Every time we connect to the Internet—at home, at school, at work, or on our mobile devices—we make decisions that affect our cybersecurity
Malicious cyber activity threatens the public’s safety and security. Cyberattacks can lead to the loss of money or the theft of personal, financial, and medical information. These attacks can damage your reputation and safety.
Cybersecurity involves preventing, detecting, and responding to those cyber attacks that can have wide-ranging effects on individuals, organizations, the community, and the nation.
In 2021, the Federal Bureau of Investigation’s Internet Crime Complaint Center received 847,376 complaints, which was a seven percent increase from 2020, with potential losses exceeding $6.9 billion. You can read the full 2021 report here.
TYPES OF CYBER CRIME
An attacker uses social skills to obtain or compromise information on an individual or an organization and its computer system. Types of social engineering include:
- Phishing. Uses email or malicious websites to get personal information by posing as a trustworthy organization. For example, they may say they are from a financial institution requesting account information and suggests there is a problem. Attackers may appear from other organizations such as charities. They take advantage of current events and certain times of year such as natural disasters, epidemics, economic concerns, tax season, major political elections, and holidays
- Vishing. Uses voice communication. Often entices a victim to call a certain number and divulge sensitive information.
- Smishing. Uses SMS or text messages to contain links to webpages, email addresses, or phone numbers. When clicked it may automatically open a browser window, email message, or dial a number.
- Pharming. When malicious code is installed on your computer to redirect you to fake websites.
Intrusive software designed to damage and destroy computer systems. Malware includes:
- Adware. Used to collect data on your computer usage and provide appropriate advertisements to you. While it is not always dangerous, in some cases it can cause issues, such as redirecting a browser to unsafe sites and can slow down your system noticeably.
- Ransomware. Gains access to sensitive information within a system, encrypts it so a user cannot access it, and then demands a financial payout for the data to be released. Commonly part of a phishing scam.
- Spyware. Runs secretly on a computer and reports back to a remote user. Often used to steal financial or personal information.
- Trojan virus. Disguised as helpful software programs. Once it is downloaded, the Trojan virus gains access to sensitive data and then modifies, block, or delete data. Not designed to self-replicate like viruses or worms.
- Viruses. A piece of code attached to a document, file, app, or text message attachment to execute its code from host to host. Once downloaded and opened, they disrupt a system’s ability to operate such as enabling frequent pop-up windows, changing your homepage, an unusually slow processing.
- Worms. Rapidly replicate and spreads to any device within a network. It does not need a host program to spread. It infects a device via a downloaded file or network connection before it multiplies and spreads.
BUSINESS EMAIL COMPROMISE/EMAIL ACCOUNT COMPROMISE
One of the most financially damaging online crimes involves unauthorized access to email accounts. Criminals send a message that appears to come from a known source making a legitimate request. A scammer might:
- Spoof an email account or website. There will be slight variations on legitimate addresses, such as email@example.com vs. firstname.lastname@example.org.
- Send spearphishing emails. These messages look like they are from a trusted sender and trick victims into revealing confidential information.
- Use malware. Malicious software infiltrates company networks to get access to legitimate email thread on billing and invoices.
Legitimate users are unable to access information systems, devices, or other network resources. Services affected may include email, websites, online accounts, or other services. It’s accomplished by flooding the targeted host with traffic until the target cannot respond or simply crashes.
When an unauthorized user attempts or gains access to an information system. This is often used to compromise digital devices, such as computers, smartphones, tablets, and entire networks.
REPORT A CYBER INCIDENT
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) can offer both public and private organizations assistance and uses information from incident reports to protect other potential victims. Organizations can report incidents and anomalous activity.