Cybercrime is an umbrella term that refers to committing crimes through an ICT means, such as with a computer, smartphone or tablet.(1) Cybercrime can be carried out by both individuals and organizations. Possible targets of cybercrime are:
Financially benefit/disadvantage someone else's financial position
Crippling a country's vital (digital) infrastructure
Reputation damage
Spy
Threatening and/or blackmailing individuals or agencies
Inciting hatred and violence
Cybercrime manifests itself in many forms. They can include:
The deployment of malware
Malware is software, computer programs and applications created with malicious intent.(2) The term "malware" is a contraction of malicious and software.
These may include:
Viruses: A virus is a program that infects computers and then tries to spread to other IT resources on a network. For example, it can find out passwords, or it can completely take over a computer.(3)
Computer worms: A computer worm spreads automatically and thus does not need to be installed by a user. The most well-known is the so-called payload worm, a worm that when installed installs not only a virus but also other malware, such as spyware and ransomware (see below). Another form is the bot worm, which can turn a system into a so-called zombie/bot. The hacker can then make the computer execute any command. The network the infected computer is connected to is called the botnet. When a hacker visits a website from several devices and thus overloads the system, it is called a DDoS attack. E-mail worms spread by automatically sending a message to all the people in a contact list. This worm also spreads through social media. Think of receiving a strange link from someone via Facebook.(4)
Ransomware: Also called hostage software. The device or network is infected, after which all files are encrypted. The organization is "down": files and/or programs are no longer accessible. After the organization is down, criminals make contact. In exchange for a (large) amount of money, you can then regain access to your systems. We speak of Ransomware-as-a-Service (RaaS) when the ransomware is, as it were, lent/hired to another hacker, who then carries out the cyber attacks. When the hacker makes money from the cyber attack, he surrenders part of his earnings to the creator of the ransomware. (5)
Spyware: Through spyware, a hacker collects sensitive information from a person to create a detailed user profile. He then sells this profile to outside parties. Often a computer user does not know he has spyware on his computer. It is often installed unnoticed at the same time as other software. This occurs, for example, when you install a supposedly free version of a program that you normally have to pay for. (6) An example of spyware is a keylogger. A keylogger monitors what someone types on the keyboard. It can also take screenshots. (7)
Trojan horse: A Trojan horse gives access to a computer and in itself is not harmful. It can, however, carry other types of malware. (8)
Adware: Adware is ad-supporting software that you see when you are scrolling the Internet, for example. Think of advertising pop-ups. Adware falls under malware if it is used for malicious intent, such as by overloading a computer.(9)
Other forms of cybercrime
In the following forms of cybercrime, malware does not play a main role, but can be used in a complementary way to achieve the intended criminal goal.
The forms you see below can overlap with each other. For example, phishing can go hand in hand with identity fraud.
Phishing: In phishing, criminals "fish" for personal information in a variety of ways. One well-known form is the phishing email. This is an e-mail that gives the impression of coming from an official agency. A well-known example is the e-mail coming from a so-called bank, telling the reader to pay a fine as soon as possible. The reader is then navigated to a website that appears to come from the bank, where he must log in and leave his personal (banking) information. Phishing can also take place via WhatsApp, text message or telephone. Spear phishing is phishing specifically directed at a person, which often has a persuasive effect. Consider a "family member" who says they are in money trouble and urgently asks you to transfer money. (10) Phishing can also be used for cryptojacking. Cryptojacking is the situation where a computer is used to cryptominate. This is done because cryptomining is very taxing on hardware and power, so the cryptominer chooses to run it through another computer. (11)
Identity fraud: In identity fraud, criminals use personal data to impersonate another person online, such as to commit crimes or make banking transactions.(12) That data can be collected through hacking, but also, for example, through deception, phishing, blackmail or accidentally giving away personal data. Consider discarded mail or unknowingly sharing personal data via social media. SIM swapping involves taking an 06 number to log into accounts (via two-step verification).(13) Also consider WhatsApp fraud, although victims may then also be contacted via an unknown phone number. In WhatsApp hijacking, a fraudster actually breaks into a WhatsApp account. A variant of this is voicemail hijacking. (14) In help desk fraud, criminals pose as help desk employees of official agencies. They trick victims into giving them access to their computers or bank accounts. (15) In CEO fraud , the scammer poses as the CEO or other prominent person within a company. From this person's name, for example, realistic emails are sent about making an urgent financial transaction. The e-mail may be a domain name that closely resembles that of the CEO, or it may have been broken into that person's original e-mail account. The latter can go a step further if the scammer first takes stock of the company's corporate structure and communication style.(16)
Doxing: Doxing is information dissemination with malicious intent, such as reputational damage or threat. It involves sensitive, damaging information. The term is a contraction of "dropping dox," where "dox" refers to "documents. The information may already be publicly available, but often "hidden" in old blogs and forums, for example. This information is then brought back to light. It may also be information that has been exchanged privately and is now being communicated externally.(17)
QR code fraud: Here, the QR code is used as a scam tool. When scanned by the victim, the scammer gains access to the scanner's mobile banking environment. A well-known method is convincing people to scan a QR code to transfer money for the parking machine. QR code fraud also happens through digital marketplaces.(18)
Man-in-the-middle attack (MITM): In a MITM, a hacker intercepts communications between two parties. A MITM allows a hacker to see all the data you and your recipient exchange without your knowledge. In e-mail hijacking , a hacker targets the e-mail accounts of large organizations. They gain access to employees' personal accounts and at some point forward their payment information to the customer in the form of a banking payment instruction. Thus, the victim transfers money to the scammer instead of to the "real" bank. MITM also takes place over wifi. This involves an open wifi hotspot that appears reliable but is actually malicious. Other forms include: session hijacking, IP spoofing, DNS spoofing and HTTPS spoofing.(19)
Other forms not covered above that may also fall under cybercrime include: cyberstalking, revenge porn, catfishing and sextortion. In some cases also deepfakes. The various types of cybercrime continue to expand.
Cybercrime is on the rise and has long ceased to be reserved for the technically savvy criminal. Traditional crime is increasingly making way for the digital form of crime(20): the people who used to commit burglaries or rob stores are now more often choosing the digital route, including by buying ready-made hacking packages.(21) It is important to be aware of the many different forms of cybercrime, so that you can recognize it and take (preventive) action. You can read how this works in terms of legislation in the file Information security.
This file gives you a broad and up-to-date view of cybercrime. At the top, you can navigate between the latest news, policies and Q&A in this area, among others.
Footnotes
AI drives increase in cyber threat, nine in 10 companies unprepared
News press releaseDutch organizations targeted again by DDoS attacks
News press releaseNCSC: Serious Microsoft SharePoint Server vulnerability actively exploited by hackers
News press releaseMajor data breach hits population screening for cervical cancer: data of over 485,000 participants hacked
News press release'Increased risk of cyber attack on port of Rotterdam'
News press releaseBill to share cyber threat information more broadly to House of Representatives
News press releaseHalf of Dutch companies fear cyber attack
News press releaseThis is how the cyber war between Russia and Ukraine is progressing
Background articles
