Cybercrime, also known as scams or fraud, is constantly evolving due
to the many data breaches occurring around the world. Attackers gather
more of our personal data from these data breaches, then use that data
to develop or modify their attacks. Users must remain on guard against
social engineered attacks aimed at defrauding users of personal
information and/or property (usually money/currency). I’m suggesting
users update themselves as they would update their computers. Knowing
the types of attacks and how the attack is deployed will benefit you in
the fight against Cybercrime.
Reporting Cybercrime is beneficial for all users. When a user reports
Cybercrime, that information can help investigators combat this growing
threat; and broadcast warnings to the greater population. I’ve provided
a few links below to assist you in learning and reporting
Common delivery methods for social engineered attacks are:
Email (attackers imitate legitimate organizations in design
Mobile (voice, text messages, and app stores).
Social Media (direct messages and marketplaces).
Websites (including fraudulent ads and popups).
Common data and/or property (e.g. currency) extraction methods
Peer-to-peer payment service apps (Venmo, Zelle, Cash App...etc).
WARNING, your money goes where ever you send it (including
Wire transfers: transfer currency from one entity to another
(account-to-account). WARNING, your money goes where ever you send it
Cryptocurrency: 100% Scam. Light your money on
fire for more value (reversing/recovering payment is virtually
Store gift cards: Unverifiable way to use currency (online or in
store). WARNING, scammers prefer gift cards as payment
(reversing/recovering payment is virtually impossible).
Crime Complaint Center (IC3) The Internet Crime Complaint Center, or
IC3, is the Nation’s central hub for reporting cyber crime. It is run by
the FBI, the lead federal agency for investigating cyber crime.
Union Agency for Law Enforcement Cooperation If you have fallen
victim to cybercrime, click on one of the links below to be redirected
to the reporting website of your country. Reporting mechanisms vary from
one country to another. In Member States which do not have a dedicated
online option in place, you are advised to go to your local police
station to lodge a complaint.
Source:National Cybercrime and Fraud
Reporting System. Reporting a scam or computer crime helps the Royal
Canadian Mounted Police (RCMP), the National Cybercrime Coordination
Unit (NC3) and the Canadian Anti-Fraud Centre (CAFC)Reporting a scam or
computer crime helps the Royal Canadian Mounted Police (RCMP), the
National Cybercrime Coordination Unit (NC3) and the Canadian Anti-Fraud
Centre (CAFC) learn more about the nature of these incidents. The
information you include in your report helps us follow cybercrime and
fraud trends. We use this information to help protect more people from
harm. It is the role of local police services to investigate.
What is a "Data
Breach"? A data breach is a security violation, in which sensitive,
protected or confidential data is copied, transmitted, viewed, stolen,
altered or used by an individual unauthorized to do so.
What is "Malware"?
Malware (a portmanteau for
malicious software) is any software intentionally designed to cause
disruption to a computer, server, client, or computer network, leak
private information, gain unauthorized access to information or systems,
deprive access to information, or which unknowingly interferes with the
user's computer security and privacy.
What is a "Payload"?
In the context of a computer virus or worm, the payload is the portion
of the malware which performs malicious action; deleting data, sending
spam or encrypting data. In addition to the payload, such malware also
typically has overhead code aimed at simply spreading itself, or
What is "Phishing"?
Phishing is a form of social engineering
where attackers deceive people into revealing sensitive information or
installing malware such as ransomware. Phishing
attacks have become increasingly sophisticated and often transparently
mirror the site being targeted, allowing the attacker to observe
everything while the victim is navigating the site, and transverse any
additional security boundaries with the victim.
engineering (security) In the context of information security,
social engineering is the psychological
manipulation of people into performing actions or divulging
confidential information. A type of confidence trick for the purpose of
information gathering, fraud, or system access, it differs from a
traditional "con" in that it is often one of many steps in a more
complex fraud scheme.
Information Security Attributes:Confidentiality, Integrity and Availability (C.I.A.).
Information Systems are composed in three main portions, hardware,
software and communications with the purpose to help identify and apply
information security industry standards, as mechanisms of protection and
prevention, at three levels or layers: physical, personal and
organizational. Essentially, procedures or policies are implemented to
tell administrators, users and operators how to use products to ensure
information security within the organizations.
What is "Risk
management"? Risk management is the identification, evaluation, and
prioritization of risks followed by coordinated and economical
application of resources to minimize, monitor, and control the
probability or impact of unfortunate events or to maximize the
realization of opportunities.
What is a "Vulnerability"
(computing)? Vulnerabilities are flaws in a computer system that
weaken the overall security of the device/system. Vulnerabilities can be
weaknesses in either the hardware itself, or the software that runs on
What is an "Attack
Surface"? The attack surface of a software environment is the sum of
the different points (for "attack vectors") where an unauthorized user
(the "attacker") can try to enter data to or extract data from an
environment. Keeping the attack surface as small as possible is a basic
What is an "Attack
Vector"? In computer security, an attack vector is a specific path,
method, or scenario that can be exploited to break into an IT system,
thus compromising its security. The term was derived from the
corresponding notion of vector in biology. An attack vector may be
exploited manually, automatically, or through a combination of manual
and automatic activity.
"Standardization"? Standardization is the process of implementing
and developing technical standards based on the consensus of different
parties that include firms, users, interest groups, standards
organizations and governments. Standardization can help maximize
compatibility, interoperability, safety, repeatability, or quality. It
can also facilitate a normalization of formerly custom processes.
What is a "Replay
attack"? A replay attack is a form of network attack in which valid
data transmission is maliciously or fraudulently repeated or delayed.
Another way of describing such an attack is: "an attack on a security
protocol using a replay of messages from a different context into the
intended (or original and expected) context, thereby fooling the honest
participant(s) into thinking they have successfully completed the
What is a
"Man-in-the-middle attack"? In cryptography and computer security, a
man-in-the-middle, ..., attack is a cyberattack where the attacker
secretly relays and possibly alters the communications between two
parties who believe that they are directly communicating with each
other, as the attacker has inserted themselves between the two
What is "Transport Layer
Security" (TLS)? Transport Layer Security (TLS) is a cryptographic
protocol designed to provide communications security over a computer
network. The protocol is widely used in applications such as email,
instant messaging, and voice over IP, but its use in securing HTTPS
remains the most publicly visible.
What is a "Handshake"
(computing)?. In computing, a handshake is a signal between two
devices or programs, used to, e.g., authenticate, coordinate. An example
is the handshaking between a hypervisor and an application in a guest
What is Security
theater? The practice of taking security measures that are
considered to provide the feeling of improved security while doing
little or nothing to achieve it.