frame full length answers of these questions from

pdfs:
Cyber security and Laws Question bank 1.What is cyber crime? Explain the types of Cyber Crime. 2. State
the need of Computer Security. 3.List types of attacks. Explain back doors and trap doors attacks. 4.
Describe the following attacks 1. Sniffing 2. Snooping. 5.Explain active attack and passive attack with
suitable example. 6. Describe the following terms w.r.t cyber laws: i) IT Act, 2000 ii) IT Act, 2008 7.Explain
the concept of hacking. 8.Explain DOS. 9.Explain in detail Information Security Policy. 10. What is cyber
stalking? Explain in brief. 11. Explain the concept of social engineering. 12. Write a short note on social
engineering prevention. 13. What is Botnet? Explain in brief. 14. Write a short note on baiting. 15. Explain
spear fishing attacks. 16. Explain phishing and identity theft in detail. 17. Explain the scareware scams.

Here are full-length, structured answers to your Cyber Security and Laws question bank based on
authoritative textbook and lecture content from the provided PDFs and academic sources:

1. What is Cybercrime? Explain the types of Cyber Crime.

Cybercrime refers to any criminal activity that either targets or uses a computer, a computer network, or
a networked device. It can affect individuals, businesses, and governments, and can be committed by
various actors ranging from individuals to organized groups.[1]

Types of Cyber Crime:

• Financial Crimes: Online frauds, phishing for banking credentials, credit card theft.

• Identity Theft: Stealing personal data to masquerade as another person.

• Hacking: Unauthorized access to computer systems.

• Cyber Terrorism: Attacks designed to cause fear or harm, targeting critical infrastructure.

• Online Fraud: Deceptive activities for unlawful gain.

• Denial of Service (DoS): Disabling services by overwhelming resources.

• Malware Attacks: Spreading malicious software such as viruses, worms, and Trojans.

• Cyber Extortion: Threatening harm unless payment is made.

• Cyber Stalking and Harassment: Using digital means to stalk or harass individuals.
 • Software Piracy: Illegal copying and distribution of software.[2][1]

2. State the need of Computer Security.

Computer security is essential to:

• Protect Confidentiality: Prevent unauthorized access to sensitive data.

• Maintain Integrity: Ensure that information is accurate and not altered by unauthorized
individuals.

• Ensure Availability: Make sure resources are available to authorized users when needed.

• Prevent Financial Loss: Cyber attacks can cause direct and indirect financial damage.

• Safeguard Reputation: Data breaches can severely harm an organization’s image.

• Comply with Regulations: Laws like GDPR, IT Act, etc., mandate data protection measures.[1]

3. List types of attacks. Explain back doors and trap doors attacks.

Types of Attacks:

• Passive Attacks (e.g., eavesdropping, traffic analysis)

• Active Attacks (e.g., DoS, masquerade)

• Insider and Outsider Attacks

• Malware-based Attacks (viruses, worms, Trojans)

Back Doors and Trap Doors:

• Backdoor (Trapdoor) is a hidden method for bypassing normal authentication and gaining access
to a system. Developers might install backdoors for legitimate support but attackers exploit these to
maintain unauthorized access. Attackers can use tools like Back Orifice or NetBus to create
backdoors.[3][4][1]

4. Describe the following attacks:

1. Sniffing

• Sniffing is a network attack where the attacker captures data packets traversing a network. It
mainly threatens confidentiality, aiming to obtain sensitive data (e.g., passwords, emails). Tools and
techniques include packet sniffers operating in promiscuous mode.[5]

2. Snooping

• Snooping means unauthorized access to private data during transmission or while stored. Sniffing is
a form of snooping focusing on network traffic, but snooping can include reading files, emails, or
chats on compromised computers as well.

5. Explain active attack and passive attack with suitable examples.

Active Attack: The attacker attempts to alter system resources or affect system operations.

• Example: Modifying message contents, DoS attack, injecting malware.[1]

Passive Attack: The attacker intercepts data without modifying it.

• Example: Eavesdropping on unencrypted Wi-Fi traffic to collect passwords.[1]

6. Describe the following terms w.r.t cyber laws:

i) IT Act, 2000

• Enacted to provide legal recognition to electronic transactions and digital signatures.

• Details penalties for cybercrimes like hacking, publishing obscene content, and more. It applies
across India and to offenses by individuals outside India targeting Indian resources.[6][7]

ii) IT Act, 2008 (Amendment)

• Updated to include offenses like cyber terrorism, child pornography, and authorized an Inspector to
investigate certain offenses. Enhanced definitions, penalties, and expanded coverage to new-age
cybercrime scenarios.[7]
7. Explain the concept of hacking.

Hacking is the act of gaining unauthorized access to data in a system or computer. The aim can be data
theft, system disruption, or just curiosity. Hackers exploit vulnerabilities to bypass security measures and
gain control over systems.[1]

8. Explain DOS (Denial of Service).

Denial of Service (DoS): An attack designed to make a machine or network resource unavailable to its
intended users by overwhelming it with a flood of illegitimate requests, thus disrupting normal service.
Distributed DoS (DDoS) uses multiple systems to attack a single target, making defense more difficult.[1]

9. Explain in detail Information Security Policy.

Information Security Policy is a formal set of rules and guidelines set by an organization to ensure
correct and secure use of its information assets.

• Regularly updated to address new threats.

• Addresses virus protection, firewall use, intrusion prevention, device and application controls.

• Essential for efficiency, accountability, compliance, and employee security awareness.[1]

10. What is cyber stalking? Explain in brief.

Cyber stalking involves using digital communication tools to stalk or harass an individual or
organization. It can include sending threatening emails, monitoring online activity, or using social media
to intimidate victims.[2]

11. Explain the concept of social engineering.

Social engineering refers to manipulating individuals into divulging confidential information, usually by
exploiting human psychology rather than technical hacking techniques. Examples include phishing,
pretexting, and baiting.[8]
12. Write a short note on social engineering prevention.

Prevention measures include:

• Security awareness training.

• Never sharing passwords or personal info with unverified sources.

• Implementing strict access controls and verification policies.

• Reporting suspicious activities promptly.[8]

13. What is Botnet? Explain in brief.

A Botnet is a network of private computers infected with malicious software and controlled as a group
without the owners’ knowledge. Used to launch coordinated attacks like DDoS, spam distribution, or data
theft.[1]

14. Write a short note on baiting.

Baiting is a social engineering ploy where attackers lure victims into taking certain actions by offering
something enticing (e.g., "Free USB drive" loaded with malware). It exploits psychological curiosity or
greed.[8]

15. Explain spear phishing attacks.

Spear phishing is a targeted form of phishing where attackers tailor messages to a specific individual or
organization, often impersonating trusted contacts to trick victims into revealing credentials or installing
malware.[9][10]

16. Explain phishing and identity theft in detail.

Phishing: Mass attacks via emails or messages tricking people into providing sensitive data (e.g.,
passwords, credit card info) by masquerading as legitimate entities. These may redirect to fake sites or
steal info directly.[8]

Identity Theft: Occurs when attackers use stolen personal information to impersonate someone, often
obtained through phishing, for financial gain or other malicious purposes.[1]

17. Explain the scareware scams.

Scareware refers to deceptive software that tricks users into thinking their computer is infected, then
prompts them to pay for fake or unnecessary software to "fix" the issue. Victims may end up installing real
malware or losing money.[1]

Each answer is based on validated content from academic PDFs and cybersecurity textbooks and
referenced according to your question bank structure.[4][10][6][7][3][5][9][2][8][1]

answer these based on pdfs. 1.What is cyber crime?

Explain the types of Cyber Crime. 2. State the need of
Computer Security. 3.List types of attacks. Explain
back doors and trap doors attacks
Here are detailed answers based strictly on the attached PDFs:

1. What is cyber crime? Explain the types of Cyber Crime.

Cybercrime is any illegal act where special knowledge of computer technology is essential for its
perpetration, investigation, or prosecution. It encompasses traditional crimes committed digitally (like
fraud or theft using computers), as well as new offenses that specifically exploit computer systems and
data. Essentially, cybercrime is any illegal behavior, directed by electronic means, targeting the security of
computer systems, networks, or the data processed by them.[22]

Types of Cyber Crime

Cybercrimes are classified based on their targets:

a) Crimes Against Individuals

• Phishing: Trick individuals into giving sensitive data like passwords (e.g., fake bank email).

• Cyberstalking: Harassment or monitoring using digital means.

• Identity Theft: Stealing personal data for fraud.

• Online Defamation: Publishing false content to harm someone’s reputation.

• Email Spoofing: Sending emails that appear from legitimate sources.

• Spamming: Sending unwanted/junk emails.

• Computer Sabotage: Using malware to destroy personal computers or data.

• Password Sniffing: Software secretly collects passwords and usernames.[22]

b) Crimes Against Property

• Hacking: Unauthorized access to data or systems (e.g., breaking into a company server).

• Ransomware: Locking files and demanding payment.

• Online Fraud: Fake online sales or scams.

• Cyber Vandalism: Defacing websites or altering files.

• Intellectual Property Crimes: Stealing patents, copyrights, or trademarks.[22]

c) Crimes Against Organization

• Corporate Espionage: Stealing trade secrets.

• Denial of Service (DoS/DDoS) Attacks: Flooding systems to make services unavailable.

• Data Breaches: Leaking customer or company data.

• Salami Attacks: Stealing very small amounts across many transactions, accumulating significant
losses.
 • Logic Bombs: Malware activated by specific conditions, leading to sabotage.

• Data Diddling: Illegally modifying data at input or before processing for personal gain.[22]

d) Crimes Against Government/Society

• Cyber Terrorism: Attacks to disrupt or intimidate governments or the public (e.g., hacking
government infrastructure).

• Cyber Warfare: State-sponsored attacks against other nations.

• Defacing Political Sites: Hacking political web platforms for sabotage.

• Spreading Fake News: Disinformation to influence society or policy.

• Forgery: Falsifying digital documents for fraud (e.g., modifying scanned cheques).[22]

2. State the need of Computer Security.

Computer security is crucial for several reasons:

• Protection of Confidentiality: Prevents unauthorized access and protects sensitive data from theft
(personal, financial, intellectual property).

• Integrity: Maintains accuracy and trustworthiness of data by preventing unauthorized alterations.

• Availability: Ensures that computer systems and data are available to authorized users when
needed.

• Authentication and Authorization: Ensures only validated and permitted individuals gain access
to resources.

• Preventing Loss (Financial or Reputation): Security lapses can cause loss of money and public
trust.

• Legal Compliance: Compliance with acts like the IT Act, 2000 is mandatory for organizations.[22]

• Non-Repudiation: Guarantees that the origin of data or communication cannot be denied.

• Prevention Against Cyber Attacks: As digital transformation grows, threats like malware,
ransomware, phishing, denial of service, and data breaches require robust security.[22]
3. List types of attacks. Explain back doors and trap doors attacks.

Types of Attacks

Attacks on computer systems and networks are broadly classified as:

• Passive Attacks: Gathering information without the victim’s knowledge (e.g., eavesdropping,
sniffing, traffic analysis).[23]

• Active Attacks: Attempting to change system resources or data (e.g., DoS attack, masquerade,
session hijacking).[23][22]

• Insider Attacks: Carried out by trusted users within the organization who misuse access rights.

• Outsider Attacks: Attacks by unauthorized users/external sources.

Some specific types:

• Sniffing and Snooping: Monitoring traffic or data.

• Man-in-the-Middle: Intercepting communication flows.

• Brute Force: Trying all possible combinations to crack credentials.

• Phishing, Social Engineering, Malware Attacks: Deception or malicious software exploitation.

• DoS/DDoS: Overloading systems to deny service.

Back Doors and Trap Doors Attacks

Back Door/Trap Door:

A back door (also known as a trap door) is a hidden access point or method intentionally built into a
computer program or system by developers, which allows bypassing normal authentication and gaining
unauthorized access. Attackers can exploit these for future entry into the system after initial
compromise.[23]

• How it Works: Back doors are often left for legitimate reasons (debugging, maintenance), but if
discovered or inserted by attackers, they become serious security risks. Once a back door is
established, an attacker can enter at will, bypassing normal security mechanisms.

• Risks: Once such access is obtained, attackers can install malware, steal data, or manipulate
systems undetected.

• Example: A developer implements a secret account or password; if discovered by a hacker, this

allows total control without detection.[23]
References:
All information is derived and paraphrased from the provided PDFs: csl_unit1.pdf and
cybersecurity_unit2_notes.pdf. For technical examples and digital attack classifications, refer directly to
Section "Classification of Cybercrime," "Types of Attacks," and "Backdoor/Trap Door" discussions in these
documents.[23][22]

Describe the following attacks 1. Sniffing 2.

Snooping. 5.Explain active attack and passive attack
with suitable example. 6. Describe the following
terms w.r.t cyber laws: i) IT Act, 2000 ii) IT Act, 2008
Here are detailed answers to your questions based on the attached PDFs:

1. Describe the following attacks

1. Sniffing

Sniffing is an attack in which an attacker passively monitors network traffic to gather sensitive
information such as usernames, passwords, emails, and confidential data. Sniffers are special tools or
software (like Wireshark) that capture data packets transmitted over a network. Attackers use sniffing
tools especially in unencrypted networks (such as public Wi-Fi) to intercept data flowing between devices
and servers. The information collected can be used for further attacks such as identity theft, intrusion, or
financial fraud. In mobile environments, packet sniffers can monitor Bluetooth/Wi-Fi traffic and capture
sensitive credentials during communication.[25]

2. Snooping

Snooping refers to unauthorized access and monitoring of someone else’s data, emails, chats, or files —
either while stored on a device or as it's being transmitted across a network. This can be done physically
(accessing someone’s device without consent) or digitally (eavesdropping on data over a network).
Snooping can occur through malware or spyware installed on devices, or by exploiting vulnerabilities in a
network or service. Both snooping and sniffing breach confidentiality and privacy, but snooping generally
refers to any unauthorized monitoring, not just at the network packet level.[25]

2. Explain active attack and passive attack with suitable example.

Active Attack

In an active attack, the attacker actively tries to alter system resources, data, or network operations. It's
intrusive and can disrupt normal functioning.

Example:
A hacker launches a Denial of Service (DoS) attack, flooding a web server with requests to exhaust its
resources and make it unavailable to legitimate users. Another example is changing the content in transit
between sender and receiver (e.g., altering a bank transaction).[26][25]

Passive Attack

A passive attack involves intercepting or monitoring communications or data without altering them. The
aim is to gather information silently, often to prepare for later attacks.

Example:
Eavesdropping on wireless network traffic (using sniffing tools) to collect credentials or confidential data
without detection. Reading unencrypted emails while they are being sent over a network also constitutes
a passive attack.[25]

3. Describe the following terms with respect to cyber laws

i) IT Act, 2000

The Information Technology (IT) Act, 2000 is India’s primary law for cybercrime, electronic commerce
(e-commerce), digital signatures, and data protection. Key objectives and features are:

• Provides legal recognition to electronic transactions and digital signatures.

 • Defines and penalizes various cybercrimes including hacking, identity theft, cyber terrorism, and
cyberstalking.

• Enables electronic filing of documents and electronic fund transfers in banking.

• Establishes regulatory authorities and a Cyber Appellate Tribunal for resolving cyber-related
disputes.

• Recognizes digital documents and electronic evidence in courts.

• Amends existing laws (like the IPC, Evidence Act, RBI Act) for digital environments.[26]

Key sections:

• Section 43: Unauthorized access, data theft, and introduction of viruses.

• Section 65-66: Tampering with source code, hacking, and destruction of data.

• Section 66C-66D: Identity theft and cheating by impersonation using computer resources.

• Section 66F: Cyber terrorism.

• Section 67/67A: Publishing or transmitting obscene content electronically.

ii) IT Act, 2008 (Amendment)

The IT Act, 2008 is an amendment to the original Act, passed to address newer forms of cybercrime and
strengthen security measures:

• Introduces new offenses like cyber terrorism, child pornography, and phishing.

• Authorizes “Inspector” level officers to investigate certain cyber offenses.

• Expands definitions, adds stricter penalties, and brings clarity to terms like intermediary liability.

• Covers current technologies, social media, and digital content platforms with new compliance
rules.[26]

• Section 66A (struck down in 2015) previously criminalized “offensive messages,” but was declared
unconstitutional by the Supreme Court, enhancing freedom of speech protections.

References:
All explanations are based strictly on your attached notes (see “cybersecurity_unit2_notes.pdf” and
“csl_unit1.pdf”), covering legal provisions, technical details, and thorough definitions as per your
curriculum requirements.[26][25]

7.Explain the concept of hacking. 8.Explain DOS.

9.Explain in detail Information Security Policy.
Here are comprehensive answers based on your attached PDFs:

7. Explain the concept of hacking.

Hacking refers to the act of gaining unauthorized access to computers, networks, or data. A hacker uses
technical knowledge and skills to exploit vulnerabilities in systems, bypassing security mechanisms to
obtain information, disrupt operations, or commit fraud. Hackers may use a variety of techniques like
brute force (trying many combinations of passwords), exploiting software bugs, or social engineering
(tricking people into revealing passwords). While some hackers (white-hat/ethical hackers) work to
improve security, “black-hat” hackers target systems for personal or malicious gain. Crackers are a
subgroup focused specifically on breaking into systems and causing harm.[28][29]

Example:
A black-hat hacker breaks into a company’s e-mail server to steal confidential information.
A white-hat hacker is legally hired to find vulnerabilities and report them without exploitation.[29][28]

8. Explain DOS.

A Denial of Service (DoS) attack is an explicit attempt to make a computer system or network resource
unavailable to its intended users by overwhelming it with a flood of superfluous requests, thereby
disrupting normal service. The main aim is to exhaust the system’s resources (like bandwidth, CPU, or
memory), causing slowdowns or a complete shutdown.

Types of DoS Attacks:

• DoS: Single source floods the victim with traffic.

 • DDoS (Distributed Denial of Service): Multiple sources (often botnets) attack simultaneously,
making it difficult to block the attack by simply filtering a single IP.

Example:
Flooding a web server with millions of requests so that legitimate users cannot access the website. In
mobile environments, attacks may target telecom networks, leading to unavailability of services for phone
users.[28][29]

9. Explain in detail Information Security Policy.

An Information Security Policy is a documented set of rules, procedures, and guidelines established by
an organization to ensure the proper use and protection of its information assets. It forms the backbone
for managing information security and protecting sensitive information from unauthorized access, use,
disclosure, or destruction.

Key Elements:

• Purpose: Outlines why the policy exists; commonly to protect confidentiality, integrity, and
availability of information.

• Scope: Specifies what information, departments, and systems are covered.

• Objectives: Define what the policy intends to achieve (e.g., regulatory compliance, protection of
customer data).

• Roles & Responsibilities: Assigns duties for implementing and maintaining security (e.g., security
officers, IT admins, end-users).

• Access Control: States who can access what, and under which circumstances—includes password
management, login procedures, and privilege assignments.

• Acceptable Use: Guidelines for how organizational IT resources and data may be used.

• Incident Response: Procedures for reporting and responding to security breaches or violations.

• Enforcement & Sanctions: Consequences for violating the policy.

• Awareness and Training: Ensures users are trained in security best practices and policy
awareness.

• Review & Update: Establishes regular reviews to update policy as threats and business needs
change.
Example:
A hospital’s information security policy mandates all patient data must be stored encrypted, access is
restricted to authorized medical staff, and any breach must be reported within 24 hours.[29][28]

All responses are paraphrased and constructed strictly from your course/unit PDFs as requested.[28][29]

give full length answers for with points:

10. What is cyber stalking? Explain in brief. 11. Explain the concept of social engineering. 12. Write a
short note on social engineering prevention. 13. What is Botnet? Explain in brief

Here are full-length answers, structured with key points, based solely on your attached PDFs:

10. What is cyber stalking? Explain in brief.

Cyberstalking is the use of the internet or other electronic means to stalk, harass, or intimidate an
individual, a group of individuals, or an organization.

Key Points:

• Definition: Cyberstalking involves behaviors such as false accusations, monitoring, threats, identity
theft, damage to data/equipment, solicitation of minors, or gathering personal information for
harassment.

• Medium: The main platforms are emails, chat rooms, instant messaging, websites, and social media.

• Types of Stalkers:

o Online stalkers interact directly with victims, often using email or chat rooms.

o Offline stalkers monitor victims without direct interaction, using information found online.

• Intention: The goal is to control, intimidate, or influence the victim.

• Impact: Victims may suffer emotional distress, embarrassment, financial loss, threats to physical
safety, or loss of reputation.
 • Examples: Sending repeated threatening emails or messages, posting false information on social
media, or tracking someone’s online activities without consent.[31]

11. Explain the concept of social engineering.

Social engineering is the art of manipulating people to disclose confidential information or perform
actions that compromise security.

Key Points:

• Exploits Human Nature: Rather than exploiting system vulnerabilities, attackers manipulate the
natural trust or fear of people.

• Techniques Include:

o Impersonating trusted staff (e.g., IT support)

o Using pretexts to trick users (e.g., fake emergencies)

o Urgent requests for passwords or sensitive info

o Phishing emails or phone calls

o Shoulder surfing, dumpster diving

• Classification:

o Human-Based: Direct interaction (calls, face-to-face)

o Computer-Based: Indirect attacks (phishing emails, malicious attachments)

• Goal: Obtain sensitive data (passwords, banking info) or unauthorized access by building
inappropriate trust or exploiting lack of awareness.[31]

12. Write a short note on social engineering prevention.

Preventing social engineering requires a blend of technical and human measures:

• Awareness Training: Regularly educate all staff on the nature and risks of social engineering,
including phishing simulations and case studies.

• Strong Verification Procedures: Never give out sensitive information (like passwords or PINs) to
unverified contacts. Always confirm identity, especially for unusual requests.
 • Clear Security Policies: Establish and enforce robust security policies regarding information
sharing, password management, and handling of confidential documents.

• Reporting Mechanisms: Provide easy, accessible reporting procedures for suspicious emails, calls,
or behavior.

• Email and Web Filters: Use security tools to detect phishing attempts or malicious links.

• Encourage Caution: Remind employees never to click on unknown links, download random
attachments, or trust urgent requests without verification.

• Physical Security: Prevent shoulder surfing and restrict access to sensitive information and
equipment.[31]

13. What is Botnet? Explain in brief.

A Botnet is a network of computers (often called “zombies” or “bots”) infected with malicious software
and remotely controlled by a cybercriminal (the “botmaster”).

Key Points:

• Infection: Computers become bots when they are compromised by malware (via emails, infected
websites, downloads, or malicious ads).

• Central Control: All bots receive commands from a command-and-control (C&C) server operated
by the attacker.

• Uses:

o Launching Distributed Denial of Service (DDoS) attacks

o Sending large volumes of spam

o Distributing malware to new victims

o Stealing data from infected systems

• Stealth: Most victims do not realize their machines participate in a botnet.

• Example: The Mirai Botnet infected IoT devices like routers and cameras, using them for powerful
DDoS attacks on global infrastructure.[31]
All content above is paraphrased directly from your study materials and reflects the curriculum-specified
definitions, examples, and key points for clarity and exam readiness.[31]

give full length answers for:

14. Write a short note on baiting. 15. Explain spear fishing attacks. 16. Explain phishing and identity
theft in detail. 17. Explain the scareware scams.

Here are full-length answers based on your attached documents:

14. Write a short note on baiting

Baiting is a type of social engineering attack where the attacker offers something enticing to the victim in
order to lure them into a trap. The bait could be physical, like leaving a malware-infected USB drive
labeled “Confidential” for someone to pick up and use, or digital, such as offering free music downloads or
movie streaming links that actually lead to malware infection.

Key Points:

• It exploits human curiosity and greed.

• Victims voluntarily take the bait leading them to compromise their credentials or install malware.

• Baiting attacks are often delivered through removable media, pop-up advertisements, or infected
web sites.

• Baiting differs from phishing in that baiting often involves a physical or tangible lure.

• Prevention includes educating users about the risks of using unknown devices or downloads and
having proper security controls on media and network access.

15. Explain spear phishing attacks

Spear phishing is a targeted form of phishing attack aimed at a specific individual or organization. Unlike
generic phishing, spear phishing uses personalized messages that are crafted based on information
specific to the victim.

Key Points:

• Attackers gather detailed information about the target before launching the attack.

• The messages often appear legitimate, coming from someone the victim might trust (e.g., colleagues,
IT department).

• The goal is to trick the victim into disclosing confidential information, clicking on malicious links, or
downloading malware.

• Spear phishing campaigns are more effective due to their personalized and convincing nature.

• Defense involves user training, email filtering, verifying unexpected requests, and technical
solutions like DMARC and SPF.

16. Explain phishing and identity theft in detail

Phishing is a deceptive cyber attack where attackers impersonate trustworthy entities to trick victims
into revealing sensitive information such as passwords, credit card numbers, or social security numbers.

Key Points on Phishing:

• Delivered typically via fraudulent emails, messages, or websites.

• Attacker creates a sense of urgency or fear to prompt immediate action.

• Common forms include email phishing, SMS phishing (smishing), and voice phishing (vishing).

• Victims are often directed to fake websites resembling legitimate ones to capture credentials.

Identity Theft involves stealing personal information to impersonate someone else, often for financial
gain or fraudulent activities.

Key Points on Identity Theft:

• Information is stolen through phishing, data breaches, social engineering, or malware.

• Can lead to unauthorized bank transactions, credit applications, or misuse of online accounts.

• Victims suffer financial loss, damage to credit scores, and violation of privacy.
 • Prevention requires strong authentication, monitoring credit reports, cautious online behavior, and
timely reporting of suspicious activities.

17. Explain the scareware scams

Scareware scams involve malicious software that tricks users into believing their computer is infected
with viruses or other security threats. The software then prompts users to purchase fake security
solutions to remove the fabricated threats.

Key Points:

• Scareware typically appears as alarming pop-up messages or fake antivirus alerts.

• The actual intent is to deceive users into paying for worthless or malicious software.

• Installing scareware can further compromise the system by adding spyware, ransomware, or other
malware.

• These scams play on victims' fear and lack of technical knowledge.

• Prevention includes keeping software updated, using legitimate antivirus products, not clicking
suspicious pop-ups, and awareness of common scam tactics.

All information is drawn and synthesized from your provided course materials and aligns with your study
content requirements.[34]

1. https://mrcet.com/pdf/Lab Manuals/IT/CYBER SECURITY (R18A0521).pdf

2. https://www.birdkolkata.in/reading_material/introduction-to-cyber-security.pdf

3. http://www.hasanbalik.com/LectureNotes/NetworkSecurity/6.Week.pdf

4. https://www.vssut.ac.in/lecture_notes/lecture1423183198.pdf

5. https://ijaers.com/Paper-July 2014/IJAERS-JULY-2014-010.pdf

6. https://testbook.com/objective-questions/mcq-on-information-technology-act--65e74078a6b4e8de36d25074
7. https://www.iibf.org.in/documents/cyber-laws-chapter-in-legal-aspects-book.pdf

8. https://ijarsct.co.in/Paper11819.pdf

9. https://www.dni.gov/files/NCSC/documents/campaign/Counterintelligence_Tips_Spearphishing.pdf

10. http://www.sircrrengg.ac.in/images/newsletter/ITMATERIALS/CS.pdf

11. https://www.nrcmec.org/pdf/Course-Content/CSE-CS/III_ISem/ICS/ICS_Question_bank.pdf

12. http://www.ouexams.in/downloades/Cyber_Security_Lab_QB.pdf

13. https://www.studocu.com/in/course/university-of-mumbai/cyber-security-and-laws/3018638

14. https://www.subodhmba.org/public/pdfs/M-353, ISCL.pdf

15. https://sietk.org/downloads/Question Bank/I M.Tech I Sem/CSE/16CS5805_CCIDF QB.pdf

16. https://acwa.asn.au/wp-content/uploads/2018/02/ACW-StewartBrown-Cybercrime-Presentation-Feb-2018.pdf

17. https://www.scribd.com/presentation/863092384/Lecture-5-Trapdoors-and-Backdoors-in-AI-Systems

18. http://www.gpahmedabad.ac.in/uploads/7/coursedetails/studymaterials/3350704_Unit1.pdf

19. https://www3.cs.stonybrook.edu/~ise331/Slides/L15-Attacks.pdf

20. https://arxiv.org/pdf/1910.00033.pdf

21. http://www.irphouse.com/ijert22/ijertv15n1_08.pdf

22. csl_unit1.pdf

23. cybersecurity_unit2_notes.pdf

24. csl_attack_on_mobilephone.pdf

25. cybersecurity_unit2_notes.pdf

26. csl_unit1.pdf

27. csl_attack_on_mobilephone.pdf

28. csl_unit1.pdf

29. cybersecurity_unit2_notes.pdf

30. csl_attack_on_mobilephone.pdf
31. cybersecurity_unit2_notes.pdf

32. csl_attack_on_mobilephone.pdf

33. csl_unit1.pdf

34. cybersecurity_unit2_notes.pdf

35. csl_attack_on_mobilephone.pdf

36. csl_unit1.pdf