Sample Cases

For Lecture 3 & 4

Case 1

One day, I got an email from an unknown person with an attachment. In the
attachment, there was MS Word document. I downloaded the attached file and
opened it. I got a confirmation message something like “Do you want to enable
the Macro”. I clicked Yes. After that, I did not notice anything.

However, after some time, I realized that the data in all the documents in my
computer got scrambled (Encrypted). There was a message for me to pay some
amount of money to decrypt the data on my computer. 
 • One day, I got an email from an unknown person with an attachment. In the attachment,
there was MS Word Document. I downloaded the attached file and opened it. I got a
confirmation message something like “Do you want to enable the Macro”. I clicked Yes. After
that, I did not notice anything.
• However, after some time I realized that the data in all the documents in my computer got
scrambled (Encrypted). There was a message for me to pay some amount of money to
decrypt the data on my computer.

• Attack: Ransomware

Case 1 • Type: Active Attack

• Description: This type of attack is known as ransomware. The

attacker installs a script on the victim’s computer to encrypt all of its
data. After that, the attacker demands some money for unlocking or
decrypting the data.
• Solution: Never enable Macros in MS Office files, if the file is not
known to you. Even if it is from an authentic email address.
 Case 2
• Last week I downloaded and installed MS
Office 2019.
• During the first-time execution, it asked
me for the license.
• So I download a tool to crack its license.
• After that, it is working well.
• However, when I open the Task Manager, I
found some unknown processes using an
adequate level of network bandwidth.
 • Last week I downloaded and installed MS Office 2019. During the first-
time execution, it asked me for the license. So I download a tool to
crack its license. After that, it is working well. However, when I open the
Task Manager, I found some unknown processes using an adequate
level of network bandwidth.
 
• Attack: Cracking, Trojan Horse, Copyrights
Case 2 • Type: Active
• Description: The tool used is a cracking tool and also acts as
a trojan. It cracked the MS OFFICE security. Additionally, it is
still active in the system and stealing data.
• Solution: You are violating Copyrights. You may face a severe
penalty for it. Such crackers are usually trojans. Never use
such crackers.
Case 3
• I used a USB Flash memory for copying some
files.
• After that, I don’t see some important data in my
computer.
• Also, the computer got slower.
• I tried to scan my computer with Antivirus, but it
is not loading.
 Case 3
• I used a USB Flash memory for copying some files. After that, I don’t see some important
data in my computer. Also, the computer got slower. I tried to scan my computer with
Antivirus, but it is not loading.

• Attack: Virus
• Type: Active
• Description: The USB Flash had a virus in its boot sector. The virus had
been loaded into the system now. It had deleted or hid some files. Also,
it is now using the processor of the system. Detecting and deleting such
a type of virus is very difficult because it has spread in the system and
damaged all the protection mechanisms.

• Solution/Prevention: Always keep the antivirus software up to date.

Always scan the USB Flash before opening it.
Case 4
• I got an email from my friend.
• However, after confirmation through
a phone call, my friend says that he
has not sent me any email.
Case 4 • I got an email from my friend. However, after confirmation
through a phone class, my friend says that he has not sent me
any email.

• Attack: Spoofing, Snooping, or Masquerading

• Type: Active/Passive
• Description: The attacker might have spoofed the
identity of your friend. He might have stolen the
credentials of your friend.
• Solutions: Also confirm from the sender through
other mediums if you feel the message is
suspicious.
Case 5

• In a website for “Forgot Password”, the users

are asked two secret questions only.
• Alice set these question as “ What is the name
of your faveroute football team?” and “What is
the name of your city?”

• The attacker resets her account password by

clicking the “forgot Passowrd” option.
• The attacker knows that she is from New York.
For the football team he tried all the football
teams in the US and then in the world.
Case 5
• The attacker resets her account password by clicking the “forgot Passowrd” option.
• The attacker knows that she is from New York. For the football team he tried all the
football teams in the US and then in the world.

• Attack: Brutefore/Dictionary Attack/ Internal Attacker

• Type: Active
• Description: In such type of attacks the attacker tries all the
possible combinitions of alphanumerial or the known words to
get the access to accounts.
• The attacker may be a friend of Alice. He may know these
answers in advance.
• Solution: Never use simple passwords and simple answers for
secret questions.
Case 6

I got an email from an unknown person. He said that may email address
was randomly selected during a lottery and I won 1 Million dollars.

Then I contacted him for the transfer of money. He sent me some forms
and papers. After the entire procedure he asked me for a fee amounting
500 dollars which I paid in the first instance.

After that the person disappeared. He is not responing to my phone calls

and emails.
 • I got an email from an unknown person. He said that may email address was
randomly selected during a lottery and I won 1 Million dollars.
• Then I contacted him for the transfer of money. He sent me some form and papers.
After the entire procedure he asked me for a fee amounting 500 dollars which I paid
in the first instance.
• After that the person disappeared. He is not responing to my phone calls and emails.

• Attack: Phishing, Social Engineering

Case 6 • Type: Active
• Details: This is a case of fruad. There isnt any such
lottery. Such type of people send emails and then
through phone calls convince their victims.
• Solution: Never trust such type of emails. Such people
trap victims by asking them about lottery, unclaimed
bank accounts, and charity money.
 • I got an email from a person saying that he
has obtained all of my personal data. He also
showed me some samples of my personal
Case 7 files. Now he is blackmailing me and asking
me for money.
 • I got an email from a person saying that he has obtained all my personal
data. He also showed me some samples of my personal files. Now he is
blackmailing me and asking me for money.

• Attack: Cyber Extortion

• Type: Active/Passive
• Description: Such type of attacks are very harmful.
Case 7 The attacker accesses the system’s data through
spyware and collect all the data. It is also possible that
the attacker physically visits the system and copies the
data.
• Solution: Always keep your system safe with strong
passwords. Never give your computer to anybody
else. Keep your data safe and if possible encrypt it.
 • A fake news is shared through social
Case 8 networking sites. It spreads all over and now
eveybody believes that it is true.
 • A fake news is shared through social
networking sites. It spreads all over and now
eveybody believes that it is true.

• Attack: Social Engineering, Activism

Case 8 • Type: Active/Passive
• Description: Some times people start
sharing an unauthentic news. Which spreads
all over the world.
• Solution: Never post or share an
unauthentic news.