National Crime Records Bureau (NCRB)

National Cybercrime Training Centre (NCTC)

Course Reference Guide

Track: Responders Track

Level: Basic
Chapter 4: Introduction to Cyber
Crimes and Cyber Crime
Investigation
 Introduction to Cyber Crimes and Cyber Crime Investigation

Table of Contents
1. What is Cyber Crime? ................................................................................................... 4
1.1. What are we Protecting? ........................................................................................ 4
1.2. Evolution of Cyber Crime ...................................................................................... 5
2. Types of Cyber Crimes .................................................................................................. 8
2.1. Frauds Against Individuals.................................................................................... 8
2.2. Frauds Against organisations .............................................................................. 12
2.3. Frauds Against Society ........................................................................................ 13
3. Most Common Types of Financial Frauds ................................................................. 16
4. Investigation of Cyber Crimes .................................................................................... 19
4.1. Process Flow of Cyber Crime Investigation ........................................................ 19
4.2. Challenges to Cyber Crime Investigations .......................................................... 19
4.3. Safeguarding from Cyber Crimes ........................................................................ 19
5. The Nodal Agencies in India ...................................................................................... 21
6. Do’s and Don’ts for Cyber Crime Investigation ......................................................... 23
7. Reference: .............................................................. Error! Bookmark not defined.

2|Page
Introduction to Cyber Crimes and Cyber Crime Investigation

3|Page
 Introduction to Cyber Crimes and Cyber Crime Investigation

1. What is Cyber Crime?

According to the IT Act 2000, cybercrime is defined as follows

• It is carried out using computers, other digital devices and networks.

• It includes monetary and non-monetary offenses
• It can also lead to physical or sexual abuse.

1.1. What are we Protecting?

Confidentiality, integrity and availability, also known as the CIA triad, is a model
designed to guide policies for information security within an organization. The
elements of the triad comprise three important cyber security needs. These are:

1. Confidentiality refers to the act of restricting the access to information to

authorized users and preventing access from unauthorized users.
2. Availability is a requirement intended to assure that systems work
promptly, and service is not denied to authorized users
3. Integrity refers to the trustworthiness of information assets, that data have
not been changed inappropriately, whether by accident or deliberately.

Most Commonly Reported Cyber Crimes

Some of the most commonly reported cybercrime’s statistics include the following:

4|Page
 Introduction to Cyber Crimes and Cyber Crime Investigation

• Cyber Crime is expected to cost the world $11.4 million (approx. 80 crore
rupees) every minute in 2021.
• In the year 2021, there will be a cyber-attack incident every 11 seconds.
• Here are the most commonly reported cybercrimes according to NCRB
as of 2019.

23612 1023 12255

Computer Related Ransomware Identity Theft

Offenses

2067 1394 2093

ATM Fraud Sexually explicit Banking Fraud

Characteristics of Cyber Crime

Some of the common characteristics of cybercrime include:

• Criminal Anonymity
• Trans-boundary
• International Jurisdiction Issues
• Technology Advancement
• Dynamic Modus Operandi
• Non-Physical Evidence

1.2. Evolution of Cyber Crime

Traditional Crime vs Cyber Crime

There is a thin line between a Traditional Crime and a Cyber Crime. A thief can
enter the victim’s household, break the lock and steal money. Similarly, a cyber-
criminal can hack into victim’s bank account and steal money without even
entering the household of the victim.

5|Page
 Introduction to Cyber Crimes and Cyber Crime Investigation

Traditional Crime: It involves conventional crimes such as murder, rape, and

burglary. The evidence cannot be easily tampered with or duplicated. The
conviction rate of traditional crimes in India is higher than that of cybercrimes.
The investigation follows laws of nature to find physical evidence at the crime
scene.

Cyber Crime: It involves crimes such as online financial frauds, malware,

identity theft, and online abuse. It is difficult to tamper or duplicate the evidence.
The conviction rate of cyber-crimes is low due to lack of digital evidence, collection,
preservation procedures and investigation techniques.

6|Page
Introduction to Cyber Crimes and Cyber Crime Investigation

7|Page
 Introduction to Cyber Crimes and Cyber Crime Investigation

2. Types of Cyber Crimes

The most common type of cyber-crimes can be categorized into the following types:

1. Against Individuals: Financial frauds, Phishing, Identity Theft, Social

Media Frauds, Cyberbullying
2. Against Organizations: Financial frauds, Phishing, Data breach, Hacking,
Malware, Denial of service
3. Against Society: Financial frauds, Cyber terrorism, Denial of Service,
Malware, Cyber warfare, Pornography

2.1. Frauds Against Individuals

Frauds against individuals include the following classifications:

1. Identity Theft: Identity theft refers to the fraudulent practice of using

another person's name or any personal information without their consent
for personal gains. The personal information may include name, phone
number, address, bank account number, Aadhaar number or credit/debit
card number.

Modus Operandi: It is carried out to achieve the following outcomes

• Gain access to your bank accounts.

• Apply for loans and credit cards or open insurance accounts.
• File a tax refund in your name and get your refund.
• Obtain a driver’s license, passport or immigration papers.
• Create new utility accounts.
• Get medical treatment on your health insurance.
• Assume your identity on social media.
• Give your name to the police during an arrest.
2. Psychological Tricks

Often hackers play with the minds of the users to trap them with lucrative
offers and thus exploit them by either stealing money or sensitive personal
information.

8|Page
 Introduction to Cyber Crimes and Cyber Crime Investigation

Modus Operandi: It is carried out to achieve the following outcomes:

• Lottery Frauds
• Job Related Frauds
• Unbelievable discount offers
• Free medicines, vaccines
• Email Frauds
• User Account Locked Frauds

Ways of carrying out Psychological Tricks

Some of the common ways of carrying out psychological tricks are described
as follows:

a. Phishing: Phishing is the act of sending fraudulent e-mail that appears

to be from a genuine source such as from a bank, a recruiter, or a credit
card company. This is done with the aim to gain sensitive personal
information or bank account details from the victim.

Often, victims end up following the instructions given in the e-mail

without even authenticating it. They also reveal all their personal details
and even transfer a token amount to claim the lottery amount only to
realize that they lost their money without winning the lottery.

b. Vishing

Vishing is like phishing, but instead of e-mail, the fraudster uses

telephone to obtain sensitive personal and financial information of the
victim.

Let us take an example: a person receives a call asking for their credit or
debit card PIN and CVV to reactivate the blocked bank account. When
the person gives all these details, he gets notified that Rs. 10,000 have
been debited from the same amount.

c. Smishing; Smishing is the SMS equivalent of phishing, so it uses SMS

to send fraudulent text messages asking the victim to visit a link or call

9|Page
 Introduction to Cyber Crimes and Cyber Crime Investigation

a phone number. It tricks the victim into providing sensitive personal

information such as debit/credit card details or passwords.

Let us take an example: a person receives an SMS stating that he has

been shortlisted for a job in an advertising firm with a very high salary.
Naturally, he feels elated and applies for the job. He provides his CV
along with personal information. The SMS also states that he needs to
travel to a different city and stay in the mentioned hotel for two days for
the interview process. When he reaches the mentioned venue, he is
offered a welcome drink by a waiter. After having the drink, he starts to
feel dizzy. Once he wakes up, he finds himself lying on the street with his
belongings gone. He realizes that he has been robbed.

3. Social Media Frauds: Sharing your personal life details on social media
such as photographs of self or family, locations updates, personal views and
thoughts may also pose a threat to an individual. The frauds carried out
using social media are called social media frauds.

Modus Operandi: It is carried out to achieve the following outcomes:

• User Account hacking

• Fake profile fraud
• Cyberstalking
• Cyberbullying

10 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

Ways of Carrying Out Social Media Frauds

Some of the common ways of carrying out social media fraud are described
as follows:

a. Cyberstalking: It is a crime in which the attacker harasses a victim

using electronic communication. It relies upon the fact that their true
identity is not known in the digital world. It targets the victim with
threatening/abusive messages and follows their activities in the real
world.

b. CyberbullyingIt takes place over digital devices. It can occur through

SMS, social media, forums or gaming apps where people can view,
participate or share content. It includes sending, posting or sharing
negative, harmful, false content about someone else with an intention to
cause embarrassment or humiliation. Cyberbullying can also cross the
line into unlawful criminal behavior.

11 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

2.2. Frauds Against organisations

Frauds against organisations include the following classifications:

1. Hacking

A fraudulent process of gaining unauthorised access to the data in a

computer or a network is called hacking. The individuals or a group of
individuals, who perform this activity are called hackers.

Modus Operandi: It is carried out to achieve the following outcomes:

• Theft of passwords
• Transferring malicious software through emails or links
• Injecting malicious advertisements
• Hacking bank accounts, e-wallets and
• Hacking using keylogger
2. Denial of Service (DoS)

DoS attack is a cyber attack in which the attacker sends a large amount of
data to a network to make it unavailable for the intended users by
temporarily or indefinitely disrupting services. DoS attack typically targets
high profile website servers belonging to banks and credit card payment
gateways. These attacks use multiple systems to flood the bandwidth of the
target system.

Modus Operandi: It is carried out to achieve the following outcomes:

12 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

• ICMP Flooding
• Application-level flooding
• Distributed DoS attacks
• Teardrop attack

Example: On 17th April 2020, during the Covid-19 pandemic, a big IT

company was hacked by Maze group causing huge service disruptions for
the clients and the company. The attack had encrypted and disabled the
company’s internal systems and disrupted the company’s attempt to enable
its staff to work from home. This caused severe damage to the business and
the company had to spend up to $70 million over the next three months
remediating the damage the attack caused.

3. Data Breach

It is an incident that involves sensitive, protected, or confidential

information being copied, transmitted, viewed, stolen, or used by an
individual unauthorised to do so. The data breach can take place through:

a. Data Leakage: Data leakage refers to illegally copying the master file
information from a computer for ransom, blackmailing, or any other
fraudulent purpose.
b. Data Spying: Data Spying refers to accessing the files or digital data
from a remote location by using legitimate password or cracking the
password.
c. Scavenging: Scavenging refers to obtaining and reusing the
information, which have been left over as temporary files that were
generated by the installation of some software packages.

2.3. Frauds Against Society

Frauds against society include the following classifications:

1. Cyber pornography: Cyber pornography is the act of using cyberspace to

create, display, distribute, import, or publish pornography or obscene
materials without consent. With the advent of cyberspace, traditional

13 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

pornographic content has now been largely replaced by online/digital

pornographic content. It can also involve using cyber space for circulating
obscene materials depicting children engaged in sexual acts with adults,
which is known as child pornography or Child Sexual Abuse Material
(CSAM). It Involves circulation of such content through e-mail, website,
chatting and other forms over the Internet. Cyber pornography is a criminal
offense, classified as causing harm to persons.
2. Cyber Terrorism; Cyber terrorism refers to a criminal act committed by
the use of computers and telecommunication capabilities that result in
violence, destruction and/or disruption of services to create fear within a
given population. It is often intended to influence a government or
population to conform to a particular political, social or ideological agenda.

Modus Operandi: It is carried out to achieve the following outcomes:

• Data Leakage
• Data Spying
• Scavenging
3. Cyber Warfare; Cyber warfare encompasses all the actions and processes
that aim to attack a nation to cause harm that is comparable to traditional
warfare.

Modus Operandi: It is carried out to achieve the following outcomes:

• Espionage
• Sabotage
• Electrical Power Grid attacks
• Propaganda
• Economic disruption
• Denial of Service attacks

14 | P a g e
Introduction to Cyber Crimes and Cyber Crime Investigation

15 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

3. Most Common Types of Financial Frauds

Financial frauds can be committed against individuals, organisations and society.
Let’s learn about some of the most commonly occurring financial frauds, which are:

1. UPI fraud: Hacker sends "request money" links to the customer and when
the customer clicks on the link the amount gets deducted from their UPI
account.

2. E-wallet fraud: The customer receives a call, SMS or email from a fraudster
claiming to be from the wallet firm to either confirm KYC details or encash
offers.

3. Debit/Credit Card frauds: The criminal misuses your credit/debit card

details for unauthorised transaction or extracting money from your account.

4. OTP frauds: OTP or One Time Password and is enabled by a Bank for
verifying whether the transaction is initiated by the user or not. On sharing the
OTP, the criminal would get access to your account and can complete the
transaction.

5. Net banking related fraud: The hacker misuses your login credentials for
unauthorised transaction or to withdraw money from your bank account.

6. Ponzi schemes: A phishing or a fraudulent investing scam wherein funds are

taken from new investors to pay fake “returns” to earlier investors.

7. Ransomware: Ransomware is extortion software that encrypts your

computer files and then demands a ransom for its release.

Types of Cyber Criminals

Knowing what type of criminal, you are dealing with helps you use the right strategy for
investigation. We can categorise criminals as Individual, oraganised, and sponsored.
These are explained further below

16 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

1. Individual criminal

They are single individuals distributing malicious or illegal information online,

which may include:

• Identity theft
• Bullying
• Cyberstalking
• Distribution of pornography content
• Trafficking
2. Organized criminals: They are involved in various crimes such as frauds,
hacking, DDoS attacks, blackmail, malware creation, distribution & intellectual
property crime. They utilise Information and Communication Technology (ICT)
to facilitate organised crime activities.
3. Sponsored criminals: Sponsored criminals are individuals or a group of cyber
criminals, who may have a sponsorship by a particular organisation or group to
conduct an attack. They use advanced persistent threat attack methods to gain
access to an unauthorised system or network

17 | P a g e
Introduction to Cyber Crimes and Cyber Crime Investigation

18 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

4. Investigation of Cyber Crimes

4.1. Process Flow of Cyber Crime Investigation
The cybercrime investigation process includes various steps starting from initial
screening, secret investigation, on-site investigation and arrests. The steps for
Cyber Crime investigation process are:

1. Primary data sourcing and collection

2. Primary data study and further collection and sourcing
3. Further Investigation
4. Suspects arrest and evidence collection
5. Follow-up

4.2. Challenges to Cyber Crime Investigations

Some of the key challenges of cyber-crime investigation include the following:

• Anonymity enables individuals to commit crimes without revealing their

identity.
• Digital evidence is extremely fragile and easy to tamper with.
• Lack of adequate knowledge and training of security personnel’s and
investigators.
• The lack of harmonized national cyber-crime laws and international
standardization of evidentiary requirements

4.3. Safeguarding from Cyber Crimes

Some of the precautions that we can adopt to safeguard ourselves from cyber-
crime include the following:

• Think twice about using public Wi-Fi.

• Take a periodic backup of your information and data.
• Use strong passwords and keep your systems up to date.
• Avoid clicking on any untrusted links or download files that are not
required.

19 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

• Ensure you have an up-to-date anti-virus on your system.

• Keep all personal information private on social media.
• Avoid scanning untrusted QR codes and giving out OTP’s or PIN’s of
your cards to anyone.

20 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

5. The Nodal Agencies in India

Some of the Nodal agencies in India are described in brief below. These include the
following:

a. CERT-IN: In recent IT Act Amendment 2008, CERT-IN has been designated to

serve as the National Agency to perform the following functions in cyber security.
• Collection, analysis and dissemination of information on cyber incidents
• Forecast and alerts of cyber security incidents
• Emergency measures for handling cyber security incidents
• Coordination of cyber incident response activities
• Issue guidelines, advisories, vulnerability notes and whitepapers relating to
information security practices, procedures, prevention, response and reporting
cyber incidents
• Such other functions relating to cyber security may be prescribed
b. RBI: The RBI's IT Subsidiary is responsible for IT requirements of the RBI,
including cybersecurity, with the objective of protecting the banking sector and its
customer with measures such as:
• To enhance the resilience of the banking system to cyber threats by improving
the current defences in addressing cyber risks.
• To push for internal audits/information system audits to independently
provide assurance that IT-related processes and controls are working as
intended.
• To improve controls and examine the need for pro-active fraud assessment and
management processes in commercial banks.
• To examine the legal implications for banks arising out of cyber laws and steps
that were required to be taken to suitably mitigate legal risks.
c. SEBI: SEBI (Security and Exchange Board of India) Responsibilities
• To engage in a detailed discussion along with the Technical Advisory
Committee (TAC) with MIIS (Market Infrastructure Institutions) to develop
necessary guidance in the area of cybersecurity and cyber resilience.

21 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

• Quarterly review the implementation of the cyber security and resilience policy
by the Oversight Standing Committee Technology of the stock exchanges and
of the clearing corporations and the IT strategy committee.
• Quarterly reports containing info on cyber-attacks and threats and what
measures were taken to mitigate these threats and vulnerabilities
d. NCIIPC: NCIIPC (National Critical Information Infrastructure Protection
Centre) Responsibilities include the following:
• To facilitate safe, secure and resilient information infrastructure for Critical
Sectors of the nation.
• To take all necessary measures to facilitate protection of Critical info
infrastructure from unauthorised access, modification, use, disclosure,
disruption, incapacitation or destruction through coherent coordination,
synergy and
• To revamp cyber security apparatus of critical infrastructures in India, such as
power, transportation, water, telecommunication and defence.
• To install sensors on all critical systems to give real-time info to its command
and control centre about any cyber-attacks to formulate quick response
e. MHA- CIS (Cyber & Information Security Division): Some of the divisions
of the MHA-CIS are as follows:
i. CIS-I Desk: Co-Ordination Wing
• Co-ordination within the Division.
• Co-ordination within the Division.
• Parliament Questions, RTI applications, Public Grievance, etc. not
pertaining to any specific desk of CIS Division.
• Miscellaneous reports, viz. Monthly Reports, Quarterly Reports, Annual
Report, etc.
ii. CIS-II Desk: Cyber Crime Wing
iii. CIS-III Desk: Information Security
iv. CIS-IV Desk: Monitoring Unit
v. I4C: Indian Cyber Crime Coordination Center
vi. NCCC

22 | P a g e
 Introduction to Cyber Crimes and Cyber Crime Investigation

6. Do’s and Don’ts for Cyber Crime Investigation

Do’s: Some of the major do’s for cyber-crime investigation include the following:

• Hire or obtain an independent expert dealing in computer forensic.

• Identify what to look for in the evidence and how the data relates to crimes
and innocence.
• Obtain consent from the person or organisation before you search their
electronic devices.

Don’ts: Some of the major don’ts for cyber-crime investigation include the following:

• The evidence collected for investigation must not be tampered in any form.
• The entire investigation must be done without any bias towards any of the
parties, organizations or people.
• Don’t derive conclusions based on the insight gained from one evidence.

23 | P a g e
Introduction to Cyber Crimes and Cyber Crime Investigation

24 | P a g e