Contact for more information..... Subscribe to You tube: kollururao_fraudsdetection
Contact:+91 7674838202- kollururao@gmail.com;.
20+1 PREVENTIVE RED ALERTS-CYBER CRIMES & CYBER CRIMINALS
TOP 20+1 PREVENTIVE STEPS AGAINST CYBER CRIMES
Note:
Readers may be aware of some of the following preventive steps through new channels, social media etc but unfortunately many do not follow in strict compliance and end up as “Victims” in the hands of Cyber Criminals who are very intelligent and informative in hacking and penetrating systems.
A detailed article is given elsewhere on the website about Cyber crimes and Cyber criminals, here I am dealing with preventive steps of such cyber crimes & Cyber Criminals.
This article is an attempt at highlighting preventive steps & Red flags as a caution to the general public.
The age-old saying is most appropriate in Fraud detection and prevention:“Prevention is better than cure.”
No Country, Individual, Company, Government or Agency is immune from Cyber-attacks and Cyber criminals with an intention at data theft and breach into systems for their innumerable criminal activities and for money. The following precautions or red alerts will at least keep you one step ahead of cyber criminals from breaching your systems and data:
All the following 20+1 preventive steps of cyber crimes are equally applicable to all types of organisations-Banks, Multinationals, big organisations, Individuals, Professionals and any person using computers systems, servers and internet, social media without exception:
1. First and foremost there should be effective anti-virus software with continuous updating and availability of latest patches from time to time.
2. Never fail to check the bank statement entries regularly and if you notice any transaction not belonging to you or you did not have a record, immediately sort the issue with the bankers.
3. Passwords are another area that one must keep in mind as the usage of all apps. E-mails, Bank accounts, Tax returns, Debit and credit cards, to name a few, ask for setting up a password. The password should be unique to the user, easy to remember and saved in a remote secure file and should be changed at regular intervals.
4.Utmost care should be taken in not responding to unsolicited mails, text messages, Emails regarding products services, jobs and even a purported mail from your bank asking you to update account information. One should never disclose any personal information, bank details etc over a phone call which the caller may identify with your bank.
5. Beware of Online offers from companies and persons that are not from any branded or repute organisations.
6. Always type the URL of a website when browsing, but do not click on any URL sent as attachment to any unsolicited E-Mail.
7. Avoid disclosing your personal information and family photos on some social media like Facebook etc despite privacy security still your information is vulnerable and may be misused by cyber criminals.
8. Your debit or credit card, CVV number usage must be solely restricted to secure & well-known websites only.
9. Take utmost care when the children are using mobiles and browsing and make sure they do not fall victims inadvertently and are harassed for money etc.
10. As reported in Mumbai Mirror website sometime back, Bank of Muscat lost a large sum of $40 million dollars in a weeks’ time. This happened as Hackers from Pune & Bangalore penetrated the high security systems of credit card companies. This happened by tricking the users by diverting them to the websites of criminals from links on social media or mails purported to be from banks and your own friends. Hence one should exercise extreme caution before “clicking” on any Link of a website if there is smallest of suspicion. As there is no point in “crying over spilt milk….” If one is not cautious.
11. Popups-One should be very careful while browsing with popups. At times if you allow them they may contain malicious software that is used to trick the users to go to another site like e-commerce, surveys with an ulterior motive to capture your data etc.
12. Two step verification is another is another safety measure used by some secure websites, which ask in addition to your pass word to confirm an SMS one-time unique code to type as a 2nd step of verification before the site can be accessed. It becomes very difficult for an Hacker in such instances to immediately crack the password and enter into the systems.
13. Another most important preventive step is to keep different pass words for different e-mails, and other websites instead of following only one for easy remembering. It is a dangerous practice if you use the same password to various websites and social media. Also make it a habit to regularly interchanging or changing the various passwords to be more secure.
14. Never transact on Public Hot-spots and Public Wi-Fi as they are unsecured and cyber criminals will be lurking behind and looking for anyone using such internet connections as they can easily hack and misuse the credit and debit cards in a matter of minutes.
15. Locking your computers, mobile phones are most Important so that no one can misuse your computer or phones without your knowledge. This is done by a single or multiple password and keep them secure by deliberate or inadvertent usage by unauthorized persons.
16. While conducting your business online, do not get carried away by low prices or discounts but do business only with reputed and known vendors and there can me dubious vendors or cyber criminals may be waiting to lure a person to his site with attractive terms of business. So, beware of such websites and vendors.
17.Always bring to the notice of Cyber Police stations or statutory authorities of any suspicious activity on the internet.
18. Government has set up separate Cyber cells to deal with rampant cyber criminals all over the states. Persons are trained in cyber crimes and forensic areas to deal with the criminals. Always there are public announcements by Government and Reserve Bank of India and other nationalized banks on media, newspapers about the precautions to be taken while transacting money. Public should pay special attention to such warnings and caution Notices.
19.Install WEP-Wireless Equivalent Privacy, which authenticates anyone who wants to access wireless network and encrypts all the traffic too. Though it is not the ultimate security but still acts as front door security that no one can enter unauthorized from the front. It Has also to be supported by a strong password.
20. Install Firewalls and enable spam blockers also to make sure to keep OFF the wireless remote local area network router by the administrator. Use of Virtual Private networks-VPN will ensure that only authorized persons can access and provides encryption.
20+1: The last but not the least, most important precaution is to “Backup” your data in external data drives and if it is voluminous and should be saved on different servers and at different locations especially in case of Banks, multinational companies and any big corporations, as despite all preventive steps there is no 100% guarantee that systems and data cannot be breached by cyber criminals in this age of continuous changes in Information & Technology fields.
I am hopeful that that the above 20+1 Preventive red alerts will help the public to mitigate the data theft, data breaches and harassment on social media from Cyber crimes and cyber criminals.
CYEBR CRIMES
CYBER-MODERN WEAPON
“Cyber is the most modern weapon of choice “in this age of Information & Technology and Digitization and online transacting and total dependency on computers and Global networks and availability of personal information as well organisation’s information on the web and other social media freely accessible to one and all.
MEANING & TYPES -CYBER CRIMES
The Meaning of “Cyber" & Types of Cybercrimes:
The development of Information and technology in the present day has paved the way to this new threat of cyber crimes. The behavioral pattern of the people and the way banks and all other institutions operat
“Cyber” is thus related to a computer or person or an idea and relates to computers, technologies in this space age. Thus, all types of crimes perpetrated through computers with the use of technology and unlawfully and without the knowledge of the Victim, securing all the personal information stored in his computers, mobile phones and E-Mail-servers of the banks ,unlawful use of debit & credit cards and withdrawing monies and corporates and misusing such information by fraudulent withdrawals of funds belonging to others, misusing information obtained by hacking into the computer servers has become the latest threat throughout the world without exception. As discussed above all such activities are termed as Cyber crimes.
FRAUD TRIANGLE-Why People committ fraud
Why people resort to Frauds:-FRAUD TRIANGLE
Why people resort to Frauds:
It may be useful to understand why people resort to frauds in the first place. It can be easily explained by understanding Fraud Triangle. Fraud triangle explains the three areas of human psychology that will lead any normal person to a scamster to commit fraud. As per fraud triangle theory a person commits a fraud due to:
1. Opportunity.
2.Attitude or Rationalization and
3. Pressures.
Opportunity refers to the weak controls in an organisation where the person has access to books as well cash and bank and in a superior position over others in an organisation. Hence when a opportunity strikes he can easily perpetrate a fraud of stealing or teeming and lading of monies and misappropriation of company assets etc.
Attitude or Rationalization means, the person justifies to himself that pilfering cash or assets belonging to the organisation is “ok” as he may feel that his efforts are not recognised or despite his hard work, he is not rewarded or he is overlooked over another person despite his sincerity and hard work, thus justifying his stealing.
Pressures become the motive for fraud-when the employee feels pressure of ill health in family, financial problems in the family or bad habits like gambling, drugs, where, he needs money all the time to meet his pressures.
TYPES OF CRIMES & Activity of Cyber Criminals:
Cyber Criminals and Types of Activity
Hence in these days of complete dependency for all information, payments online, use of ATMs of banks and all Banking transactions online with the use of computers, E-Mail servers, mobile phones, internet and intranets, use of pass words, weak security protection layers, the cybercrimes and cyber criminals became rampant all over the world.
Thus, cybercrime is any unlawful activity perpetrated by fraudsters through computers and internet. To counter cybercrimes all nations have put in place Cyber laws, Information & technology laws, and the legal systems are tuned to deal with cyber criminals, separately.
Cyber criminals resort by targeting victims -bank accounts, threatening mails, data theft by hacking computers, impersonating through social media like face book, getting personal data of persons, which is freely available due to digitization and use of several social net work platforms. Using and hacking into networks and malware, virus programmes. As discussed in fraud triangle greed for easy money is the main motive behind these unlawful activities.
The cyber criminals could be from small-time hackers to international cyber criminals involving in money laundering, stealing defence secrets, drug mafia, human trafficking and international terrorist organisations resorting to cybercrimes. These cybercriminals target individual persons to a group of persons spreading to Nations across the world, targeting defense secrets, money stealing and money laundering earned from unlawful activities to international terrorism.
The cyber criminals are qualified and have in-depth knowledge of penetration of data, networks and firewalls and security layers and cracking of the passwords. They study the subject, the targeted system and controls and the persons operating the system and the codes and software used in the organisation, before planning the cyber-attack.
Various countries adopted stringent cyber laws to protect the users of cyber technology and to deal with cyber criminals. India has a strict Information and technology Act 2000.There are ways like “Fast flux” changing of addresses of a system keeping the perpetrator’s system invisible, “IP spoofing” is changing of IP addresses and look alike web pages. Cyber crime detection and prevention is a very difficult task as we are dealing with criminals who have good knowledge of the systems and the human brains are involved in these crimes.
Secondly securing data from theft is very costly and an organisation may not be able to secure 100% and as technology is fast changing old systems become obsolete fast and new security systems need to be put in place or updated frequently and all this involves cost. The cyber criminals also update their penetration techniques of injecting viruses, hacking into servers and other modes of data theft.
CYBER STALKING
CYBER STALKING
“Cyber stalking” is another most annoying way the cyber criminals use to irritate and frustrate the Victims and harassing them through the computer networks and social media. Anyone can be the victim of cyber stalking, though the incidences are more with females being targeted than males.
Cyber stalking is generally made through Mobile phones or E-Mails or text messages or SMS and videos and other social media. There are specific provisions of laws in place in Indian Penal Code to punish the cyber criminals involved in cyber stalking
CYBER SQUATTING
Cyber Squatting
“Cyber squatting” is related to Domain names and another area of cyber criminals to breach into other “space” used the person or organisations for their business or other purposes. The domain names end with .in, .com,.org, .govt ,.uk.etc. to indicate the user whether it is Government or organisation or specific country etc. A domain name is like a trademark and specific only to the person who has purchased and exclusive only to him and to identify his website, products or services or information.
“Cyber black mailing and extortion”
“Money OR Data”- Ransom ware
Cyber crimes also are rampant in some countries for extortion of money by threats by breaching the data security or by E-Mails and SMS. In these days of extensive use of Social media by one and all with no age defense, all personal information is available on the web and there are specialist data sellers whose job is to get all the relevant information of a person or organisation and sell to prospective cyber criminals.
Cyber extortion or Ransom ware involves the cybercriminals unlawfully first obtaining Data or personal Information and using that to demand small or huge amount of money from the victim or else threaten to expose the information to public or use against such Victim, if the demands are not met with a deadline of time to pay up. Ransom ware has become a serious threat to society since years mid 2000 onward. As reported in media and elsewhere there are over 7500 reported cases of ransomware in a span of ten years till 2016.
Several data breaches were reported and estimated losses are a huge $1.6 million dollars. The first attack that was reported and documented occurred in 1989, It is however to be noted that there may be thousands of cases unreported by the Victims paying the amounts demanded under threats. Ransomware includes blocking of the software or usage of computers and servers through s malicious software that is injected to make the demands. It starts it attack as soon as the users of an organisation or individual starts to login to the computer.
Refer to News reported in Guardian for more information of Global Cyber-attacks effecting 90 plus countries across the world and other news relating to this most dangerous threat to the society across all nations without exception.
https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates
Botnet architecture looks as under: Bots, Botnets and Zombie
BOT Networks
Cyber warfare also includes intruding into the systems of oil & gas, underground rail systems, waste management, Petroleum whose operations are all system driven by computers and are targeted to disrupt opponent countries operations and cause chaos. These attacks are made possible by “bot network”.
These words are used to signify computer or network security threats. These can be good bots or bad bots. Bad bots perform malicious tasks attaching the intended Victim’s computer and networks. They perform repetitive tasks. Worldwide there may be 1000 million computers and at least 25% get effected by these bots malware from time to time. At times, difficult to detect such malicious bots and the owners may not notice them except that they observe the computers running slow.
Cyber criminals make money in the following ways using botnets:
1.They may do phishing and send spam mails to trick people and getaway with the hard-earned money.
2. Dos -Denial of Service is another way of shutting down the targeted victim’s computers by causing heavy load of traffic through bots that makes the systems go slow and ultimately gets shut down.
3.The criminals make monies also by selling their bots or giving to another criminal’s usage.
The preventive measures are nothing but strong layers of security and continuous monitoring by professionals to identify such threats creeping into the computers and networks by identifying And attack the bots and make them ineffective.
It is a Malware that will take control of the effected or attacked computer network. These bots can be used either for a good or malicious intention more so with the latter. It can at times attach several hundred computers on a network and disrupt operations. However, there are protective mechanisms against bot attacks.
Phishing & Vishing-Mostly associated with Banking Frauds
Phishing & Vishing-Mostly associated with Banking Frauds:
Phishing former refers to sending mails by soliciting to give information with false websites similar to an organisation, generally similar to bank websites and get all personal details, bank details of the victim, as if the source is from the bank, and then misusing the same and siphoning off the funds by unlawful transfers and other means. Thus, customers fall prey to fake websites and fake e-mails asking for information for updating their details or for security check etc. Vishing involves phishing as well voice messages or phone calls seeking personal information, faking their identity. The Reserve Bank of India keeps warning on media that public should be aware of these scams and fake calls and mails and unless otherwise the customers confirm authenticity from banks, they should not part with any information or report the mail as spam.
The only solution to all cybercrimes is to have a very strong security of the systems, different layers of security and pass words and various authorisation levels for employees to use data, make public aware of the dangers of cyber threats and public too should be aware of these issues and be on the alert before they give away any information over phone or e-mails or text messages and any suspicious actions should be brought to the notice of appropriate authorities including police who are having separate cells with trained persons to deal with various cyber criminals.
HACKERS
Brief On Hackers:
Hackers are of three types:
1.White Hat hackers
2. Black Hat Hackers
3. Grey Hat Hackers
It is to be noted at the outset that all hackers are experts at computer systems and have good knowledge of computer programming and full knowledge of breaking and intruding the security layers of the victim’s systems and computers. They are virtually computer professionals and know their job. White hat hackers are basically ethical people and professionals in the organisation itself doing hacking for testing their system securities and their vulnerability for intrusions by criminals. They do the hacking for testing with due permissions and knowledge of the managements or owners of the systems. They use the search engines for their work.
Black hat hackers are the criminals and bad people who resort to hacking with an intent to destroy the victim’s data or stealing data or for selling data for monies and such other unlawful and unethical uses. They intrude into the victim’s systems and computers without permission or knowledge solely with criminal intentions. These hackers look to destroy search engines.
Grey hat hackers fall in between the above two who have knowledge of the two but who do hacking without any criminal intentions like black hackers but without permissions find any loop wholes and bring to the attention of the user and also sell patches to cover any loopholes in the system.
Thus, they are not purely ethical like white hats nor criminal like the black hats. For more information check media information: