Introduction of cybercrime:- Cybercrime or a computer-oriented crime is a crime

that includes a computer and a network. The computer may have been used in the execution of a
crime or it may be the target. Cybercrime is the use of a computer as a weapon for committing
crimes such as committing fraud, identity theft, or breaching privacy. Cybercrime, especially
through the Internet, has grown in importance as the computer has become central to every field
like commerce, entertainment, and government. Cybercrime may endanger a person or a nation’s
security and financial health. Cybercrime encloses a wide range of activities, but these can
generally be divided into two categories:

1. Crimes that aim at computer networks or devices. These types of crimes involve different
threats (like virus, bugs etc.) and denial-of-service (DoS) attacks.
2. Crimes that use computer networks to commit other criminal activities. These types of crimes
include cyber stalking, financial fraud or identity theft.

Classification of Cyber Crime:

1. Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform
violent acts that result in loss of life. This may include different type of activities either by
software or hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed through the use of
cyberspace or computer resources.

2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system
is subjected to or threatened with repeated denial of service or other attacks by malicious
hackers. These hackers demand huge money in return for assurance to stop the attacks and to
offer protection.

3. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context of
computers, online control systems and networks. It involves both offensive and defensive
operations concerning to the threat of cyber attacks, espionage and sabotage.

4. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet
and could include hiding of information or providing incorrect information for the purpose of
deceiving victims for money or property. Internet fraud is not considered a single, distinctive
crime but covers a range of illegal and illicit actions that are committed in cyberspace .

5. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers know their victims and
instead of offline stalking, they use the Internet to stalk. However, if they notice that cyber
stalking is not having the desired effect, they begin offline stalking along with cyber stalking to
make the victims’ lives more miserable.
Challenges of Cyber Crime:
1. People are unaware of their cyber rights-
The Cybercrime usually happen with illiterate
people around the world who are unaware about their cyber rights implemented by the
government of that particular country.

2. Anonymity-
Those who Commit cyber crimes are anonymous for us so we cannot do
anything to that person.

3. Less numbers of case registered-

Every country in the world faces the challenge of cyber
crime and the rate of cyber crime is increasing day by day because the people who even don’t
register a case of cyber crime and this is major challenge for us as well as for authorities as
well.

4. Mostly committed by well educated people-

Committing a cyber crime is not a cup of tea
for every individual. The person who commits cyber crime is a very technical person so he
knows how to commit the crime and not get caught by the authorities.

5. No harsh punishment-
In Cyber crime there is no harsh punishment in every case. But there
is harsh punishment in some cases like when somebody commits cyber terrorism in that case
there is harsh punishment for that individual. But in other cases there is no harsh punishment
so this factor also gives encouragement to that person who commits cyber crime.

Prevention of Cyber Crime:

Below are some points by means of which we can prevent cyber crime:
1. Use strong password –
Maintain different password and username combinations for each
account and resist the temptation to write them down. Weak passwords can be easily cracked
using certain attacking methods like Brute force attack, Rainbow table attack etc, So make
them complex. That means combination of letters, numbers and special characters.

2. Use trusted antivirus in devices –

Always use trustworthy and highly advanced antivirus
software in mobile and personal computers. This leads to the prevention of different virus
attack on devices.

3. Keep social media private –

Always keep your social media accounts data privacy only to
your friends. Also make sure only to make friends who are known to you.

4. Keep your device software updated –

Whenever you get the updates of the system software
update it at the same time because sometimes the previous version can be easily attacked.

5. Use secure network –

Public Wi-Fi are vulnerable. Avoid conducting financial or corporate
 transactions on these networks.

6. Never open attachments in spam emails –

A computer get infected by malware attacks and
other forms of cybercrime are via email attachments in spam emails. Never open an
attachment from a sender you do not know.

7. Software should be updated-

Operating system should be updated regularly when it comes
to internet security. This can become a potential threat when cybercriminals exploit flaws in the
system.

What is Email Spoofing?

Email Spoofing is creating and sending an email with a modified sender's address. The sender's
address is forged in such a way that the receivers will trust the email, thinking it has been sent
by someone they know or from any trusted official source. After gaining their trust through a
forged address, the attackers can ask for sensitive information, such as personal data like bank
details. Social security numbers or organizational data like trade secrets and more.
Email Spoofing is a pretty common practice among cybercriminals because of the vulnerable
and weak email system. When you receive an email, the outgoing email servers have no way to
determine whether the sender's address is spoofed or original.

How does Email Spoofing work?

Cyber attackers perform Email Spoofing by changing the data of the email header. The email
header contains the essential information related to email. It includes data such as TO, FROM,
DATE, and SUBJECT. It also has the IP address of the sender.
For performing spoofing, the attacker needs to modify the FROM email address and the IP
address. It can be done easily through the Ratware application. A Ratware is a tool that can
quickly adjust the email header and send thousands of emails simultaneously to different
recipients. The attackers also need a Simple Mail Transfer Protocol (SMTP) server and mailing
software for conducting spoofing successfully.
As far as receivers' addresses are concerned, intruders can get them through various ways such
as data breaches, phishing, and more. People have a tendency to share their emails everywhere
on the internet, so it is not a big deal to get someone's email ID.

Reasons for email spoofing:-

In addition to phishing, attackers use spoofed email for the following reasons:

 Hide the fake sender's real identity.

 Bypass spam filters and block lists. Users can minimize this threat by block listing internet
service providers (ISPs) and Internet Protocol (IP) addresses.

 Pretend to be a trusted individual -- a colleague or a friend -- to elicit confidential

information.

 Pretend to be a reliable organization -- for example, posing as a financial firm to get

access to credit card data.

 Commit identity theft by impersonating a targeted victim and requesting personally

identifiable information (PII).

 Obtain access to sensitive data collected by third-party vendors.

Difference between Spoofing and Phishing:-

S.
No. Spoofing Phishing

Hacker tries to steal the

Hacker tries to steal the identity to act as another
1. sensitive information of the
individual.
user.

It is operated in a fraudulent
2. It doesn’t require fraud.
manner.

3. Information is not theft. Information is theft.

Phishing can’t be the part of the

4. Spoofing can be part of the phishing.
spoofing.

5. Needs to download some malicious software on No such malicious software is

 S.
No. Spoofing Phishing

the victim’s computer. needed.

Phishing is done to get secret

6. Spoofing is done to get a new identity.
information.

Types: IP Spoofing, Email Spoofing, URL Types: Phone Phishing, Clone

7.
Spoofing etc. Phishing etc.

Examples-
Examples- Emails containing these type of
 Hacking of a complete website by modifying terms:
8. its IP Address.  Click Here
 A banking website appears to be legitimate  Verify your personal
but it is used to gather sensitive information information
from user and many more.  Payment Failed
 Tax Refunds

The best and common way to stop a The best and common way
spoofing attack- to stop a phishing attack-
 Ensure the destination of the link received via  Be wary of grammatical flaws
emails by hovering over the link before in the communication’s
9. clicking on it. content.
 Delete strange emails like unprofessional  Keep a check on spelling
emails, alarming messages, misspellings in the mistakes in an email.
message body, etc.  Check for the phrase
 Open the attached documents or any other structure and unusual
type of attachment from reliable source only. sentence phrasing.

Spamming: - Spam is a form of email which is used to send to different email accounts and
in general contains advertising about any product or services. But the real problem is when they contain
malwares that can damage the user’s data.
Generally, they are sent to a massive list of emails for the mail purpose that a small percentage of users
might open them and respond. They are used to such treatment because they are cheap in infrastructure
investment, not too much time consuming and simple.

Techniques Used by Spammers:-

In this section, we will discuss the different techniques used by the spammers.

 Domain Spoofing − the spammer sends an email on behalf of a known domain so the receivers
think that they know this person and open it.
 Poisoning Filters − A filter can be poisoned by adding text with the same color of the background
to reduce the scoring of the filters.
 Directory Harvesting − In directory harvesting, spammers generate email addresses by using
known email addresses from corporate or ISP (Internet Service Provider).
 Social Engineering − Spammers send promotional emails to different users such as offering huge
discounts and tricking them to fill their personal data.
 Junk Tags − Spam Words can be hidden by including invalid HTML tags within the words.
 Invalid words − Special characters are inserted in the spam words. For example: V!AGRA.

Anti–Spam Techniques:-
In this section, we will discuss various anti-spam techniques and their advantages.

 Signature Based Content Filtering − Most anti-spam email companies use this type of filtering
because it checks the received email with certain patterns after saving the message to the disk.
 Naive Bayes Spam Filtering − Bayesian filter scans the context of the e-mail when it looks for
words or character strings that will identify the e-mail as spam.
 Black Listing RBL − This is a type of database that updates the IP address and domains based on a
reputation and the system administrators who use these RBL don’t receive email from domains that
are blacklisted from this RBL.
 Sender Policy Framework − The IP address of the domain of the sender is compared with the
genuine list of the IP addresses that the domain should have and if it is not same, then that email is
dropped.

Internet Time Thefts :-

Hacking the username and password of ISP of an individual and surfing the internet at his cost is
Internet Time Theft.

OR

It refers to the theft in a manner where the unauthorized person uses internet hours paid by
another person. The authorized person gets access to another person’s ISP user ID and
password, either by hacking or by illegal means without that person’s knowledge.
Salami attack:- A salami attack is a method of cybercrime that attackers or a hacker
typically used to commit financial crimes. Cybercriminals steal money or resources from
financial accounts on a system one at a time. This attack occurs when several minor attacks
combine to create a sturdy attack. Because of this sort of cybercrime, these attacks frequently
go undetected. Salami attacks are used for the commission of economic crimes. Those who
are found guilty of such an attack face punishment under Section 66 of the IT Act .