Learn about four common types of computer crimes and their impacts in our brief overview.
Computer crimes, or “cybercrimes,” have increased dramatically during the COVID-19 pandemic. Here are four common types of computer crimes targeting businesses and individuals:
- Phishing – sending fraudulent messages designed to trick users into revealing sensitive information
- Ransomware – encrypting vital data or blocking system access for purposes of extortion
- Hacking – intruding in systems and networks to damage or exploit them
- Identity theft – using someone’s personal information without their knowledge to gain financial benefits
In this article, we’ll take a closer look at how criminals pull off these cybercrimes, and what they can accomplish with each successful attack.
Phishing is an attack in which a seemingly genuine email or text message convinces someone to divulge sensitive account information without realizing it. The most common form is called “bulk phishing,” which targets many people simultaneously.
In this attack, criminals impersonate real banks, retailers, payment service providers and so on by designing emails and websites that look legitimate at a casual glance. A typical call to action might include a button labeled “verify your account information” that takes you to a fake site to input your credentials, or downloads malware that can harvest your account information without your knowledge.
What’s the impact of a phishing attack?
Once your account is compromised, criminals can steal from you or charge purchases to you. They can also perform further attacks, like spear phishing – targeting specific individuals inside a company with fraudulent, personalized messages – or distributing malware that exposes other computers on your network to criminal intrusion.
As of 2020, phishing has become the most common type of cybercrime. Successful phishing attacks have resulted in massive corporate data breaches.
Ransomware is a form of disruptive malware, and as the name implies, its goal is almost always a financial reward. Ransomware can be installed on a network or system via phishing attacks, or by exploiting flaws or gaps in cybersecurity. Open software bugs that haven’t been patched might leave a system vulnerable to intrusion, for example.
In a ransomware attack, users of a system are shown a message announcing the attack and providing instructions for payment. These attacks range in sophistication. “Scareware” convinces people that a system has been hijacked, but the system is unharmed. In the worst cases, criminals encrypt entire databases of customer or financial information, making them completely inaccessible by the company until it provides payment.
What’s the impact of a ransomware attack?
The criminals may threaten to reveal sensitive corporate data to the public or destroy vital software systems if payment isn’t provided on time.
Simplified software tools are now available that reduce the technical knowledge required to succeed in a ransomware attack. Some criminals even provide commercialized ransomware services. As a result, these attacks are on the rise, and it’s widely suspected the extent is underestimated, as many companies pay up without disclosing to authorities or media that an attack occurred.
Hacking is using technical skills or tools to exploit security vulnerabilities in a device, system or network to gain unauthorized access. This is usually the entry point to a range of other criminal activities that build on this initial intrusion. Although hackers can sometimes be described as “ethical” or “white hat” hackers, exposing vulnerabilities so that they can be fixed, hacking more frequently refers to cybercrimes.
A common misconception is that hackers are lone individuals sneaking around inside systems, but hackers today often operate in cabals, trading knowledge and tools, working for themselves for financial gain or for state actors who use them for espionage as well. A successful intrusion may go undetected by the victim for a long time.
A significant recent example is the SolarWinds hack. SolarWinds is a cybersecurity company that provides remote administrative security services to a huge list of corporate and government clients. Hackers penetrated their defenses, then surreptitiously included malware in an update that SolarWinds pushed out to its customers. SolarWinds acknowledged that around 18,000 customers downloaded that update, making all of them potentially vulnerable.
What’s the impact of a hacking attack?
When hackers gain sufficient privileges on a victim’s system, they can perpetrate a range of cybercrimes, such as stealing corporate financial and customer data or intellectual property regarding product designs. They can link infected computers into a botnet to launch DDoS (distributed denial of service) attacks on other targets or send out bulk spam emails.
Corporate systems are not the only targets. Internet-of-Things devices have exploded in popularity, each of which is essentially a computer with an operating system that can be found and hacked if it isn’t updated correctly. Although home networks aren’t lucrative targets like corporate networks, the bar to infiltrate them is potentially lowering thanks to this attack vector, making them more appealing to hackers.
Identity theft occurs when a criminal utilizes someone’s personally identifying information to masquerade as them online. This information typically includes name, address, Social Security Number, credit card numbers, and sometimes even passwords. Criminals acquire this information through successful phishing attacks that convince you to divulge it, or via malware they infect your computer with that monitors keystrokes or browsing activity.
Another common way to acquire this information is to buy it from other criminals on a darkweb marketplace where anonymous illicit transactions are common. This information frequently circulates after data breaches, reducing a person’s identity to a data commodity that can be purchased. Companies do not report data breaches consistently, so you may not realize your data has been compromised until well after it’s occurred.
What’s the impact of identity theft?
With your information in hand, criminals can open credit cards in your name and make purchases without you realizing the new credit line was opened. They can intercept your tax refund or file a fraudulent new claim altogether. In some cases, they can drain your bank accounts, make fraudulent claims to your health insurance provider, or even hijack your child’s personal information.
Limiting the damage caused by identity theft can sometimes be quick, but frequently, it’s an arduous process to reclaim your information or lock it down without absorbing severe financial liability in the process.