ECU Blog

Gain New Insights and Knowledge

5 Common Types of Cybercrime: Effects and Prevention Methods

Written by: East Carolina University®   •  Mar 23, 2026

Infographic explaining the types of cybercrime. Descriptions and statistics are provided in the text.

With the cost of a data breach reaching $10.2 million in the United States in 2025, according to IBM, understanding and preventing cybercrime is important for everyone. Cybercrime—criminal acts committed using the internet or computers—has evolved dramatically over the past five years, with accumulated losses of more than $50 billion, according to the FBI’s Internet Crime Complaint Center (IC3). Take a closer look at five common types of cybercrime, their effects, and some prevention methods.

To learn more, check out the infographic below, created by the Information and Cybersecurity Technology program at East Carolina University®.

5 Types of Cybercrime

In 2024, IC3 received 859,532 cybercrime reports totaling $16.6 billion in losses—a 33% increase over the previous year. Here are five of the most common types of cybercrime contributing to those losses.

Phishing

One of the most common and costly cybercrimes, phishing involves attackers using text messages or emails to falsely represent a bank, government office, business, or other entity to trick people into sharing their login credentials, financial information, and other private data. A common component of phishing is social engineering—using personal information from social media to craft convincing messages.

Example: From 2013 to 2015, cyberattackers impersonated Quanta Computer, a Fortune Global 500 supplier for Facebook and Google. They sent invoices under Quanta’s name to both companies, resulting in a $100 million loss.

Supply Chain Attacks

Supply chain attacks, also called third-party compromises, exploit weaknesses in a company’s external supply chain, including vendors, software suppliers, partner organizations, and cloud providers. Because many companies don’t require suppliers to follow stringent data protection practices and data supply chains are complex, attackers can often gain access to company systems this way.

Example: Beginning in 2019, attackers hacked Orion, a SolarWinds platform used by numerous government agencies that allows customers to view vendor networks. The attack, called SUNBURST, injected malware into Orion via updates in 2020 and allowed hackers to access customers’ information technology (IT) systems.

Malware

Malware, or malicious software, is any software designed to damage, destroy, steal, copy, or gain unauthorized access to computer systems and their data. Examples are viruses, worms, Trojan horses, spyware, and ransomware, which are often spread through email, software, or compromised websites.

Example: The Clop (or Cl0p) ransomware variant became prominent in 2019 and has continued to grow in notoriety since. It’s one of the most well known examples of ransomware as a service (RaaS). It prevents victims from accessing their own data and has multiple extortion tactics.

Ransomware

Ransomware is a type of malware that encrypts files while attackers—individuals or hacker groups—demand payments for their release. Once inside a system, ransomware encrypts files indiscriminately, often targeting those that seem most important, including user data.

Example: In May 2017, the WannaCry ransomware attack was unleashed on over 200,000 Windows computers, exploiting a vulnerability in the EternalBlue network protocol. It caused significant disruptions across Windows systems in 150 countries.

Denial-of-Service Attacks

Denial-of-service (DoS) attacks overwhelm a website, server, or network with traffic generated by malicious bots. The compromised system rejects or denies legitimate traffic, making it unreachable. Distributed denial-of-service (DDoS) attacks involve a distributed network of bots working together. DoS and DDoS attackers may be seeking revenge, attention, or financial gain, or they may be trying to trick organizations or governments into changing their actions.

Example: In 2025, Cloudflare thwarted a DDoS attack by the Aisuru botnet. It was the largest attack of its type to ever be reported, comprising between 1 and 4 million infected hosts.

Cybercrime Prevention

The good news is that there are ways everyone can help prevent many types of cybercrime. Companies, government entities, and other organizations can do the following:

  • Develop and update an incident response plan (IRP), including conducting penetration testing and simulations.

  • Update software to maintain system security and fix known vulnerabilities.

  • Encrypt data with end-to-end protection.

  • Practice security awareness by training and testing employees on common tactics, including social engineering and phishing.

  • Limit access by enforcing multi-factor authentication (MFA) and the principle of least privilege (PoLP), limiting employee access to the systems they need to complete tasks.

  • Use a zero-trust approach to anticipate attacks and require verification at every level.

  • Monitor constantly using real-time threat analysis to find and neutralize cyber threats before they cause harm.

Individuals can take some of the same steps to prevent cybercrime, including using MFA and keeping software up to date. They can also do the following:

  • Limit information sharing by keeping personal details off social media, disabling location-tracking options, and only giving financial information to secure websites.

  • Employ biometrics, such as fingerprint and facial recognition scanners, whenever possible.

  • Use unique, strong passwords; change them regularly; and store them in a password manager.

  • Install and update antivirus and malware-detection programs.

  • Secure home Wi-Fi and computer networks by using a virtual private network (VPN).

  • Encrypt and back up files.

  • Think before clicking—avoid clicking text or email links unless certain they’re legitimate, and when in doubt, contact the sender through another method to confirm.

  • Know that the government, including the IRS, doesn’t contact individuals by phone, text, or social media to demand money.

  • Examine credit reports and account statements regularly.

Protect Against Cybercrime

Cybercrime and its effects can be frightening to contemplate, especially as the costs keep escalating. Cybersecurity and IT programs can help professionals protect organizations from all types of cyber threats. They teach students how to identify the types of cybercrime, practice good cyber hygiene, deploy defensive tactics, and respond to incidents. Find out how a degree in information and cybersecurity can prepare you to thwart cyber threats.

Sources:

Baker Donelson, “Ten Key Insights from IBM’s Cost of a Data Breach Report 2025”

BitSight, Types of Cyber Crimes

BitSight, What Is Zero Trust?

BlueVoyant, 8 Devastating Phishing Attack Examples (and Prevention Tips

Cisco, What Is Cybercrime?

Cloudflare, Famous DDoS Attacks: The Largest DDoS Attacks of All Time

CSO, “15 Infamous Malware Attacks: The First and the Worst”

Cybersecurity Ventures, “Cybercrime to Cost the World $12.2 Trillion Annually by 2031”

IC3

Fortinet, SolarWinds Cyber Attack

IBM, Cost of a Data Breach 2025

Ready.gov, Cybersecurity

Trend Micro, Top 15 Most Common Types of Cyberattacks

Zscaler, What Is the SolarWinds Cyberattack?

Recent Articles

A Director of Information Technology Works on a Laptop in a Business Office..jpg
Information and Cybersecurity Technology

How to Become a Director of Information Technology

East Carolina University®

Jan 30, 2026

IT professionals collaborating in a room with monitors.
Information and Cybersecurity Technology

5 Cybersecurity Companies for North Carolina Professionals to Consider

East Carolina University®

Dec 17, 2025

A cybersecurity professional with a tablet in a control room.
Information and Cybersecurity Technology

What Is Cyber Infrastructure?

East Carolina University®

Dec 17, 2025