ᾟ Unit 3 – Tools and Methods used in

Cyber Crime
1. What is Phishing? How Phishing Works?
Phishing is a trick to steal your personal or financial information by pretending to be a
trusted source (like a bank or popular website).

The Phishing Cycle

1
Deceptive
Email
A fake email is sent to
the victim.

4 2
Identity Fraud Trust
Exploitation
The stolen
information is used The email pretends to
for fraudulent be from a trusted
activities. source.

3
Information
Theft
The victim's personal
or financial data is
stolen.

How it works:
1. You get a fake email or message (looks like it’s from your bank or company).
2. It asks you to click a link and log in or enter personal info.
3. The link opens a fake website that looks real.
4. When you type your username, password, or card details, the hacker saves it.
5. Your information is now stolen and misused.
 Phishing Attack Process

Click on Link
The user clicks on a
malicious link
Visit Fake
Website
The user is directed to a
fraudulent website
Enter Personal
Info
The user inputs sensitive
personal information
Information
Stolen
The hacker captures the
user's data

Example:
Email says – “Your account is blocked. Click here to verify” → Fake site → You enter your
password → Hacker gets it.

Password Theft Transformation

Account Password Account

Blocked Phishing Link Fake Website Entry Compromised
Suspicious email User clicks User lands on User enters sensitive Hacker gains account
received verification link imposter site password access

2. What is Password Cracking? Types & Purpose

Password Cracking means guessing or breaking someone’s password to access their
account or system.

The Cycle of Password Cracking

Guess
Password

Break
Use Account
Password
Password
Cracking

Access
Account

Purposes:
• To steal information
• To hack into systems
• To test system security (by ethical hackers)
 Purposes of Hacking

Steal Test Security

Hack
Information
Systems Evaluate system
Illegally obtain defenses through
private or sensitive Illegally access ethical hacking.
data. and control
computer systems.

Types of Cracking:
1. Brute Force Attack – Trying every possible combination.
2. Dictionary Attack – Using a list of common passwords.
3. Rainbow Table Attack – Using pre-computed password hash values.
4. Phishing – Tricking you to tell your password.
5. Keylogging – Recording your keystrokes to capture passwords.

Cyber Attack Methods

Rainbow Table
Attack
Employing pre-
computed password
hash values for quick
access.

Dictionary Attack Phishing

Using common Deceiving individuals
password lists to guess into revealing their
passwords. passwords.

Brute Force
Attack
Trying every possible
Keylogging
combination to crack Recording keystrokes to
passwords. capture passwords.

Cyber Attack
Methods
 3. Difference between Keyloggers and Spyware
FeatureKeyloggerSpyware
Main WorkRecords what you type (keyboard inputs)Secretly collects data from your
PurposeSteal passwords or messagesMonitor user activity, steal personal data
device
VisibilityHidden in the backgroundAlso hidden but may slow the system
Example UseCapturing login infoSending user data to a hacker or company

Keylogger vs. Spyware Features

Main Work Purpose Visibility Example Use

Keyloggers record Keyloggers aim to Keyloggers are Keyloggers capture
keyboard inputs, steal passwords or hidden in the login information.
while spyware messages. Spyware background. Spyware sends user
secretly collects monitors activity and Spyware is also data to hackers or
device data. steals data. hidden, but may companies.
slow the system.

4. What is Blind SQL Injection?

Blind SQL Injection is a way to attack a website’s database even when the attacker cannot
see error messages or results.
 Choose the appropriate SQL injection attack method for database
exploitation.

Blind SQL Injection Traditional SQL Injection

Exploits databases without Relies on visible error
visible feedback messages

How it works:
• The hacker puts harmful SQL code in a search box or form.
• The website doesn’t show the data directly.
• But based on the site’s response time or behavior, the hacker guesses if the injection
worked.

Blind SQL Injection Process

Website Response
Analysis
Hacker analyzes website's
response time
Behavior
Observation
Hacker observes website's
behavior
Injection Success
Guess
Hacker guesses if injection
was successful

It’s "blind" because the hacker can't directly see the results, but still finds a way to steal or
modify data.
5. What is Buffer Overflow Attack? How to minimize it?
Buffer Overflow happens when a program stores more data than a space (buffer) can hold.
The extra data can overflow into other areas and change the program’s behavior.
 Cycle of Buffer Overflow

Data Exceeds
Buffer

Buffer
Overflow
Program Overflow
Behavior Occurs
Changes

Hackers use it to:

• Crash the program
• Insert harmful code
• Take control of the system
 Buffer Overflow Attack Sequence

Take Control of
Identify Crash Program System
Vulnerability The program Hackers gain
Hackers find a flaw malfunctions due to unauthorized access
in the system the attack to the system

Exploit Insert Harmful

Vulnerability Code
Hackers use the flaw Hackers inject
to initiate the attack malicious code into
the system

How to minimize it:

• Write safe code (check input size).
• Use modern programming languages that handle memory well.
• Install security patches.
• Use buffer overflow protection in operating systems.
 Secure Coding Practices

Safe Code Security

Modern Overflow
Always validate Patches
Languages Protection
input sizes to Regularly update
prevent exploits. Employ languages software with the Enable buffer
This ensures that designed with built- latest security overflow protection
your program in memory patches. Patches mechanisms in your
handles data management address known OS. This prevents
correctly and features. These vulnerabilities, attackers from
securely. languages reduce protecting against exploiting buffer
vulnerabilities potential attacks. overflows to execute
related to manual malicious code.
memory allocation.

6. What are different components of a Wireless Network?

1. Access Point (AP) – Device that lets wireless devices connect to a network (like a
Wi-Fi router).
2. Wireless Devices – Phones, laptops, tablets that connect via Wi-Fi.
3. Wireless Network Interface Card (NIC) – Hardware in your device that connects to
Wi-Fi.
4. Router – Directs internet traffic in and out.
5. Firewall – Protects network from outside attacks.
6. Antenna – Sends and receives wireless signals.
 Components of a Wireless Network

Wireless NIC
Hardware enabling
Router
device connection to Wi- Directs internet traffic in
Fi. and out of the network.

Wireless Devices Firewall

Devices that connect to Protects the network
the network via Wi-Fi. from external threats.

Access Point
Facilitates wireless
Antenna
device connections to Sends and receives
the network. wireless signals.

Wireless Network

Short Notes:
Proxy Server:
A server that acts as a bridge between your device and the internet. It hides your IP and
improves privacy.
Uses:
 Proxy Server Functionality

Enables access to
Access
blocked websites

Manages internet
Control
usage

Hides IP address for

Anonymity
privacy

Acts as a bridge for

Proxy Server
internet access

• Anonymity
• Control internet usage
• Access blocked websites
Anonymizer:
A tool or website that hides your real identity while browsing the internet. It helps keep
you anonymous.
 Cycle of Online Anonymity

1
Access
Anonymizer
User connects to the
anonymizer service.

4 2
Maintain Privacy
Hide Identity
User's online activities
Anonymizer masks the
remain private and
user's IP address.
untracked.

3
Browse
Anonymously
User navigates the
internet without
revealing their identity.

DoS Attack (Denial of Service):

An attack that floods a website or server with too much traffic so it crashes or becomes
unavailable.
 Denial of Service Attack

The resulting
unavailability of the System Crash
system

The excessive traffic Traffic

causing the crash Overload

The core disruption of Denial of

service Service

DDoS Attack (Distributed Denial of Service):

Same as DoS but done using many devices (often part of a botnet) to make it more
powerful and hard to stop.
Would you like me to continue with Unit 4 (Computer Forensics) now?
 DDoS Attack Cycle

1
Botnet Formation
Hackers create a
network of
compromised devices.

4
Service
2
Disruption Attack Execution
Normal services are The botnet launches a
interrupted or coordinated attack.
unavailable.

3
Target Overload
The target system
becomes overwhelmed.