SOLUTION

1.a) Phishing is a type of cyberattack where attackers try to trick people into
revealing sensitive information—like passwords, credit card numbers, or
personal details—by pretending to be a trustworthy source.
1.Mishing(mobile phishing):-It is a phishing attack that exploits mobile devices
instead of emails to deceive victims into revealing sensitive information or
clicking malicious links. Example- SMS, voice calls, QR code. • 2.Vishing(voice
phishing):-It involves the attacker calling the victim and posing as a
representative from a trusted organization, like a bank or government agency.
The malicious actor may use social engineering techniques to trick the victim
into revealing sensitive information over the phone
3.Smishing :- it uses Short Message Service (SMS) to send fraud text messages
or links. The criminals cheat the user by calling. Victims may provide sensitive
information such as credit card information, account information, etc.

1 b)
1c) difference between
Feature Credit Card Debit Card
Source of Funds Borrowed money from the Your own money from
bank or financial your bank account.
institution.
Payment You repay the amount The amount is deducted
spent later (with interest). directly from your bank
account.
Spending Limit Limit is set by the bank Limited to the balance in
 (based on credit history). your bank account.
Interest Charges Interest is charged on No interest charges (unless
unpaid balances. you overdraft).
Fees Can have annual fees, late No annual fees; some
payment fees, or high banks may charge for
interest fees. overdrafts.
Impact on Credit Affects your credit score Does not affect your credit
Score based on usage and score.
payments.
Fraud Protection Typically offers better May offer less fraud
fraud protection. protection depending on
the bank.
Rewards/Benefits Often offers rewards like Usually no rewards, but
cash back, points, or travel some accounts may offer
perks. cashback.
Overdraft Can spend more than the Can lead to overdraft if
available credit (if within funds are insufficient.
limit).
Usage Used for building credit Used for daily transactions
history and larger and budgeting.
purchases.

1.d)
1. Use Strong Passwords & Biometrics
2. Enable Encryption
3. Keep Software & Apps Updated
4. Install Trusted Security Apps
5. Avoid Public Wi-Fi for Sensitive Transactions
6. Use Two-Factor Authentication (2FA)
7. Download Apps Only From Trusted Sources
8. Turn Off Bluetooth When Not In Use
9. Be Cautious with Links and Attachments
10. Use a Secure Lock Screen
11. Backup Your Data Regularly
12. Monitor App Permissions
13. Enable Remote Wipe or Locate Feature
14. Disable or Limit Location Services

1e) Social engineering is a manipulation technique that exploits human error

to obtain private information or valuable data. In cybercrime, the human
hacking scams entice unsuspecting users to disclose data, spread malware
infections, or give them access to restricted systems. Attacks can occur online,
in-person, and by other interactions. Social engineering scams are based on
how people think and act. • Hackers try to exploit the user's knowledge.
Thanks to technology's speed, many consumers and employees are not aware
of specific threats such as drive-by downloads. Users cannot realize the value
of personal data like phone number. Many users are unsure of how best to
protect themselves and their confidential information.
How works Social Engineering • Most social engineering attacks depend on real
communication between attackers and victims. Instead of using brute force
methods to breach the data, the attacker prompts the user to compromise. •
The attack cycle gives the criminals a reliable process to deceive you. The
stages of the social engineering attack cycle are below:
1. Prepare by gathering background information on a large group.
2. Infiltrate by building trust, establishing a relationship or starting a
conversation.
3. Establish the victim once more to confront the attack with confidence and
weakness.
4. Once the user takes the desired action, release it
2.a)
Cybercrime refers to illegal activities conducted through or involving the
internet, computers, or other digital devices. It includes a wide range of
criminal activities that exploit digital technologies to carry out illegal acts such
as theft, fraud, data breaches, and cyberattacks.
Cybercriminals are individuals or groups who engage in cybercrimes. They use
digital tools, the internet, and sophisticated techniques to perpetrate illegal
activities. Their motives can range from financial gain to espionage or hacking
for political or personal reasons.
2.b)

2.c)
2d) AUTHENTICATION SERVICE SECURITY
❖Authentication is the procedure of recognising someone's identity by
assuring that the person is the similar as what it is claiming for. ❖It can be used
by both server and client .The server uses authentication when someone needs
to access the data and the serverrequired to understand who is accessing the
data.
❖The client uses it when it is needto understand that it is the same server that
it claims to be.
❖The authentication by the server is completed mostly by utilising the
username and password.
❖An authentication service is a mechanism, analogous to the use of passwords
on time-sharing systems, for the secure authentication of the identity of
network clients by and vice versa.
DIFFERENT TYPES OF AUTHENTICATION SYSTEMS
1. Single-Factor authentication:- the user must enter the username and the
password to confirm whether that user is logging in or not.
Advantage-> It is a very simple to use and straightforward system. It is
not at all costly. The user does not need any huge technical skills.
Disadvantage-> It is not at all password secure. It will depend on the
strength of the password entered by the user. The protection level in is
very low.
 2. Two-factor Authentication:- the user must give a Username, password
and additional information. Example->OTP
➢Advantages • It provides better security than the Single factor
Authentication system. • The productivity and flexibility increase in the
two-factor authentication system.
Disadvantage • It is time-consuming
3. Multi-factor authentication system:- more than one factor of
authentication is needed. ➢Advantage • No risk of security. • No
information could get stolen. • No risk of any key-logger activity. • No
risk of any data getting captured. ➢Disadvantage • It is time-consuming.
• It can rely on third parties.
2E) Kensington cables are one of the most popular brands in laptop security
cable. These cables are made of aircraft-grade steel and Kevlar brand fiber, thus
making these cables 40% stronger than any other conventional security cables.
One end of the security cable is fit into the universal security slot of the laptop
and the other end is locked around any fixed furniture or item, thus making a
loop. These cables come with a variety of options such as number locks, key
locks and alarms.
• Laptop safes: Safes made of polycarbonate - the same material that is
used in bulletproof windows, police riot shields and bank security
screens-can be used to carry and safeguard laptops. The advantage of
safes over security cables is that they protect the whole laptop and its
parts ,which can be easily removed in the case of laptops protected by
security cables.
• Motion sensors and alarms: Even though alarms and motion sensors are
annoying owing to their false alarms and loud sound level, these devices
are very efficient in securing laptops. • Once these devices are activated,
they can be used to track missing laptops in crowded places. The alarm
device attached to the laptop transmits radio signals to a certain range
around the laptop.
• Warning labels and stamps: Warning labels containing tracking
information and identification details can be fixed onto the laptop to
deter aspiring thieves. These labels cannot be removed easily and are a
low-cost solution to a laptop theft. These labels have an identification
number that is stored in a universal database for verification, which, in
turn makes the resale of stolen laptops a difficult process. • Such labels
 are highly recommended for the laptops issued to top executives and/or
key employees of the organizations.
• Engraving the laptop with personal details
• Keeping the laptop close to oneself wherever possible
• Creating the awareness among the employees to understand the
responsibility of carrying a laptop and also about the sensitivity of the
information contained in the laptop
• Making a copy of the purchase receipt, laptop serial number and the
description of the laptop
• Installing encryption software to protect information stored on the
laptop
• Using personal firewall software to block unwanted access and intrusion
• Updating the antivirus software regularly
• Never leaving the laptop unattended in public places such as the car,
parking lot, conventions, conferences and the airport until it is fitted with
an anti theft device;
3A) SIGNIFICANCE OF REGISTRY SETTINGS:
1.Baseline Security Configuration: •When setting up a new computer or mobile
device, the default security configurations may not provide optimal protection
against potential threats
2.Registry Changes for Enhanced Security: •Achieving a high level of security
often requires making additional registry changes that aren't exposed through
standard interfaces like the Control panel or Group Policy. •The Windows
registry contains vital configurations, when modified appropriately, can
significantly enhance the device's security.
3. Efficiency of Registry Changes: Streamlined and systematic approaches to
registry modifications can save time and effort.
4. Registry Hacks for Security: ▪Microsoft Knowledge Base articles and other
resources discuss numerous 'registry hacks' or modifications that can bolster
security by tweaking registry settings. ▪These hacks often involve altering
specific registry values to enhance the security of the operating system.
5.Challenges and Abundance of Settings: ❑Novice users may find it challenging
to identify and implement the appropriate registry changes to address specific
security concerns effectively
Microsoft Active Sync is a synchronization program, developed by Microsoft,
designed to facilitate data synchronization between Windows-powered
personal computers (PCs) and mobile devices (or in more recent versions, code
Windows Phone operating systems.) ➢ It facilitates the seamless transfer of
various types of data, such as e-mail, contacts, calendar entries, tasks,
documents and multimedia files, between a user's PC and mobile device
KEY FEATURES AND FUNCTIONS OF MICROSOFT ACTIVE SYNC INCLUDE:
1. Data Synchronisation
2. E-mail Synchronisation
3. Calendar and Contacts Sync
4. Task and Note Synchronisation:
5. File and Document Transfer: It allows the transfer of files and documents,
including Microsoft Office files (e.g., Word, Excel, PowerPoint), pictures, videos
and other multimedia content.
6. Wireless Synchronisation: In addition to syncing via a USB connection, Active
Sync supports wireless synchronisation.
7. Integration with Exchange Server: It can sync directly with Microsoft
Exchange Server, providing enterprise users with wireless access to their email,
calendar, contacts and other exchange related data.
8. Security Features: Active Sync incorporates security measures to protect
sensitive data during synchronisation, including encryption and remote Wipe
capabilities to safeguard data in case of loss or theft.
3B)
Key factors: 1. Advancements in Technology: such as faster processors, larger
storage capacities, improved batteries and better displays, make devices more
capable and attractive to users 2. Internet Connectivity and 5G Technology:
Enhanced internet connectivity particularly the deployment of 5G networks,
provides faster and more reliable wireless internet access, enabling seamless
streaming, real-time communication and a better overall user experience.
3.Diverse Range of Devices: The market offers a wide range of mobile and
wireless devices, including smartphones, tablets, smartwatches, fitness
trackers, IoT (Internet of Things) devices and more, catering to diverse user
preferences and needs.
4. Ubiquity of Smartphones: Smartphones have become ubiquitous, serving as
multi-functional devices for communication, browsing, entertainment,
productivity and more. The versatility and portability of smartphones drive
their widespread adoption.
5. Integration with IoT and Wearables: The integration of mobile devices with
IoT and wearable technology has expanded their functionality, allowing users
to control smart home devices, monitor health and interact with a range of
connected devices seamlessly.
6. Consumer Demand for Mobility: Consumers are placing a growing emphasis
on mobility and flexibility, resulting in a rising demand for devices that facilitate
convenient access to information, entertainment, and services.
3C)

a) The merchant initiates a transaction with the bank.

b) The bank forwards the transaction request to the authorised cardholder.
c) The cardholder either approves or declines the transaction (secured with
a password ).
d) The bank and merchant receive notifications accordingly.
e) The credit card transaction is successfully concluded.
4.a) Key Techniques for Information security
1. Access Control 2. Encryption 3. Firewalls 4. Intrusion Detection and
prevention 5. Patch Management 6. Employee Training and Awareness
1.Access Control: Access control is the practice of restricting access to network
resources to authorized individuals or systems. This can be achieved through
the use of passwords, multi-factor authentication, and role-based access
control (RBAC).
2.Encryption: Encryption is the process of converting plaintext data into
ciphertext to protect it from unauthorized access. Encryption is commonly used
to secure data in transit, such as email messages andwebtraffic, as well as data
at rest, such as files stored on a server.
3.Firewalls: Firewalls are network security devices that monitor and control
incoming and outgoing network traffic based on predefined rules. Firewalls can
be implemented at the network or host level and are an effective way to
protect against unauthorized access and malicious traffic.
4.Intrusion Detection and Prevention: Intrusion detection and prevention
systems (IDPS) are security technologies that monitor network traffic for
suspicious activity and can automatically block or alert security personnel
about potential security incidents.
5. Employee Training and Awareness: Employees are often the weakest link in
network security, as they can inadvertently expose sensitive information or fall
victim to social engineering attacks. Regular training and awareness programs
can help employees identify and prevent security incidents.
4.b)
4.c)

Role of Cybercafés in Cybercrime:

Cybercafés can play a significant role in facilitating cybercrime, especially in
regions where personal internet access is limited. While many cybercafés
operate legally, they can sometimes be misused by cybercriminals as
anonymous hubs for illegal online activity.

Why Cybercriminals Use Cybercafés:

Reason Explanation
Users can access the internet without revealing their true
Anonymity
identity or location.
Some cybercafés may not keep detailed user logs or
Lack of Monitoring
monitor online activity.
Shared systems make it harder to trace illegal activity back
Public Access
to a specific person.
Cybercriminals can use the café once and never return,
Disposable Access
avoiding detection.
Many cybercafés in developing regions lack strict laws or
Limited Regulation
enforcement.
Reason Explanation
Use of Fake or Attackers may use fake identities to register and remain
Stolen IDs untraceable.

Common Cybercrimes Committed from Cybercafés:

 Phishing scams
 Spamming and email fraud
 Identity theft
 Accessing or distributing illegal content
 Hacking attempts
 Financial fraud and online banking crimes

In summary, cybercafés can be exploited by cybercriminals due to the

anonymity and lack of strict regulation. This makes them attractive for carrying
out untraceable cyber activities.