CYS107

Fundamentals of
Cybersecurity

Chapter 6 :
Introduction to Cyber
Crime
 Lecture Learning
outcomes
 Introduce the concept of cybercrime
and understand its significance.
 Identify and categorize different
types of cybercrimes.
 Classify cybercrimes based on their
severity and impact.
 Explain the concept of social
engineering and its role in
cybercrimes.
 Describe the life cycle of a social
engineering attack and Identify
common social engineering attack
techniques.
 Understand the ethical implications
and responsibilities related to
cybercrime.
 Outlines

Introduction of The Categories of Types of Cyber

Cybercrime. Cybercrimes. Crime.

Types of Cyber Social Engineering

Social Engineering.
Warfare Attacks. Life Cycle.

Social Engineering Challenges of Prevention of

Attack Techniques. Cyber Crime. Cyber Crime.

Case Study. Practice Task.

“The only crime that has been proven is the hack. That is the story.”
Ramon Fonseca
lawyer and co-founder of Mossack Fonseca
 Cybercrime
• Cybercrime is illegal activity involving
computers, the internet, or network devices.
• Cybercriminals commit identity theft, initiate
phishing scams, spread malware, and instigate
other digital attacks.

Funny Animation Video(Phishing Attack ) | Pen

cil animation | Short animated films (youtube.c
om)
 The Cybercriminals
• A cybercriminal is a person who uses his skills
in technology to do malicious acts and illegal
activities known as cybercrimes.
• They can be individuals or teams.
 The Categories of Cybercrimes
• Individual Cyber Crimes
• Organization Cyber Crimes
• Property Cybercrimes
• Society and government Cybercrimes
 Individual Cyber Crimes
• This category is targeting individuals.
• It includes phishing, spoofing, spam,
cyberstalking, and more.
 Organization Cyber Crimes
• The main target here is organizations.
• Usually, this category of crime is done by
teams of criminals including malware attacks
and denial of service (DoS) attacks.
 Property Cybercrimes
• This category targets property like credit cards
or even intellectual property rights.
 Society and government
Cybercrimes

• This is the most

dangerous form of
cybercrime as it includes
cyber-terrorism and
spreading propaganda.
 Cyber Terrorism
Data Breach Cyber Extortion

Social
Identity Theft
Engineering
Types of Cyber
Crime

Online Scams Cyber Stalking

Cyber Warfare Child Cyberbullying

Exploitation
 Data Breach
• A data breach is a security incident in which
individuals or entities gain access to
confidential, sensitive, or protected
information, resulting in its exposure, theft, or
compromise. These breaches can occur in
various forms and affect hard.
• Data breaches can stem from causes, including
cyberattacks, hacking, insider threats, or even
simple human errors.
 Cyber Terrorism

• Cyber terrorism is the use of

the computer and internet
to perform violent acts that
may result in loss of life.
• In general, Cyber terrorism
can be defined as an act of
terrorism committed
through the use of
cyberspace or computer
resources.
Top 5 Facts You Probably Didn't Know About Cyber Terrorism (youtube.com)
 Cyber Extortion
• Cyber extortion occurs when a
website, e-mail server or
computer system is subjected to
or threatened with repeated
denial of service or other attacks
by malicious hackers.
• These hackers demand huge
money in return for assurance to
stop the attacks and to offer
protection.
 Identity Theft
• Identity theft is a form of
criminal activity that has
become increasingly
widespread in the digital
era.
• It occurs when a person uses
the personal information of
another individual without
their awareness or approval
for their benefit.
 Cyber Stalking

• This is a kind of online

harassment wherein the
victim is subjected to a
barrage of online
messages and emails.
Cyberbullying
• Cyberbullying is a form of
harassment or intimidation
that takes place online or
through digital
communication channels. It
involves the deliberate use of
digital technologies, such
as social media, instant
messaging, or email, to
target individuals with
hurtful, threatening, or
humiliating messages,
images, or content.
 Child Exploitation
• Child exploitation as a
cybercrime means using
digital technology and online
platforms to exploit minors
sexually.
• It involves the creation,
distribution, or possession of
explicit content featuring
children or engaging in
sexual grooming or
solicitation of minors online.
 Cyber Warfare

• Cyber warfare is the use

or targeting in a battle
space or warfare context
of computers, online
control systems and
networks.

Defining cyberwarfare...in hopes of preventing it - Daniel Garrie (youtube.com)

Types of Cyber Warfare Attacks
• Espionage :Refers to monitoring other
countries to steal secrets. In cyber warfare,
this can involve using botnets or spear
phishing attacks
• Sabotage: Hostile governments or terrorists
may steal information, destroy it, or
leverage insider threats.
• Denial-of-service (DoS) Attacks prevent
legitimate users from accessing a website by
flooding it with fake requests and forcing the
website to handle these requests.
• Electrical Power Grid Attacking the power grid
allows attackers to disable critical systems,
disrupt infrastructure, and potentially result in
bodily harm.
• Propaganda Attacks Attempts to control the
minds and thoughts of people living in or
fighting for a target country.
• Economic Disruption Most modern economic
systems operate using computers. Attackers can
target computer networks of economic
establishments such as stock markets, payment
systems, and banks.
• Surprise Attacks carries out a massive attack
that the enemy isn’t expecting, enabling the
attacker to weaken their defenses.
 Online Scams
• Online scams are
deceptive schemes
carried out over the
internet to defraud
individuals or businesses.
• These cybercrimes often
exploit trust, ignorance,
or emotional
manipulation to steal
money or sensitive
information.
 Social Engineering

Definition

Life Cycle

Attack Techniques
 Social Engineering
• Social engineering is the term used for a broad
range of malicious activities accomplished
through human interactions.
• It uses psychological manipulation to trick users
into making security mistakes or giving away
sensitive information.
• It exploits human behavior rather than technical
vulnerabilities.
Examples: Phishing, pretexting, baiting, etc.
What is Social Engineering? - YouTube
Mr Robot - Social Engineering (youtube.com)
 Social Engineering
•Why is Social Engineering Effective?
- Exploits human emotions (e.g., fear, curiosity, trust).
- Relies on lack of awareness or training.
- Often bypasses technical security measures.
- Low Cost, High Reward.
 Social Engineering Life Cycle (methods)
• Investigation methods:

a. Researching social media, company websites, or public records.

b. Using open-source intelligence (OSINT) tools.

c. Dumpster diving for discarded documents.

• Hook methods:

a. Impersonating a trusted individual (e.g., colleague, IT support).

b. Using personal details gathered in the investigation phase to

appear credible.
 Social Engineering Life Cycle (methods)
• Play (Exploitation methods):

a. Phishing: Sending fraudulent emails or messages.

b. Pretexting: Creating a fabricated scenario to extract

information.

c. Baiting: Offering something enticing (e.g., free software) to

lure the target.

• Exit (Disengagement):

a. Deleting logs or evidence of the attack.

b. Ensuring the target remains unaware of the breach.

 Social Engineering Attack Techniques
Common Social Engineering Techniques:

(58) #‫ ال_تفتح_مجال‬- YouTube

 Social Engineering Attack Techniques

Below are some of the most Common Tactics techniques

used by attackers:

•Phishing: the most common technique.*

- Definition: Sending fraudulent emails or messages to trick
victims into revealing sensitive information.
- Types: Email phishing, spear phishing, smishing (SMS
phishing).
-Example: Fake login page for a bank or social media account.
 Social Engineering Attack Techniques
• Baiting As its name implies, baiting attacks use a
false promise to pique a victim’s greed or curiosity.
Example: Offering free software or leaving infected
USB drives in public places.
• Scareware: trick victims into downloading malicious
software or paying for fake services. Example: Pop-up
messages claiming the victim’s computer is infected
and urging them to download a "cleaner" tool or
"Your computer is infected! Click here to fix it".
 Social Engineering Attack Techniques

•Pretexting: Here an attacker obtains

information through a series of cleverly crafted

lies. The scam is often initiated by a perpetrator

pretending to need sensitive information from a

victim so as to perform a critical task.

 Social Engineering Attack Techniques

•Tailgating:
Definition: Gaining physical access to restricted
areas by following an authorized person.
Example: Holding the door for someone without
proper credentials.
 Prevention and Best Practices

- Training: Educate employees and users about social

engineering risks.
- Verification: Verify requests for sensitive information, and
Implement strong security policies (e.g., multi-factor
authentication MFA).
- Maintenance: Regularly update and patch systems.
- Avoid Clicking Links in Unsolicited Messages: Type website
URLs manually. Hover over links to check URLs before clicking.
- Secure Physical Access: Restrict access to sensitive areas with
ID checks.
 Challenges of Cyber Crime
• People are unaware of their cyber rights.
• Anonymity: Those who Commit cyber crime
are anonymous for us so we cannot do anything
to that person.
• Less numbers of case registered: cyber crime is
increasing day by day because the people who
even don’t register a case of cyber crime
• Mostly committed by well educated people:
Committing a cyber crime is not a cup of tea for
every individual. The person who commits cyber
crime is a very technical person so he knows
how to commit the crime and not get caught by
the authorities.
• No harsh punishment: In Cyber crime there is
no harsh punishment in every cases. But there is
harsh punishment in some cases like when
somebody commits cyber terrorism
 Prevention of Cyber Crime
• Use strong password .
• Use trusted antivirus in devices
• Keep social media private
• Keep your device software updated
• Use secure network: Public Wi-Fi are
vulnerable.
• Never open attachments in spam emails.
• OS should be updated.
(58) #‫ ال_تفتح_مجال‬- YouTube
‫( األمن السيبراني في الحج؛ جيش خ‬youtube.com)
 Case Study
Marriott Hotels
• In November 2018, Marriott hotels group suffered
from a massive data breach that affected more than
500 million customers.
• The compromise happened for the guest reservation
database by an unknown party. The information that
was leaked contained payment information, mailing
addresses, passport numbers, and phone numbers
for customers.
 Let’s Practice Social Engineering

1.GitHub - omarkdev/sherlock-project-sherlock
: 🔎 Hunt down social media accounts by username across social networks
2.find social media accounts with Sherlock (in 5 MIN) (youtube.com)
 References

• Cybercrime and Cyber

Warfare by Igor Bernik.
• What is Cyber Warfare | T
ypes, Examples & Mitigati
on |
Imperva.
• Cyber Crime –
GeeksforGeeks.
Any Questions
 Test your knowledge
• What is Cybercrime?
• Define cybercriminals?
• Mention the Categories of Cybercrimes with their examples?
• Mention and explain Classification of Cyber Crime briefly ?
• Mention and explain types of Cyber warfare attacks briefly?
• What is Social Engineering?
• Draw the Social Engineering life cycle and briefly explain
each step?
• Mention and explain Social Engineering attack techniques
briefly ?
• Mention and explain Challenges of Cyber Crime briefly ?