A Critical Analysis of Cyber Crime and Internet

Fraud
Fincy Rahman 1, Little Maria2, Arya KR P3, Ms.Raji N4
1 B.Sc. CS Student 1,1 B.Sc. CS Student 2, 1 B.Sc CS Student 3,Asst Prof Dept.CS 4
Department of Computer Science, Yuvakshetra Institute of Management Studies, Palakkad, Kerala, INDIA

Abstract—Cybercrime poses a significant threat to society future.The goal of cyber fraud, also known as
and has negative effects on its victims. This study analyzes online Internet fraud, is to defraud a company of money or
crimes that target specific people and looks into the motivations other valuable assets. It entails committing fraud by
of those who carry them out. Examples of these crime include
using internet tools. 13,530 fraud cases were reported
phishing, scams, online harassment, identity theft, malware,
hacking, and denial-of-service assaults. Cybercrime isa serious
to the banking system in the fiscal year 2023. In May
and rapidly expanding issue that poses a threat to today's 2023, the Reserve Bank of India (RBI) announced
internet-dependent society. People are using online social that the number of digital frauds involving digital
networking, online banking, and online shopping, according to payments had reached its highest level for the year.
study. Benefits of digital technology also include a favorable
environment for criminal behavior, such as identity theft and
hacking—the stealing of secret government data. A few brief
The FBI reports that a great deal of cybercrimes
instances include purchasing and reselling illicit software and remain unreported because of things like
malware, breaching server security, and contaminating systems embarrassment, fear of reprisals, or ignorance. This
that might cost the government, businesses, and people billions makes estimating the scope of cybercrime and its
of dollars. Cybercrime pertains to any illegal activity carried out different manifestations challenging. According to a
via a computer or other electronic device, primarily over the section of the IT Act of 2000, anyone who
Internet. Since there are numerous ways to obtain and consume intentionally deletes, modifies, or steals a computer
information on the Internet. Payment scams and credit card system or network, or who does so without the
banking have been the primary targets of cyberattacks. Keep in
owner's consent, faces financial penalties and must
mind that everyone who works for a company has a personal
obligation to ensure cybersecurity. To build the best security reimburse the owner for any damages sustained.
against cyberattacks, you must collaborate and give priority to Identity theft, credit card theft, and other financial
risks that are most likely to have an impact. The study found crimes are classified as fraud under Indian cyber law,
that awareness of the possible risks associated with the Internet and they can result in fines, jail time, or both.
is necessary in addition to security precautions. Although many
efforts are made to slow down attacks, they are sadly
unsuccessful. The causes of cyberattacks are as follows: 1. II. CYBER CRIME AND INTERNET FRAUD
nations with inadequate cyber defenses; 2. attackers utilizing
cutting-edge technology; and 3. cybercrime involving
commercial schemes. The internet connects all people, shrinking Any illegal behavior involving a computer, network, or
the world in the process. To deter criminals from considering networked device is referred to as cybercrime. Using online
committing any crimes at all, awareness of cybercrimes should services and software with internet connectivity to deceive
be raised and harsh penalties should be meted out to those who or exploit a victim is known as internet fraud.
do them. It should ensure that laws are formulated and
appropriately applied. III. CYBER CRIMES AND INTERNET FRAUDS
Keywords—Financial Crimes, Cyber Stalking,
 Financial Crimes
Telecommunication Frauds, E-Mail Related Crimes, Cyber
Criminals, Email Spoofing, Email Bombing.
 Cyber Pornography
I. INTRODUCTION
Cybercrime is any criminal activity that involves a  Drug Trafficking
computer, network or networked device. While the
majority of cybercriminals commit crimes in order to  Cyber Terrorism
make money, some of them target computers or other
devices specifically in order to harm or disable them. It
can take many different forms, including online fraud,  Online Gambling
phishing, identity theft, hacking, cyberbullying, and IV. TYPES OF CRIMES AND INTERNET FRAUDS
more. Cybercrime can be motivated by thrill-seeking,
political agendas, personal grudges, or even money. The
1) Hacking (Credit card)- “Credit card hacking” is
issue of computer crime is becoming worse as more and
the term refers to the unauthorized access and
more people and businesses depend on technology for
illicit use of credit card information.
day-to-day operations. Law enforcement organizations
and cybersecurity experts must collaborate to find and
apprehend offenders, as well as to put in place practical 2) Denial of Service Attacks- A denial-of-service
security measures that will stop similar incidents in the (DoS) attack is an intentional attempt to interfere
 with a targeted server's ability to operate normally 12. Phishing - Phishing is a kind of
by flooding it with an excessive amount of cyberattack in which malevolent actors try to fool
unauthorized traffic. people into disclosing private information—like
login passwords, bank account information,
3) Identity Theft - Identity theft is a type of fraud in or personal information—by pretending to be
which someone obtains and fraudulently utilizes a reliable source. Usually, this is accomplished
another person's personal information—such as through phony emails, instant chats, or Websites
name, Social Security number, credit card number, that pretent to be official business.
or other identifying information—for financial gain
or other illegal reasons without that person's 13. Spam – Spam is the term used to describe
consent. unsolicited or unwelcome messages that are send
4) Virus Dissemination - Virus dissemination is the in large quantities by email, instant messaging,
term that describes the transmission or distribution social media, or text messaging. Promotional
of harmful software, such as computer viruses, content and adverts are frequently included
which are intended to steal confidential data or in these communications.
infect and harm computer systems.
5) Cyber Terrorism - Cyberterrorism is the 14. Spoofing - Spoofing is a cyberattack
intentional, politically motivated use of tactic that involves fabricating data or systems to
computers and the internet to launch assaults trick receivers or obtain unauthorized
against civilian populations, key infrastructure, or access.
information systems with the goal of inflicting Spoofing comes in a variety of forms, such as
disruption, fear, or injury. spoofing emails, IP addresses, caller IDs, and
6) Online Fraud - Online fraud is the term used Websites
to describe dishonest or deceitful actions carried
out over the internet with the intention of 15. Defamation - Using digital platforms to
misleading people, companies, or organizations spread untrue and defamatory claims about a
in order to get money or accomplish other person or organization is known as defamation.
illegal goals. This can entail sharing offensive material on
websites, blogs, forums, and social media
7) Software piracy-Software piracy refers the networks.
unapproved duplication, transfer, utilization of
software without the required authorization or
consent from the owner of the copyright.
8) Malicious Code - Malicious code, sometimes
abbreviated as malware, is any software or code
that is intentionally created to harm a user,
network, or computer system. Trojan horses,
worms, and viruses are a few examples of
malicious programming in different forms.
9) Malware - Malware, which is short for
"malicious software," is any software that is
specifically made to harm, obtain unauthorized
access, or interfere with normal functioning on a
device, network, or computer system. A range
of dangerous programs, including viruses and
worms, are categorized as malware.
10) Phishing - Phishing is a kind of cyberattack in
which malevolent actors try to fool people into
disclosing private information—like login
passwords, bank account information, or
personal information—by pretending to be a
reliable source. Usually, this is accomplished
through phony emails, instant chats, or Websites
that pretent to be official business.
11) Spam – Spam is the term used to describe
unsolicited or unwelcome messages that are
send in large quantities by email, instant
messaging, social media, or text messaging.
Promotional content and adverts are frequently
included in these communications
 THREE-FACTOR
V. LITERATURE REVIEW TABLE IDENTITY THEFT AUTHENTICATION
OWNER SHOULD (3FA)
DESTROY (EXPIRED)
CYBERCRIME PREVENTION TIPS PREVENTING IDENTITY DOCUMENTS, BIOMETRICS
TECHNIQUES SUCH AS DRIVING
LICENSE WITH EXPIRED
DATE ANTI-IDENTITY THEFT
BURGLARY VIA DO NOT SHARE REQUIRED PHYSICAL SOFTWARE LIKE
LOCATION SECURITY, SUCH AS LIFELOCK BY
SOCIAL NETWORKING SECURITY CAMERAS, SYMANTEC
DO NOT SHARE HOME RESTRAIN SHARING
DOOR LOCKS,
IDENTITY DOCUMENTS
ADDRESS MONITORY BLIND
ON SOCIAL MEDIA, E.G. TECHNIQUES: SD AND
SPOTS, MOTION-
DO NOT SHARE BOARDING PASS ETC. CD ALGORITHMS,
ACTIVATED
PERSONAL FLOODLIGHTS WITH OUTLIER DETECTION,
DO NOT KEEP/STORE HIDDEN MARKOV
INFORMATION WITH RANDOM TIMERS ETC.
IDENTITY DOCUMENTS MODEL, GENETIC
FRIENDS OF FRIENDS
WITHIN SYSTEM, E.G. ALGORITHM AND
TECHNIQUES: TIME
LIMIT YOUR CREDIT CARD ETC. LOGISTIC REGRESSION
SERIES APPROACH,
CONNECTION TO ONLY RANDOM FOREST -
THOSE WHOM YOU BASED MODEL.
KNOW MULTILAYER
PERCEPTRON, SELF- CYBER-CASING USE ONLINE TOOLS,
CHECK YOUR PRIVACY ORGANIZING MAP, RULE SWITCH OFF YOUR LIKE
SETTING AND CONTROL INDUCTION, GENETIC GPS ON SMARTPHONE TOOL.GEOIMGR.COM,
HOW OTHERS CAN TAG ALGORITHMS AND CASE TO CHECK AND
YOU BASED REASONING. REMOVE IF AN IMAGE
CONTAINS GEO
LIMIT YOUR APP DO NOT PUBLICLY
LOCATIONS.
PUBLISH HOLIDAY
PERMISSIONS
STATUS OR PHOTOS
TECHNIQUES: SVM
UNTIL YOU HAVE
CLASSIFIERS
RETURNED

SOCIAL ENGINEERING DO NOT SEND ONE-TIME (OTP) DO NOT MENTION THE

AND PHISHING SENSITIVE TIMES YOU WILL BE
INFORMATION OVER CAPTCHA AVAILABLE AT HOME
THE INTERNET BEFORE WHEN SELLING ITEMS
CHECKING A WEBSITE'S DIGITAL CERTIFICATES ON ONLINE MARKET
SECURITY. PLACES
DO NOT RESPOND TO GENETIC AND
UNSOLICITED CALL, ATTRIBUTE BASED ANTI- CYBER-STALKING KEEP WORK AND GATHER AND
EMAIL OR VISITS FOR PHISHING ALGORITHMS SOCIAL NETWORKING DOCUMENT AS MUCH
PERSONAL OR EMAIL ADDRESS EVIDENCE AS YOU CAN
FINANCIAL TECHNIQUES: NEUTRAL SEPARATE
INFORMATION NETWORK, IREP, C4.5
BLOCK AND REPORT
ALGORITHM
DO NOT PLACE ALL TO AUTHORITIES
DO VERIFY THE THE INFORMATION AGAINST CYBER-
LEGITIMACY OF A ONLINE, SUCH AS DATE STALKER
DOUBTFUL EMAIL BY OF BIRTH OR
DIRECTLY CONTACTING EMPLOYMENT HISTORY
THE COMPANY TECHNIQUES:
ASSOCIATION RULE
USE PHOTOGRAPHS MINING, TEXT MINING,
V. MALWARE THAT DO NOT IDENTIFY CYBER-STALKING
INSTALL UPDATED SIGNATURE-BASED LOCATION DETECTION
ANTIVIRUS MALWARE DETECTION FRAMEWORK AND
SIGNATURE-BASED
DO NOT USE LEGAL
DATA MINING.
NAME ON SOCIAL
USER VIGILANCE ANOMALY-BASED MEDIA, USE NICK
REQUIRED MALWARE DETECTION.
NAME

TECHNIQUES: N-GRAMS,
PAY ATTENTION TO THE API/SYSTEM CALLS, UTILIZE THE PRIVACY
UNIFORM RESOURCE ASSEMBLY SETTINGS AVAILABLE
LOCATOR (URL) OF A INSTRUCTIONS, AND TO VARIOUS
WEBSITE. MALICIOUS HYBRID FEATURES PLATFORMS, SUCH AS
WEBSITES MAY LOOK FACEBOOK, TWITTER
IDENTICAL TO A AND OTHERS
LEGITIMATE SITE
 VI.CYBER CRIME AND INTERNET FRAUD  Increased investment in cybersecurity: This
included funding for updated security software, staff
Any illegal behavior involving a computer, network, or training, and infrastructure upgrades.
 Mandatory patch management: Stricter policies
networked device is referred to as cybercrime. Using online
were put in place to ensure timely installation of security
services and software with internet connectivity to deceive or
patches across all NHS systems.
exploit a victim is known as internet fraud.
 Enhanced user awareness: Comprehensive
cybersecurity training programs were rolled out to educate
2) Financial Crimes
staff on identifying and mitigating cyber threats.
3) Cyber Pornography
4) Cyber Terrorism 2)Case study 2
5) Online Gambling Elaborating on the $90k Phishing Attack via Fake CEO
Email:
India was reported to have the greatest rate of Incident: A finance manager (FM) at a company fell
1) cybercrime due to the country's surge in e- victim to a phishing email impersonating the CEO, resulting
in a fraudulent transfer of $90,000 to a foreign bank
2) commerce, online banking, and digital transactions account.
3) brought about by its digital revolution.
Key Details:
4) USA stands at the 2nd and Australia and global
5) stands 3rd and 4th positions all over the world.  CEO impersonation: The email was crafted to
appear as if it originated from the CEO, who was known to
be on vacation in Asia at the time. This added an air of
1)Case study 1 legitimacy, lowering the FM's suspicion.
 England's National Health Service (NHS)  Back-and-forth communication: The perpetrator
Ransomware Attack: A Recap engaged in email communication with the FM regarding
May 12-19, 2017: The NHS became the target of a payment details, further solidifying the illusion of
widespread ransomware attack, impacting over 34% of its authenticity.
trusts and causing significant disruption to healthcare services  Documentation preparation: The FM, convinced
across England. of the email's legitimacy, prepared all necessary
documentation for the transfer, further bypassing internal
The Culprits: controls.
 Missing security patches: Many NHS systems  Approval and transfer: Despite the suspicious
lacked essential security updates, leaving them vulnerable to nature of the email, the payment was ultimately approved
the ransomware's exploits. and transferred, resulting in financial loss.
 Unsupported operating systems: The continued use Root Cause:
of outdated operating systems, like Windows XP, created
exploitable vulnerabilities within the NHS infrastructure. While inadequate IT systems could have played a role in
 Inadequate user training: Insufficient training on allowing the phishing email to reach the FM, the primary
cybersecurity best practices left NHS staff susceptible to cause of this incident points towards a breakdown of
phishing attacks and other social engineering tactics used to internal controls. This breakdown likely manifested in the
spread the ransomware. following ways:
 Outdated security software: Firewalls and antivirus  Lack of verification procedures: The FM lacked
software that were not up-to-date lacked the necessary proper protocols for verifying the authenticity of such
capabilities to effectively defend against the attack. requests, particularly when involving large sums of money.
The Consequences:  Insufficient awareness training: Training on
identifying and responding to phishing attempts might not
 Appointment cancellations: An estimated 19,000 have been adequately provided or reinforced within the
appointments, including some urgent procedures, were organization.
cancelled due to the disruption caused by the ransomware.  Approval process vulnerabilities: The existing
 Financial losses: The attack incurred significant approval process, even with the CFO involved, might have
financial costs for the NHS, both in terms of recovery efforts lacked sufficient checks and balances to catch the
and reputational damage. fraudulent nature of the request.
 Data loss and disruption: The ransomware
Conclusion:
encrypted sensitive patient data, leading to data loss and
requiring manual re-entry, further disrupting workflows and This incident highlights the importance of robust
impacting patient care. internal controls beyond just relying on IT security
measures. Regular employee training on cyber threats, clear
The Aftermath:
verification procedures, and multi-layered approval
The NHS ransomware attack served as a stark reminder of processes are crucial in preventing such financial losses.
the vulnerabilities within healthcare systems and the
importance of robust cybersecurity measures. In response, the
NHS implemented several improvements, including: VII.WHO ARE CYBER CRIMINALS?
A cybercriminal is a person who commits cybercrimes, or C. Professional Hackers
malicious acts and illegal operations, using his or her Business enterprises now save information electronically as
technological talents. They could be groups or individuals a result of widespread computerization. Competing
Cybercriminals can be found in large quantities on the so- companies hire hackers to obtain trade secrets and other
called "Dark Web," where they primarily offer their illicit industrial information that could be useful to them. Hacking
goods and services. the portion of the Internet that can only be is thought to be able to obtain the necessary information
accessed with specialized software, providing anonymit from competing businesses, negating the need for physical
oruntraceably to users and website owners. presence as a prerequisite for access. This also creates the
temptation for businesses to employ skilled hackers to carry
"The Dark Web poses new and formidable challenges for law out their dirty work.
enforcement agencies around the world"
VIII.PREVENTION OF CYBER CRIME AND
Anything on the Internet that search engines like Google INTERNET FRAUD
cannot or will not index is known as the "dark web." In Keep your software updated
addition,dynamic webpages, unlinked sites, private sites (such
those requiring login access), banned sites (like those requiring • Enable your system firewall
a CAPTCHA answer), non-HTML/contextual / programmed • Use different/strong passwords
content, and limited-access networks fall under this category.
• Use antivirus and anti-malware software
Sites with domain names listed on DNS sources that are not
under the control of the Internet Organization for Assigned • Activate your email's anti-spam blocking
Names and Numbers (ICANN), such as BIT domains, sites feature
that use standard DNS but have non-standard top-level
domains, and eventually darknets, are included in limited- • Use 2FA for all your online services
access networks. Darknets are essential internet-managed • Encrypt your local hard disk
websites. Useful programs like Tor till the download is
complete. The activities that occur within the Darknetsaccount • Shop only from secure and well-known
for the majority of the general interest in the Deep Web
websites
• Use a WHOIS private service
Uses of Dark web
• Use a private-secured DNS server
When purchasing recreational drugs online, astute individuals • Use a VPN
will avoid entering keywords into a standard web browser.In
order to access the internet, he or she would have to use a • Encrypt your email
network that would never reveal their IP address or • Monitor your Children’s Online activities
physicallocation to third parties. However, drug dealers don't
choose to open an online storefront where law authorities can IX.CONCLUSION
easilydetermine, for example, who registered the domain or
where the physical IP address of the website is located. Apart
fromdrug purchases, there are other reasons why people We must take an action to safeguard our organizations and
decide to maintain their anonymity or create websites that are ourselves from the grave threat that cybercrime poses to our
difficult to link to a certain person or place. It might be society. We can take proactive steps to stay safe online and
necessary for people to conceal the dark nets if they want to avert cyberattacks by being aware of the various forms of
shield their data from government surveillance. leakers of cybercrime and their effects. Because cybercrime is
information. They don't want a paper trail, even though they currently too alluring for criminals to turn down, it will only
may wish to provide journalists access to vast amounts of get worse over time unless preventive measures are taken to
insider information. dissidents in repressive governments who stop it. Attackers are getting more skilled, and cyber threats
need to remain anonymous in order to inform the world about are always changing. It's critical to keep abreast of
what is occurring in their area emerging trends, attack strategies, and security holes. Multi-
Layer Security: Putting in place multiple layers of security
A. Kids (age group 9-16) is crucial.Computer fraud is a significant issue that can have
Unbelievably, children can also be cybercriminals, whether detrimental effects on one's finances and personal life. It's
they know it or not. Teenagers make up the majority of critical that you take precautions against this kind of crime
amateur hackers. These adolescents seem to take great delight by using strong passwords, keeping your software and
in their ability to get into a website or computer system. It's systems updated, and being aware of potential threats.
also possible that people carry out the offenses
Computer fraud is a significant issue that can have
without realizing they are breaking the law. detrimental effects on one's finances and personal life. It's
B. Organized Hacktivists critical that you take precautions against this kind of crime
by using strong passwords, keeping your software and
Hacktivists are groups of hackers having a specific goal in systems updated, and being aware of potential threats.Using
mind. These organizations mostly function on a political basis. the dark web can have both positive and negative effects.
In contrast, in other situations, their goals could be activity on Cyberattacks and cybersecurity are two common uses for
the social, religious, or any other front. the dark web. The aforementioned activities take place
whether or not the Dark Web is real. The Dark Web merely
offers a simple means ofSOFTWARE
making connections
PIRACY- with individuals
who share your interests and encouraging additional
communication.The numerous ways that information posted
online can be manipulated make internet usage extremely
dangerous. These data are vulnerable to security frauds that
involve the misuse of various kinds of information. Another
significant area of Internet-related fraud is data manipulation
in electronic commerce. Authorities, companies, and users are
concerned about the deceit committed by third parties and
Internet businesses. New preventive actions, including
legislative changes, efficient data coding, and fraud prevention
techniques, are requiredfor each of these online fraud
categories.The prevalence of cybercrime is sharply increasing
despite the existence of laws prohibiting it. According to
reports, there was an 11.8% increase in cybercrime in India in
2020, with only 50,000 cases being reported. Due to a number
of issues, including underreporting, the jurisdiction of crime,
public ignorance, and the rising costs of investigation brought
on by technology, cybercrime is one of the hardest crimes for
police to solve. Sections 43 and 66 of the IT Act allow for bail
and compounding of offenses involving hacking or data theft,
while Section 378 of the IPC and Section 425 of the IPC do
not permit bail or compounding of offenses. Furthermore, the
offense under Section 66B of the IT Act was bailable in the
event that the offense involved the receipt of stolen property,
whereas the offense under Section 411 of the IPC was not.
Similarly, under sections 66C and 66D of the IT Act, the
offenses of identity theft and cheating by personation are both
compoundable and bailable, while the offenses under sections
463, 465, and 468 of the IPC are not, nor are the offenses
under sections 468 and 420 of the IPC.

REFERENCES

[1] Cyber crime a new challenge for CBI, www.rediff.com, March 12, 2003 12:27 IST
[2] Richard Raysman & Peter Brown (1999), Viruses Worms, and other Destructive Forces N. Y. L. J
[3] Russell G. Smith, Peter Grabosky and Grgor Urbas, 0521840473 – Cyber Criminals on Trial, Cambridge University Press.
[4] Admiral Dennis C. Blair, Annual Threat Assessment, House Permanent Select Committee on Intelligence, 111th Congress, 1st sess., 2009.
[5] Audry Watters, Read Write Cloud, RWW Solution Series, 2010
[6] Ajith Abraham1, Crina Grosan2, Yuehui Chen3, Cyber Security and the Evolution of Intrusion Detection Systems, School of Computer Science and
[7] Engineering, Chung-Ang University, Korea 2Department of Computer Science Babes-Bolyai University, ClujNapoca, 3400, Romania 3School of
[8] Information Science and Engineering Jinan University, Jinan 250022, P.R.China
[9] Cisco, Cisco 2009 Annual Security Report: Highlighting Global Security Threats and Trends, December 4, 2009.
[10] AmichaiShulan, Application DefenceCenter (ADC), AmichaRegu-larlyLectures, Security, 2011
[11] Booz Allen and Hamilton, Reports, ―Top Ten Cyber Security Trends for Financial Services , 2012
[12] Brar, H. S., & Kumar, G. (2018). Cybercrimes: A proposed taxonomy and challenges. Journal of Computer Networks and Communications, 2018(1).
https://doi.org/10.1155/2018/1798659
[13] Burns, A. J., & Johnson, E. (2018). The evolving cyberthreat to privacy. IT Professional, 20(3), 64–72. https://doi.org/10.1109/MITP.2018.032501749
[14] Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities, and countermeasures to prevent social engineering attacks. International
Journal of Advanced Computer Research, 6(23), 31–38. https://doi.org/10.19101/ijacr.2016.623006
[15] HARSH, K., SINGH, T., & SINGH, P. K. (2015). EMERGING THREATS OF CYBERCRIMES. 1(1), 21–23.