What is cybercrime and fraud?
Hacking is to access a computer system, or parts of it, without authorisation. Hackers may do this by for instance exploiting vulnerabilities in software or using stolen user names and passwords.
Ransomware is a type of malicious software that locks or encrypts all or parts of the contents of a computer system or computer. The attacker demands a ransom to release the contents. Infection by ransomware may happen in various ways. The attacker may for instance obtain access to the victim's system and then install ransomware in the victim's network.
In several cases, the attacker has had access to the network for an extended period of time before the ransomware started to encrypt the system. In recent years, subsequent extortion of ransomware victims has become common. Attackers not only threaten with lost access to encrypted data, but also publication or sale of data stolen from the network.
Denial of Service (DoS) attack
A Denial of Service attack is a cyber attack rendering data, resources or services, or parts of them, inaccessible There are different types of DoS attacks. What they all have in common is that the attack blocks the access of individuals or systems to data, resources or services.
- Distributed Denial of Service
Distributed Denial of Service (DDoS) attacks can take various forms. They include overloading a network connection, router, firewall and/or server. The attack may use compromised computers organised in a network. A computer may be compromised by infection with malware. Compromised computers will, unwittingly, send so much data to the victim that legitimate traffic cannot get through.
Recently, the police have also seen examples of extortion combined with DDoS attacks, so-called Ransom DDoS. The attackers normally threaten with further or larger DoS attacks unless a ransom is paid.
Malicious software, or malware, is an umbrella term for a variety of software and code used for criminal purposes. The goal may be to steal information, damage computer systems or facilitate the installation of ransomware.
There is constant development of the various types of malware available to criminals. Several types are known to the police, but to keep up-to-date with the types being used for attacking victims in Norway, we rely on information and tip-offs. Malware may for instance be distributed by malicious files in emails. Certain types of malware communicate with a command and control infrastructure and are used for distributing other malicious content or malware.
Investment fraud entails being deceived into investing in projects or products that are worthless or non-existent. This may be investments in shares or other financial instruments, property, commodities or valuable objects such as art and antiquities.
Online banking fraud
Online banking fraud entails criminals gaining access to the victim's online bank. This usually takes place through theft of physical security devices, such as banking code generators, or by criminals manipulating the victim into giving up their login information.
Payment card fraud
Payment card fraud entails criminals getting hold of the victim's card details. This may take place by hacking someone who is in possession of those card details, e.g. an online store used by the victim. This can also take place by the magnetic stripe of the card being copied while on holiday abroad, or by the victim entering the card details on a false website. Such websites will typically trick victims by appearing to be a genuine online store, or by offering very low prices.
In romance scams, criminals establish a relationship with the victim over time before the fraud itself is committed. By spending ample time building a relationship, the criminal can build greater trust, which is then reflected in the amount the victim is defrauded of. Through social media and regular contact through private channels, a story is established to lead the victim towards sending money, often small amounts at first and then larger amounts as the victim keep paying them.
Advance fee fraud
Advance free fraud deceives victims into paying what they believe are duties or fees. This may take two different routes, either by the criminals claiming that the fee is for delivery of a package to the victim, or the criminals contacting someone who is selling an object online. The criminals say they will buy the object, but that they wish to use a specific delivery service. This service will often be genuine and well-known, but the criminals then claim that a fee must be paid for the object to be sent and that the seller must pay this fee. They then send a link for payment of the fee. In reality, the victim is paying the criminals, and the victim is often charged more than stated.
In CEO fraud, the criminals analyse the internal organisation of the enterprise and target staff members directly to make them transfer or approve payments. The criminals will typically pose as a manager and ask a staff member in the financial department to transfer a large amount of money, generally to a recipient abroad.
In invoice fraud, the recipient of the invoice is deceived into paying for goods or services they have not ordered or paying an invoice that has been hijacked by the criminals. Invoice hijacking means that the criminals pose as a genuine supplier to the enterprise, but tell the recipient that the payment should be made to a new account
The internet and computer technology play a major role in almost all crime. The internet and computer systems impact crime and how it evolves. This is reflected in the choice of crime scene or tool used for the crime, and the resulting sources of evidence.
Technology as a scene of crime
Some criminal offences target the technology, infrastructure or the internet use of a person or an organisation as such. Hacking, damaging computer systems or Denial of Service attacks are some examples. Technology is the scene of cybercrime.
Technology used as a tool by criminals
Certain offences are committed using the internet and computer systems. Examples include selling drugs, sharing sexual abuse images and harassment or threats online.
Technology as a source of evidence
In some cases, the internet or computer systems are not used for the offence. But digital evidence may solve the case. Examples are investigations of violent crime and theft, which frequently involve searching for evidence and tracks left on the internet. Such evidence may be communication between criminals in social media. Another example is the internet search history. It may show how a murderer planned a murder.
The prevention of cybercrime and fraud is not the responsibility of the police alone. The police rely on national and international cooperation to share information and build knowledge in the field. By sharing your information you help the police gain knowledge and an overview of current forms of attacks suffered by members of the public in Norway. Any information you share will be reviewed by the police, and this way you can help prevent others from becoming victims of similar crime.
- You can share information about cybercrime or fraud with the police by tipping us off, or submit a formal crime report about an incident of cybercrime.
- Sending just a tip-off will not necessarily result in a criminal investigation. If you want the case to be investigated, we recommend submitting a formal crime report.
It is important to report all incidents of cybercrime and fraud to your local police. The police will consider opening a criminal investigation. Cybercrime and fraud is challenging to investigate, and not every case is solved. It is still important to record the cases, complete with all documentation and evidence that may be relevant.
- Each individual case may be part of a larger investigation in the future, in Norway or another country.
- Combined, the cases provide important information that may help stop the criminal activity.
My social-media account has been hacked, what should I do?
If your social-media account has been hacked, you can report it to the local police.
I am a victim of an online scam, what should I do?
You can report it to your local police station. Learn more about online scams and how to report such cases to the police.
Tip the police off about cybercrime and fraud
Please use the tip-off button:
Report cybercrime and fraud to the police
Do you want to formally report the offence?
Find your local police station:
Find your local police station
Select location to view contact details and opening hours
Bring all the evidence
It is important to bring all evidence that may be relevant to the case to the police station, such as logs, emails and screenshots.
How to avoid cybercrime
More and more objects are being connected to the internet. Smartwatches, security cameras, baby calls, heaters and light bulbs to mention a few. They are referred to as Internet-of-Things (IoT) devices. They may make it easier to control your house, but come with a risk, as objects connected to the internet are vulnerable to hacking. These objects often have poor security, and detected vulnerabilities are seldom fixed and the software updated.
On a general basis, the following precautions will reduce the risk of your IoT devices being hacked:
- If you do not need online access to e.g. your baby call, go for a baby call with local wireless transmission which encrypts all signals. The number of potential hackers will then be limited to your immediate neighbourhood, instead of the whole world, and you have made intrusion more difficult.
- Change your password the first time you use the device, and apply the available security settings.
- Make sure it is updated with the latest firmware from the manufacturer. Some devices do this automatically; others need manual updating.
- Turn the device off when not in use or not needed.
- If a camera behaves in an unexpected way, e.g. moves without you doing anything, or you discover logins that were not you, turn it off immediately (or isolate it so you can investigate further without audio or video revealing anything you do not want a criminal to have access to while examining the camera and network further).
- Do a few searches for relevant models to see if there are any reports of vulnerabilities in or hacking of those models.
If you are unsure whether a device has been compromised, you can contact a local IT company. If you discover that a device has been compromised, please report the matter to the local police.
The absolutely most important piece of advice is not to open unknown email attachments. If you receive an attachment by email, stop and think. Read the email again. Is the language poor? Does the sender have a reason for sending you an attachment? Never open the attachment to see what it is about; this is often enough for malicious software to be installed on your computer.
Many people receive emails which appear to be from Posten, DHL or Skatteetaten. They tend to contain little information, asking you to open the attachment to learn more. The senders of such emails impersonate legitimate companies to deceive you into opening the attachment.
You may also be deceived by receiving an email and being asked to click on a link. It may for instance look like an email from your bank, urging you to change your password. If you click on the link and enter your password, you give up your password to the criminal behind the fraudulent email. Your bank will never send you such an unsolicited email.
If you are unsure about an email or an attachment, the safest thing to do is leave it. No harm is done unless you open the attachment or click on the link. Another option is to contact the company or person that supposedly sent the email and ask if they actually did.
On www.phishingquiz.withgoogle.com you can test how good you are at recognising if the email you have received is legitimate or fraudulent. Google has participated in the preparation of the quiz. The quiz is hard and shows how devious criminals can be.
Many people have been called by someone claiming to be from Microsoft or another big company. The caller often tells you that you have problems with your computer and offers to help. All he or she needs to help you is your password and remote access to your computer. This is fraud ten times out of ten – someone who wants to steal information from your computer. No legitimate company would ever ask for your password or access to your computer.
Does the online banking login look different than usual? Is there an error message, and a message telling you to wait a few minutes before attempting another login? This is probably an attempt to trick you. Do not re-enter your password or code. Telephone your bank to find out what is happening, and whether you have been tricked into entering a different page trying to steal your username and password. Do not put off the phone call; every minute may count.
Make strong passwords, and different passwords for important sites. A unique password for each site is almost impossible to remember. The site Nettvett.no provides guidance on how to make strong passwords that you can remember: www.nettvett.no/passord
Two-factor authentication provides an extra level of login security. It means that besides a password, you need to enter a one-time code at each login. This will significantly improve the level of protection of your accounts, both email accounts and social media accounts. Learn how to set it up on nettvett.no.
- Install the latest updates to your computer. Update your operating system, usually Windows, macOS, iOS or Android.
- Keep your anti-virus program up-to-date. There is a variety of good, free anti-virus programs available for download. Also ask if an anti-virus program is available from your employer.
- Keep backups of files you do not want to lose, such, as photos and important documents. Back them up to a cloud service or an external hard disk.
Be cautious about connecting to free Wi-Fi networks that do not require a password in public spaces, such as airports or cafés. It is easy to set up a fraudulent Wi-Fi network. The person controlling it may log all websites you visit, the contents of emails or messages you send, and information about your mobile phone or computer.
You should avoid logging into websites or services that require you to enter passwords or personal data when connected to a public Wi-Fi network. Be especially careful if your password discipline is low and you keep reusing the same password. This may give the criminal access to your information.
It is safer to use mobile data than public Wi-Fi networks we know nothing about.
Have you received an email whose content seems too good to be true? It is. You never get money for free. You have not won the lottery you never played. Job offers promising high pay for little work also attempt to take advantage of you, as credible as they may appear.
Have you received an email claiming you have been videoed visiting an adult website? The email demands payment in bitcoin for not sending the video to your family and friends. The email may include a password you have used previously, and may even appear to have been sent from your own email address. This is all a scam, and the email was sent to hundreds of thousands of random people. It is spam you can safely ignore.
Establish internal rules and procedures (test in advance if possible)
Make clear home office security rules, including rules for accessing company systems and whom to contact in case of issues. Establish clear standard operating procedures for security incidents. Introduce extra safeguards for documents to be reviewed, signed, approved or responded to by senior and middle management.
Make home office equipment secure
Put in place safeguards such as hard-disk encryption, logout following a certain period of inactivity, privacy screen filters, strong authentication, and securing and encryption of portable media (e.g. memory sticks). Put mechanisms in place for locking lost or stolen devices.
Secure remote access
Exclusively allow connection to the company network through VPN and multi-factor authentication. Ensure that home office login sessions are automatically disconnected after a certain period of inactivity, requiring the user to log in again.
Ensure that device operating systems and apps are up-to-date.
This will make it harder for criminals to exploit old vulnerabilities.
Make company communication secure
Require multi-factor authentication for accessing company email accounts. Ensure the availability of secure channels for internal and external communication.
Enhance your monitoring of security threats
Actively check for any unusual remote user activity and be more alert to VPN-related attacks.
Raise staff awareness of security risks involved in working from home
Train staff in company home office rules. Spend time raising people's awareness of digital threats, especially phishing and deception.
Stay in regular touch with the staff
Agree on realistic goals, working hours and follow-up mechanisms; be flexible if possible and take personal circumstances into account.
Use your employer's equipment for the employer's data
Only use devices and software provided by your employer. Use strong passwords (use reliable/approved password managers where available); do not write them down and do not let others watch while you enter them. Avoid solutions that bypass security set-ups, even if they may seem practical.
Stop. Think. Connect.
Before starting to work from home, acquaint yourself with your employer's devices, rules and procedures. Make sure you understand the equipment, what to do and not to do, and where to get support.
Secure remote access
Only connect to your employer's network via your employer's VPN, and keep your code generator safe.
Protect your home office equipment and environment
Do not let family members get access to your work devices. Lock them or turn them off when you are not around, and keep them safe against harm or theft. Avoid anybody looking over your shoulder; use a privacy screen filter and avoid view of the screen through windows or on cameras.
Be alert to suspicious activity or strange requests, especially of a financial nature. It may be CEO fraud! If in doubt, telephone the sender to check. Do not click on links or open attachments in unsolicited emails or text messages.
Do not disclose your personal data
Do not disclose your personal data when responding to messages, even if they claim to be from legitimate senders. Contact the company directly to verify the request.
Prepare plans and procedures
Agree on a plan for working from home with your line manager and co-workers, including distribution of tasks, deadlines and communication channels.
Use of private devices
If using private devices is the only option and your employer allows it, make sure the operating system and software are updated, including anti-virus programs, and that the connection is secured through a VPN approved by your employer.
Keep work separate
Avoid using home office equipment for private purposes.
If you discover unusual or suspicious activity on a device you are using when working from home, contact your employer immediately via appropriate channels.
- To learn more, visit the website nettvett.no/korona.
E-learning platforms have become widespread in schools. Here is some advice to help prevent ICT equipment and applications being hacked.
About ICT equipment
- Ensure that ICT equipment used is at all times up-to-date with security updates from the supplier, both for operating systems and software. Some devices do this automatically; others need manual updating.
- Ensure that all anti-virus programs are up-to-date and active.
- When using a wireless home network, make sure it is encrypted. If it is not encrypted, you should connect to the internet via mobile data. There are three different levels of encryption of wireless networks:
- Open (no security)
- WEP (low security)
- WPA/WPA2/WPA3 (high security)
It is not recommended to use wireless networks of the levels open or WEP, as they have no or low security.
It varies between operating systems where to find this information. If you cannot find it using the below guide, you should contact IT support or a co-worker or friend with computer skills. There is also a wealth of guides online, but you should be critical of them. It should for instance not be necessary to install something to find this on a normal computer.
Settings – Connections – Wi-Fi. Select the wireless network to which you are connected and tap the wheel icon. Under "Security" you will find the network's security level.
System settings – Networks. Select the wireless network to which you are connected and tap "Advanced". Under the banner "Security" you will find the network's security level.
In the bottom right corner you will find the wireless network to which you are connected. Click on the connected network, followed by "Properties" for security level details.
- Regularly back up files that are important to you. They may be photos, documents or spreadsheets needed to carry out important work tasks. The backup should be kept somewhere that is not connected to the internet or the devices in daily use.
- If anything unusual happens, tell your line manager, security officers or IT support, if your school has it. Such unusual behaviour includes the camera turning on by itself, programs running by themselves, or the device running heavily even though you are just using it for light tasks.
- Install and use a camera cover to physically control when the camera on computers or other devices is on or off.
About video-conferencing applications
- Do a few searches for relevant video-conferencing services to see if there are any reports of vulnerabilities in or intrusion into those services.
- If the functionality exists, lock the conference room when all participants have joined to prevent secret attendance by third parties.
- Password protect the conference room if possible. Change this password regularly, perhaps for each conference.
- Verify that participants are genuine participants and that there are no unauthorised participants, e.g. by letting everyone introduce themselves by name and image.
- Keep in mind that the service may store information shared in the chat. It may also store files shared in the application.
- Report any unusual incidents in the video-conferencing application to your line manager, security officers or IT support.