What is cybercrime?

Cybercrime is broadly used to describe criminal activity in which computers or networks are either:

• a tool
• a target, or
• a place of criminal activity.

Who's at risk?

• people of all backgrounds, ages and incomes
• experienced and inexperienced Internet users
• those who actively bank, trade and shop online, and those who use the Internet only for browsing.

As a result, we recognise that there's a possibility that at some stage you may be the target of cybercrime. However, this does not mean you need to become a victim! There are many ways to protect yourself - and the good news is, most of them are very simple.

Phishing

Phishing involves pretending to represent a usually well-known or trusted organisation and sending misleading or bogus emails (called phishing or spoof emails) to pressure victims into submitting personal or financial details via a website or online form.

As a general rule, phishing emails include a link that takes the victim to a bogus site where their personal details are captured and forwarded to the phisher. Often these emails are written in a business-like manner and contain 'urgent' messages to panic the user and encourage them to respond quickly before considering the risks.

More sophisticated techniques of phishing involve installing crimeware (eg spyware) on a victim's computer when they follow a link to a bogus website. This means that the phisher no longer needs to prompt a victim to provide their details on the bogus site, they can just wait until the victim next visits the real site and record their details then.

Pharming

Pharming is very similar to phishing in that it relies on bogus websites to steal personal information. Unlike phishing however, pharming does not rely on an email to direct the victim to a bogus site, but is more like a hijack, redirecting victims to the bogus site even if they type the right address into their browser.

Malware

Malware is malicious software that generally spreads via:

• email and instant messages
• malicious websites, and
• virus-infected files that are downloaded or shared.

This type of software tends to be downloaded without the users knowledge, and once installed it may remain unnoticed because it is hiding or simply working in the background.

Viruses, worms and Trojans are all types of malware.

Viruses

Computer viruses are programs that change the way a computer operates without the user's permission or knowledge. They can infect both desktop computers and network servers.

Some viruses are programmed to cause damage (eg deleting programs or files, or reformatting the hard disk), while others are designed only to reproduce and make the victim aware of their presence.

Unlike a worm (outlined below), a virus:

• only works by attaching itself to another file; reproducing and infecting others each time an infected file is opened or executed, and
• affects or harms files only on an infected computer.

Worms

A worm is similar to a virus in that it's a program designed to spread unknowingly by sending copies of itself from one computer to others on the same network. However, unlike a virus, worms:

• do not need to be attached to another file to reproduce and work their way through a network of computers. This means they can spread extremely quickly
• always harm an entire network, even if it's only by consuming bandwidth
• are nearly always designed to be destructive.

Crimeware

Crimeware is software that is:

• delivered in an email, often as spam
• emailed from an already infected machine
• installed by a malicious website, or
• installed unknowingly with other software you intentionally install.
• once installed, aims to stay hidden while collecting your personal information and passing it on to a cybercriminal.

Spyware, bots and Trojan Horses! These are some of the crimeware tools you may have heard of.

Trojans

Trojans (short for Trojan Horses) are malicious files or programs that may pretend to be useful and safe, but are in fact destructive once executed. They are often used as a means to gather personal information to steal from a victim.

Trojan's draw their name from the myth of the Trojan War where the Greeks gained access to their enemy's (the Trojans) city by presenting them with a giant wooden horse under the pretense of a peace offering. Unbeknown to the Trojans, the Horse was filled with Greek warriors, and once it was dragged inside, the warriors emerged, invading the city and opening the gates to the rest of the Greek army.

A Trojan Horse is designed to install or trigger more sinister programs (such as bots or spyware), often for the purpose of gathering personal information to steal from the victim.

There are two common types of Trojan horses.

1. Useful or legitimate software that has been corrupted and executes malicious code when the user runs the program.
2. Software that pretends to be something else in order to trick the user into executing it.

In order to spread, Trojans must be actively downloaded onto a computer, for example by opening an email attachment or downloading a file from the Internet.

Spyware

Spyware secretly monitors your online activity, gathering information about you and transmitting it to another computer. Spyware may be used to record your:

• personal details (eg usernames, passwords, account numbers etc)
• Internet activity (eg sites your visit and what you do there, emails or Instant Messages you send and receive etc).

While spyware can be used as a means to steal from a victim, the programs are not always used maliciously. However, since they often collect information unknowingly, even benign spyware is generally not a great thing to have on your computer.

Spyware may also slow down the performance of your computer. For the most part, spyware is installed without your knowledge by a website you visit or with other software that you intentionally install.

Bots

Bots (short for robot) allow a master computer to use another computer remotely to perform automated tasks over the Internet and they have the potential to cause widespread damage.

Malicious bots may be used by a cybercriminal to take control of a vulnerable computer with the intention of using it for criminal purposes, such as sending spam and phishing emails, or hosting bogus websites. A computer infected with a malicious bot is often referred to as 'zombie'.

However, not all bots are bad. An example of a 'good' bot is one that is used by a search engine to index and gather information about individual web pages to facilitate searching.

Bots do not spread on their own, but are usually installed by a Trojan or malicious website, or emailed from an infected machine.

Spam

Spam is electronic junk mail - unsolicited and unwelcome messages that are most often sent as bulk emails or instant messages. It's a common way to receive unwanted or malicious software.

Spam emails are often scams that claim to offer something that is too good to be true, such as free or very cheap goods, prizes or guaranteed ways to achieve wealth.

Some common examples of spam scams include:

• offers to take part in a lottery or gambling system that guarantees a win
• free or cheap pharmaceuticals
• pirated software
• services from someone claiming psychic powers.

How do I protect myself?

We've pulled together some information on safeguarding yourself from scams and cybercrime. Read protect yourself, as well as our safe trading tips and security and protection software for some ideas.

Visit www.staysmartonline.gov.au for practical tips on how to get protected, stay protected and stay smart online

Related Topics

Cookies and Javascript
Protect Yourself from Cybercrime
Buying and selling safely
Securing your computer