Top 5 Cybercrimes: Understanding Today’s Most Pervasive Online Threats

Cybercrime cost U.S. businesses over $450 billion in 2024, a significant increase over the last several years.(1) Experts expect those costs to quadruple to over $1.8 trillion by 2028.

Cybercrime creates a ripple effect, where a company’s compromised security directly impacts the lives of individuals. A data breach, often triggered by a simple email, can lead to millions in losses for a business, while simultaneously exposing its employees and customers to threats like sextortion, resulting in personal and professional devastation.

Combating cybercrime presents a formidable challenge as the technologies and techniques of cybercriminals continue to evolve as fast as security companies can keep up.

Understanding the nature and types of cybercrime, including the threats targeting businesses and individuals, is key to a proactive security. This approach to cybersecurity prioritizes prevention before damage control.

Let’s examine the five most pervasive types of cybercrime today and explore protection strategies to avoid them.

Phishing and Social Engineering

You get an email notice from your bank about a suspicious purchase. But when you click on the link, malware infects your computer. The message wasn’t from your bank at all, but a cybercriminal who tricked you with social engineering. Phishing attacks happen every day and are incredibly easy to fall for. Awareness is key to prevention.

What is Phishing?

Phishing is a type of cybercrime where criminals use deceptive emails, text messages, or phone calls to trick victims into revealing passwords, credit card details, or personal data. The attacker’s goal is to steal money, gain access to sensitive data and login information, or install malware on a device.

Scammers will impersonate reputable businesses and authority figures to try to trick you. The messages tend to have a sense of urgency to nab their targets.

Social Engineering Techniques

Through social engineering, hackers manipulate human psychology to gain access to sensitive information or steal money. In pretexting attempts, they’ll fabricate a believable scenario to trick you into revealing personal data or clicking a malicious link. They may pretend to be your boss with an urgent request. They may pose as a relative desperately in need of financial help.

Other techniques include baiting, where the scammer lures the victim with enticing offers or fake rewards, and quid pro quo, where they offer a seemingly legitimate service in exchange for sensitive data or money.

How to Prevent Phishing Attacks

To prevent phishing attacks:

• Always verify the sender’s identity before clicking links or downloading attachments, especially if the message or email is unsolicited.
• Be wary of urgent language, misspellings, and suspicious email addresses.
• Never provide sensitive info like passwords or financial details in response to a text or email.
• Enable two-factor authentication across all accounts and never share the codes with anyone in a text, email, or voice call.

Ransomware Attacks

Ransomware is a type of cybercrime that uses malware to prevent you from accessing your device or the data stored on it, usually by encrypting the files. The attacker will then demand a ransom in exchange for the decryption key.

Ransomware is most commonly delivered by:

• Email phishing
• Vulnerabilities in outdated or unpatched software
• Weak passwords
• Remote Desktop Protocol (RDP) with weak security
• Malicious websites

The Impact of Ransomware on Individuals and Businesses

Ransomware can have devastating financial impacts on individuals and businesses. It can shut down entire hospitals or banking systems on a whim. A 2017 ransomware attack cost Maersk, the largest container shipping company in the world, $300 million when it was forced to shut down critical systems.(2)

Malware Prevention and Mitigation

To prevent ransomware attacks:

• Keep software, operating systems, and anti-virus programs up to date.
• Avoid clicking on suspicious links or downloading attachments from unknown sources.
• Regularly back up data to an offline or cloud-based storage system.
• Use strong, unique passwords with multi-factor authentication established on all accounts.
• Implement employee training on cybersecurity best practices.
• Establish a company-wide incident response plan on what to do in the event of an attack.

Sextortion

Sextortion is a type of online blackmail where the scammer threatens to release sexually sensitive material if certain demands aren’t met, usually money. It’s an emotionally devastating crime that can have serious impacts on the victim’s mental health and reputation.

Common Sextortion Tactics and Scenarios

Sextortionists will use social media, dating apps, and messaging platforms to target victims. They’ll often establish fake profiles and catfish the victim into believing they’re someone else, typically someone beautiful. The scammer can be highly manipulative and trick the victim into sharing sexually sensitive content. Once shared, the sextortion begins with immediate threats and demands for payment.
How to Prevent and Respond to Sextortion

To prevent sextortion, be cautious about sharing explicit content online, even to trusted individuals. Be wary of strangers who try to befriend you, especially if they request private photos or video calls immediately after meeting. Set social media profiles to private so only people you know can see your content.

If you become a victim of sextortion:

• Do not engage the blackmailer, as this can escalate the situation.
• Never block the scammer, because this can prompt them to retaliate out of revenge.
• Do not pay the blackmailer, as this almost always escalates into demands for excessive payment.
• Delay the scammer by telling them you need more time to make payment.
• Report the sextortion to authorities and platform administrators.
• Seek help from a professional who can prevent exposure.

Identity Theft

Attackers can steal personal information through data breaches, phishing, social engineering, and malware. With this data they can steal your identity and impersonate you for financial fraud and other crimes.

Impact on Victims

Victims of identity theft face severe financial, emotional, and reputational damages. It can take years to recover. Those impacted may suffer credit damage, be denied loans, or face difficulties securing employment.

Prevention and Recovery

How to prevent identity theft:

• Be cautious when sharing personal details on social media.
• Monitor credit reports and financial accounts for purchases you didn’t make.
• Keep software and antivirus programs up to date.
• Use encryption on all devices.
• Maintain strong passwords on all accounts and devices.

How to recover from identity theft:

• Report the theft immediately to the Federal Trade Commission (FTC) at www.IdentityTheft.gov.
• Notify financial institutions and credit bureaus.
• Dispute fraudulent charges by contacting the business where they occurred.
• Change all passwords and enable two-factor authentication.
• Regularly review credit reports and financial accounts for new suspicious activity.

Business Email Compromise (BEC)

Business email compromise (BEC) is a type of cybercrime where scammers impersonate executives, employees, or trusted business partners to trick organizations into transferring funds or sensitive information.

Attackers gain access to a company’s email system through phishing, social engineering, or malware, and then monitor communications to identify financial transactions or key personnel. They’ll craft compelling emails that seem legitimate to trick employees to wire money or share confidential data.

Prevention and Detection

How to prevent BEC attacks:

• Use multi-factor authentication for all email accounts.
• Enable email filtering to detect and block phishing attempts.
• Train employees on cybersecurity awareness.
• Maintain strong financial transaction policies with a dual approval process.
• Implement verification procedures for any changes to the payment accounts of vendors.
• Limit payment access to only authorized personnel.

How to detect BEC attacks:

• Look for unexpected or urgent requests for wire transfers and financial information.
• Detect emails with spoofed domains.
• Be wary of emails that have sudden tone or language changes from known contacts.
• Verify suspicious requests by calling the sender on a known phone number.
• Look for grammatical errors, inconsistencies, or slightly altered email addresses.
• Regularly review bank activity for unauthorized transfers.

Report Cybercrime to the Authorities

It’s critical to report instances of cybercrime to the authorities. This starts a paper trail that law enforcement can use to prosecute the scammer. Contact your local police and the FBI. You can report instances to the FBI through the Internet Crime Complaint Center (IC3), the FBI’s central hub for reporting internet-related crime.

How Digital Investigation Inc. Can Help

At Digital Investigation Inc., we help businesses and individuals investigate and resolve cybercrime cases.

Our cyber experts specialize in digital forensics, data recovery, and incident response. We can identify the attack, gather evidence of the crime, and protect your systems from additional infiltration. We’ll help you mitigate the damage, detect additional vulnerabilities, and prevent this from ever happening again. We can help provide employee training on cybersecurity best practices.

Contact us today.

Sources:

1. Statista. (Feb 3, 2025). Cybercrime costs in the United States from 2015 to 2025.
2. International Accounting Bulletin. (April 2, 2024). The 5 costliest cyber-attacks of all time.