Cybercriminals are clever, organized in gangs, well-funded, and very tech savvy. The goal of these criminals is can be explained in two words: make money. They have hundreds of clever ways to accomplish their goal. They may capture sensitive data such as user names and passwords, credit card numbers, or e-mail addresses. They then either sell this information over the Internet in bulk to other cybercriminals or use the data themselves to make money.
Their crimes fall into two general types that often work together.
The first type of Internet crime is called social engineering. It is often an attempt to convince a user to open an email attachment or click on a link in an e-mail. These links may lead to a forged website where the user is asked to provide their username and password. This practice is called ‘phishing.’ Another example of social engineering is the scam that tries to convince a victim to send money.
The second type of crime takes advantage of software vulnerabilities to install malware. The e-mail links in the example above may lead to a malicious website that installs malware.
A few examples:
– Suppose cybercriminals break into a number of existing social media accounts – Facebook, MySpace, etc. and capture the usernames and passwords of those accounts. Access to those accounts allows them to capture the names and details of friends of those accounts. One way to monetize that information directly is to pose as the account holder and e-mail their friends with an imaginary emergency and ask those friends to wire money to a specific address or account immediately.
– Suppose they are able to download malware into your computer. This malware captures usernames and passwords of bank accounts, along with e-mail addresses from your address book. They the cybercriminals proceed to empty your bank accounts and send spam to everyone in your address book in your name attempting to infect them with the same malware.
– Maybe they are able to download malware that opens a backdoor to your computer. More malware is then downloaded to take control your computer remotely. Without your knowledge it has then become a ‘bot’ or ‘zombie,’ one of thousands, or even hundreds of thousands of computers in a network known as a ‘botnet.’ Hundreds of botnets are known to exist. These botnets may be used by cybercriminals either to send out billions of spam messages per day or rented out to attack other websites, or even other countries.
The fact is that these methods of Internet crime work. According to the Anti-Phishing Working Group, good credible estimates of the direct financial losses due to “phishing” alone exceed $1 billion dollars per year. And that is just one small slice of the Internet crime pie.
How many botnets exist? It is hard to tell. Several dozen large botnets are known to exist according to many experts. The number of smaller botnets is more difficult to determine. A 2009 post on SecureList.com estimates that at least 3600 botnets exist.