By Sridhar Govardhan
Safeguarding our digital life
When combined, these two sections offer a thorough understanding of the cat-and-mouse game that takes place in the realm of cybercrime. It’s crucial to keep in mind that the fight for internet safety is complex as we begin our adventure.
Part One: The Life of a Cybercriminal
Alex (fictitious name), a skilled cybercriminal who operates in the shadows of the internet. His activities begin with meticulous research and planning as he prepares to execute his malicious schemes. Alex’s journey into the world of cybercrime offers a glimpse into the mind of a digital fraudster.
Alex’s criminal endeavor starts with selecting a target – an everyday internet user with a substantial online presence. His goal is to infiltrate their digital life to harvest valuable data or siphon money
Once Alex identifies vulnerabilities in the target’s online habits, he uses his technical skills to create fake domains. These domains are designed to impersonate/mimic the target’s frequently visited websites, which may be banking websites, crypto exchanges, social media platforms, online shopping, or email. Alex chooses the most appropriate type of fake domain creation approach based on the objective he is committing the fraud. In 2022 alone, cybersecurity experts identified over 100,000 fraudulent websites designed to deceive unsuspecting users.
In the crypto realm, cybercriminals actively exploit users’ vulnerabilities, creating fraudulent websites to collect login credentials and personal information. Their sophisticated tactics involve redirecting users to legitimate sites after obtaining sensitive data, making detection even more challenging. Utilizing his technical skills, Alex creates fake domains to impersonate the frequently visited websites of his targets, including crypto exchanges.
One deceptive method Alex may be using is typosquatting or URL manipulation. In this technique, they intentionally register domain names with minor misspellings of popular websites, such as “exchange.com” instead of “exchagne.com” or “exchange.com” instead of “exchange.org“. Users who make typographical errors while entering URLs can easily be redirected to these deceptive domains.
Another tactic cybercriminals employ is utilizing homoglyphs, characters that closely resemble standard alphanumeric characters but have subtle differences. These deceptive domains, like “exchȧnge.com” with a minuscule “ȧ” instead of “exchange.com“, appear genuine at first glance but are designed to deceive unsuspecting users.
To enhance the credibility of their fake domains, cybercriminals create subdomains. For example, they might design a deceptive subdomain like “login.exchȧnge.com” to deceive users into believing it’s a legitimate company login page, even though the main domain is entirely different. Cybercriminals further challenge users’ ability to spot fake domains by adding hyphens or numbers to legitimate domain names. For instance, domains like “exchange.com” or “ex-change.com” may appear authentic at first glance, luring users into their deceptive trap.
To obscure their malicious activities, cybercriminals create domains that redirect users to legitimate websites after collecting their login credentials. This redirection is designed to hide the fact that users interacted with a fake domain, making it even more challenging to identify the deception.
Alex’s next step in his elaborate scheme is crafting deceptive emails that appear to come from trustworthy sources. He impersonates entities such as social media platforms or online retailers, creating convincing subject lines that entice the target into clicking on the malicious links. Alex is well-versed in the art of social engineering, and his emails are meticulously designed to manipulate emotions, invoking fear, curiosity, or urgency in his victims. Alex identifies ideal targets within the online user community through his research and the information he gathers. He selects individuals who are likely to fall for his ruse. With a list of victims, he sends out carefully crafted emails, patiently awaiting responses.
Part Two: The Innocent User’s Plight – Now, let’s switch to Part Two and explore the experience of an innocent internet user who falls victim to Alex’s cunning scheme:
Meet Sarah (fictitious name), an everyday internet user who spends time connecting with friends, shopping online, investing in crypto, and managing her social media accounts. Sarah receives an email from what seems to be her favorite crypto exchange, offering an exclusive 50% off on limited-time crypto deals.
In her excitement to grab the enticing deal, Sarah enters her login credentials, personal information, and payment details. Little does she know that she’s fallen into Alex’s trap, and every keystroke she makes is being recorded. The consequences of Sarah’s actions are severe. Her personal information is now in the hands of a cybercriminal, and unauthorized transactions have been initiated using her data. Her trust in the online world has been shattered.
The tale of Alex, the cybercriminal, and Sarah, the innocent internet user, provides insight into the elaborate world of cybercrime. It underscores the importance of vigilance and cybersecurity awareness for all online users.
In the digital age, understanding the tactics employed by cybercriminals is crucial to protect oneself against the web of deception they weave in the vast landscape of the internet.
The author is senior vice-president and head, Information Security
This news is republished from another source. You can check the original article here