Start tracking your progress
Trailhead Home
Trailhead Home

Identify Digital Crime Tactics

Learning Objectives

After completing this unit, you’ll be able to:

  • Discuss the threat of phishing.
  • Define the common forms of malware.
  • Identify examples of social engineering.
  • Explain the concept of shoulder surfing.

Categories of Crime

Digital attackers constantly develop new tactics to access information. In fact, the FBI’s 2018 Internet Crime Report tracked more than 35 categories of cybercrime committed last year. Here are some of the most common tactics to look out for. 

4-1-1 on Phishing

An envelope attached to a fishing hook.

An email from your bank drops into your inbox. It asks you to reset your password due to a security breach. Sounds legitimate, right? 

Next, you click the link embedded in the email. A landing page pops up and you enter your online banking credentials to see what all the fuss is about… 

And the rest is history. You just fell prey to phishing. 

Digital criminals use phishing to trick people into handing over sensitive information such as passwords and health data. There are a few different common types.

Spear Phishing

Spear phishing targets a specific person instead of using mass email. Attackers know their victims’ names and research their interests on social media. Then, they customize communications to build trust with the victim in order to snag their info.


This kind of phishing goes after high-profile targets, or “whales,” who have access to tons of sensitive information. Similar to spear phishing, digital criminals invest considerable time to research the target before attacking. 


With pharming, victims don’t have to click anything to be taken advantage of. You type in a URL and then the attacker “hijacks” it. Instead of reaching your intended destination, you land on an imposter site that asks for credentials or other data.

After an attacker gains access to your system through phishing, they don’t stop there. Often, they infect your device with malicious software. More on that next.

Mad About Malware

A computer screen covered by an insect.

Your big presentation is in less than 30 minutes. As soon as you press print on the content, you get an alert from the IT department: Printers are down.  

Luckily, you have a printing service in your building. So, you look around your workspace for a thumb drive, pop it into your USB port, and then hurry to transfer files so you can print. 

You made it in time. And your presentation passed with flying colors. But, little did you know, your computer got infected with malware in the process. How? A rogue thumb drive was planted in your office by a digital criminal.

So what is malware, anyway? The term malware is short for malicious software—designed to disrupt, damage, or gain unauthorized access to a computer system. 

Malware comes in multiple forms, including: 

Trojan Horses

This form of malware walks and talks like legitimate software but has negative intent. After it’s activated, it will delete, modify, and block your data. Trojans are also known to enable real-time access to your system, resulting in a full takeover. 


You guessed it. This malicious software holds information for ransom. Attackers typically get into your system through phishing and then block your access. Keep in mind that, even if you pay up, it can be hard to reverse the damage without having a backup.


Chances are you’ve come into contact with adware, which serves people unwanted advertising. A common adware program might redirect a user's searches to look-alike web pages that ask for sensitive information.

Once an attacker has access to your system, they use malware to get even more info. But how do they gain access in the first place? Many times, it’s through social engineering.  

Social Engineering Savvy

It’s mid-February and you’re officially counting down the days until summer—142, to be exact.

Naturally, you start browsing vacation spots. Suddenly, you see an advertisement for a free Carribbean vacation. Bingo! Your need for sun and sand prompts you to click the ad and enter a sweepstakes with your email address and phone number. Fingers crossed...

Harmless, right? Nope. 

This is an example of social engineering—the art of manipulating people into handing over valuable information. Criminals use social engineering because it’s easier to exploit your natural inclination to trust than to actually hack your software. 

Sounds a bit like phishing, doesn’t it? That’s because phishing is one of the most common types of social engineering. Here are a few more. 


Tailgating is the physical act of following someone to gain access to their information. For example, an attacker follows you into a coffee shop and hops on to the same public Wi-Fi network in order to hack into your system. 


Pretexting is all about impersonation, from police to government officials to coworkers. Attackers who use pretexting often tell victims they need their info in order to complete a specific task or to keep the individual out of legal trouble. 

Quid Pro Quo

This is when an attacker promises you something of value in exchange for information (remember that Caribbean vacation?). Attackers scope out an individual and then present them with things relevant to their lifestyle in the hope that they provide sensitive information.

Not all digital criminals limit themselves to the cyber world. Some use the physical to gain access to the digital. That’s where shoulder surfing comes in. 

Summarizing Shoulder Surfing

Let’s say you’re part of the 70 percent of people globally who work remotely at least once a week. And, for you, remotely typically means your local coffee shop. 

You’ve got all the right security measures in place for remote work—you log in to Wi-Fi with a virtual private network and lock your screen anytime you get up for a refill. 

You’re safe, right? Maybe not.

Shoulder surfing is the practice of looking “over the shoulder” of someone using an electronic device, and then taking a photo of their screen or jotting down their valuable information. It can happen anywhere you transfer sensitive info in public. That not only includes anywhere you use a laptop, smartphone, or tablet but also payment kiosks like ATMs.

Digital criminals? Check. Digital crimes? Check. Just one more unit and you’ll know all the basics of the digital crime landscape.