- Cryptojacking (where hackers mine cryptocurrency using resources they do not own)
- Cyberespionage (where hackers access government or company data)
- Social engineering: relies on human instinct of trust, carefully worded email, voicemail, or text message from a cybercriminal can convince people to transfer money, provide confidential information, or download a file that installs malware.
Tactics to defraud:
- Phishing: tactics include deceptive emails, websites, and text messages to steal information.
- Spear phishing: email is used to carry out targeted attacks against individuals or businesses.
- Baiting: an online and physical social engineering attack that promises the victim a reward.
- Malware: victims are tricked into believing that malware is installed on their computer and that if they pay, the malware will be removed.
- Pretexting: uses false identity to trick victims into giving up information.
- Vishing: urgent voice mails convince victims they need to act quickly to protect themselves from arrest or other risk.
- Learners could refer to a ‘real world’, for example, by looking at each other’s social media accounts to identify information that could potentially be used to defraud their peers.
- Protective methods: practicing diligence, installing appropriate anti-virus software, installing other appropriate security software, turning on firewall, protecting personal information, browser safety, client software, frequent and regular updating, care with email attachments, not opening pop ups, avoiding emails from unknown sources, not visiting suspect sites, anti-malware software, use and protection of passwords, data protection (personal/financial information), restricting access, regular backups.
- Cyber security testing: measures the effectiveness of security measures against a potential attack, can be manual or automated, vulnerability testing to reduce the possibility for intruders (hackers) to get unauthorised access, penetration testing (ethical hacking).
- Purpose: to test an IT system, network or web application to find security vulnerabilities that a cybercriminal could exploit.
- User access controls: learners could do this by setting up user access control on a network or operating system. For example, a cloud based application could be used to set up shared folders, learners could set various permissions, including some with restricted access.