments.

Email Harassment – Flooding inbox with unwanted or threatening messages.

Malware Installation – Spyware to track keystrokes, screenshots, or location.

Phishing – To gain passwords and access private accounts.

Spoofing – Sending messages appearing to come from someone the victim trusts.

4. Legal Provisions in India

Section 354D, IPC – Criminalizes stalking, including online stalking.

Section 67, IT Act 2000 – Punishes publishing obscene material online.

Section 66E, IT Act 2000 – Punishes violation of privacy.

Section 507, IPC – Punishes criminal intimidation by anonymous communication.

5. Prevention & Safety Measures

Use strong, unique passwords and change them regularly.

Limit personal information shared online.

Block and report stalkers on all platforms.

Enable two-factor authentication (2FA) on accounts.

Keep evidence (screenshots, messages) for legal action.

Avoid clicking unknown links in messages or emails.

6. Conclusion

Cyberstalking and harassment are serious online crimes that can cause
psychological, social, and financial harm to victims.

Awareness, digital security practices, and timely legal action are essential to
protect individuals from such threats.