A PROJECT REPORT ON

“CYBER CRIME AND SECURITY

AWARENESS IN DIGITAL MARKETING”
SUBMITTED BY:

Sabyasachi Samantara
+3 COMMERCE, FINAL YEAR
ROLL NO:011803CM309
Under The Guidance Of
Mrs. Anita Kumari
Patra (Lecture in commerce)

UNDER GRADUATE DEPARTMENT OF COMMERCE,

KHALLIKOTE AUTONOMOUS COLLEGE BERHAMPUR GANJAM
SESSION (2018-2021)

1
CERTIFICATE

This is certifying that Sabyasachi Samantara a student of B.COM Final year in

Khallikote Autonomous College, Berhampur, bearing Exam Roll no 011803CM309,
has worked a project on“CYBER CRIME AND SECURITY
AWARENESS IN DIGITAL MARKETING”under the guidance and supervision.
This project report has the requisite standard and to best of my knowledge no part of
it has been reproduce from any other project, monograph,report or book.

(Signature)

2
DECLARATION

I hereby declare that, this project work entitled “A STUDY ON CYBER CRIME AND
SECURITY AWARENESS IN DIGITAL MARKETING” is my work carried out under the
guidance of my faculty guide Mrs. Anita Kumari Patra Madam. This project report is being
submitted by me alone, at Khallikote Autonomous College, Berhampur for the partial fulfillment
of the course B.com [Hons.]. This report neither full nor in part has ever been submitted for
award of any other degree of either this college/university or any other college/university.

(Sabyasachi Samantara)

Roll No-011803CM309

B.Com Final Year

Place:Berhampur

Date:

3
ACKNOWLDEGEMENT

I would like to express my gratitude to all those who gave me the possibilities to complete this
project. I would like to thank Mrs. Anita Kumari Patra, Faculty in Commerce of Khallikote
College who has provided such an opportunity and motivation to gain knowledge through this
type of project. This will help me a lot in my career.

Secondly, I would like to bestow my gratitude to the Khallikote Autonomous College,which

provides me such opportunity to undertake the project report on Cyber Crime And Security
Awareness In Digital Marketing for providing valuable input resources for preparing project
like library.

I am thankful to my other faculty members, my friends who gave their full-fledged cooperation
for successful of my project.

(Sabyasachi Samantara)
Roll no:011803CM309
B. Com Final Year

4
CONTENTS

PARTICULARS PageNo.

Certificate 2
Declaration 3
Acknowledgement 4
CHAPTER-1
Introduction 6-16
Defination
History of Internet
Recent History 2000-2021
Evalution of Digital Marketing
Types of Digital Marketing
CHAPTER-2
Review of Literature 17-29
2.1 Types Of Cyber Crime
2.2 Malware And its Type
CHAPTER-3
Conceptual Framework
3.1 Introduction to Cyber Security Framework
3.2 Types of Cyber Security Framework
CHAPTER-4
Methodology 30-34
4.1 Importance of Cyber Security in Digital Marketing
4.2 Tips to Protect Your Digital Marketing from Cyber attacks
4.3 Cyber Security Techniques
CHAPTER-5
Data Analysis and Interpretation 35-45
5.1 Guidelines for Secure Password
5.2 Guidelines for Safe Internet Browsings
5.3 Tips for Online Transaction in Digital Marketing
5.4 Some Recent Cyber Crime Incidents
CHAPTER-6
Conclusion 54-56
Bibilography 57
Annexure 57-58

5
INTRODUCTION

(Chapter-1)

6
1.1 Definition

Information Technology has dramatically increased in the past decade,with massive global rates
of internet consumption by individuals and organizations ranging from academia and
government to industrial sectors.During the last decade, information technology such as mobile
devices and digital applications have transformed daily life, facilitating diverse lifestyles in many
areas.The ease of technology usage as well as the increased demand for online connectivity in
digital marketing.

If your business isn’t online then you’re probably missing out to your competitors. The problem
with doing business online is the increased exposure to cyber crime and digital fraud. It’s one of
the great dilemmas of our age.

However we don’t believe that potential exposure to digital fraud or other types of cyber crime is
a reason to neglect your online presence. By being aware of the main types of digital fraud and
electronic crime, you can minimise your chances of being exposed to them.Many netizens
(i.e.,people who use the internet)still lack sufficient awareness of various internet threats(also
defined as “cyber hazards”).In fact,they often fail to possess the minimum required knowledge to
protect their computing devices.

The term cyber crime is used to describe a unlawful activity in which computer or computing
devices such as smartphones, tablets, Personal Digital Assistants(PDAs), etc. which are stand
alone or a part of a network are used as a tool or/and target of criminal acitivity. It is often
commited by the people of destructive and criminal mindset either for revenge, greed or
adventure.

Cyber Security plays an important role in the field of information technology .Securing the
information have become one of the biggest challenges in the present day. When ever we think
about the cyber security the first thing that comes to our mind is ‘cyber crimes’ which are
increasing immensely day by day.Various Governments and companies are taking many
measures in order to prevent these cyber crimes. Besides various measures cyber security is still a
very big concern to many.This paper mainly focuses on challenges faced by cyber security on
the latest

7
technologies .It also focuses on latest about the cyber security techniques, ethics and the trends
changing the face of cyber security.

1.2 History of internet

The internet has become a vital part of the modern world, inseparable from daily life and
routines. It wasn’t always this way though; the history of internet started somewhere. From
simple computer networks to global interconnectivity and instantaneous wireless
communications, the rapid and dramatic evolution of the internet can help with understanding the
changing nature of technology and communications.

The Internet started in the 1960s as a way for government researchers to share information. ...
This eventually led to the formation of the ARPANET (Advanced Research Projects Agency
Network), the network that ultimately evolved into what we now know as the Internet.

8
1.3 Recent History 2000-2021

Even at the beginning of the 21st century, only around 7% percent of the population has access to
the internet, a report says.From there on, the growth was explosive. According to Internet World
Stats, around 59% of the world population use the internet as of 2019, which amounts to a
whopping 1157% increase in usage within twenty years.

In my opinion, there are mainly three reasons for this:

• Rise of social media networks and blogging websites

• The exponential increase in internet speeds
• The rise of mobile devices cellular data

1.4 Evolution Of Digital Marketing

In a world where over 170 million people use social media on a regular basis, every working
professional is expected to be familiar with at least the core tenets of Digital Marketing. In
simple terms, Digital Marketing is the promotion of products over the internet or any form of
electronic media. According to the Digital Marketing Institute, "Digital Marketing is the use of
digital channels to promote or market products and services to targeted consumers and
businesses."

People are consuming digital content on a daily basis. Very soon, traditional marketing platforms
will disappear, and the digital market will completely take over. There are a number of
advantages in Digital Marketing. Unlike traditional marketing, digital marketing is more
affordable.

You can reach a larger audience in a shorter time period. Technological advances have resulted
in considerable attrition of the customer-base of traditional marketing agencies & departments.
People have moved on to tablets, phones, and computers, which are the areas where digital
marketers have gained the most ground.

People are consuming digital content on a daily basis. Very soon, traditional marketing platforms
will disappear, and the digital market will completely take over. There are a number of

9
advantages in Digital Marketing. Unlike traditional marketing, digital marketing is more
affordable.

The term Digital Marketing was first used in the 1990s. The digital age took off with the coming
of the internet and the development of the Web 1.0 platform. The Web 1.0 platform allowed
users to find the information they wanted but did not allow them to share this information over
the web. Up until then, marketers worldwide were still unsure of the digital platform. They were
not sure if their strategies would work since the internet had not yet seen widespread
deployment.

In 1993, the first clickable banner went live, after which HotWired purchased a few banner ads
for their advertising. This marked the beginning of the transition to the digital era of marketing.
Because of this gradual shift, the year 1994 saw new technologies enter the digital marketplace.
The very same year, Yahoo was launched.

Also known as "Jerry's Guide to the World Wide Web" after its founder Jerry Yang, Yahoo
received close to 1 million hits within the first year. This prompted wholesale changes in the
digital marketing space, with companies optimizing their websites to pull in higher search engine
rankings. 1996 saw the launch of a couple of more search engines and tools like HotBot,
LookSmart, and Alexa.

1998 saw the birth of Google. Microsoft launched the MSN search engine and Yahoo brought to
the market Yahoo web search. Two years later, the internet bubble burst and all the smaller
search engines were either left behind or wiped out leaving more space for the giants in the
business.

10
The cookie was another important milestone in the digital marketing industry. Advertisers had
begun to look for other ways to capitalize on the fledgling technology. One such technique was
to track common browsing habits and usage patterns of frequent users of the internet so as to
tailor promotions and marketing collateral to their tastes. The first cookie was designed to
record user-habits. The use of the cookie has changed over the years, and cookies today are
coded to offer marketers a variety of ways to collect literal user data.

Products marketed digitally are now available to customers at all times. Statistics collected by the
Marketing tech blog for 2014 show that posting on social media is the top online activity in the
US. The average American spends 37 minutes a day on social media. 99% of digital marketers
use Facebook to market, 97% use Twitter, 69% use Pinterest and 59% use Instagram. 70% of
B2C marketers have acquired customers through Facebook. 67% of Twitter users are far more
likely to buy from brands that they follow on Twitter. 83.8% of luxury brands have a presence on
Pinterest. The top three social networking sites used by marketers are LinkedIn, Twitter, and
Facebook.

The digital market is in a constant state of flux. A Digital Marketing professional must find ways
to keep up with this change. They need to be able to keep an eye out for emerging trends and the
development of newer and smarter Search Engine Algorithms. After all, nobody can afford to get
left behind in this race.

While social media sites like Facebook gave people a way to connect and interact with each
other, blogging platforms like Blogger and WordPress were an excellent medium for expressing
knowledge and ideas – two compelling reasons for people to enter the internet sphere.

Here is a list of some of the early entrants, which made an impact on how people use the Web.

11
Facebook – Social networking (launched feb 4, 2004)

Twitter – Social networking / microblogging (launched jul 15, 2006)

Reddit – news & content aggregation (launched jun 23, 2005)

Blogspot – blogging platform (launched Aug 23, 1999)

WordPress – blogging platform (launched may 27, 2003)

YouTube – Video sharing platform (launched feb 14, 2005)

The list may not be complete. But you can see that most of these sites came around during the
early and mid-2000s, and still, they are very much alive.

1.5 Types of Digital Marketing

Digital Marketing can be defined as all marketing efforts using electronic devices/internet with a
variety of marketing tactics and digital media where you can communicate with potential customers
who spend time online. There is a spread of access for potential customers to be ready to see your
offer, like Website, Blog, Social Media (Instagram, Whatsapp, Line, etc.). From variety of the access
that they are getting to communicate to you.

In the digital marketing world you’ll make potential customers interested by your offer. You can
create advertisements, email marketing, online brochures, and more.

Digital Marketing Tactics and Examples

The best digital marketers are those who have a clear picture of how every digital marketing
campaign he has supports his bidding objectives. Depending on the aim of their marketing

12
strategy, a digital marketer can create larger campaigns through the free or paid media that he
has.

For example, a content marketer (content creator) can usually make a series of blog posts that
serve to ask. Social media marketers (social media managers) function to help promote blog
posts through paid and organic (non-paid) posts on social media accounts. The job of the email
marketer is to create an email campaign to be sent to prospective customers to be interested in
the offer offered.

The following could also be a quick review of variety of the foremost common digital marketing
tactics and media involved in each marketing.

13
1.5.1 Search Engine Optimization (SEO)

This is the tactic of optimizing your website to urge a far better “ranking” on program results
pages, thereby increasing the number of organic (or unpaid) traffic your website receives. Useful FF
media from SEO include:

• The website

• Blogs

• Infographics

1.5.2 Content Marketing

This term refers to the creation and promotion of content assets for the aim of generating brand
awareness, traffic growth, acquisition of prospects, and customers. Media which can be used for
your content marketing strategy include:

• Blog Posts

• Ebooks and Articles

• Infographics

• Online brochure

1.5.3 Social Media Marketing

In practice is promoting your brand and content on social media to extend brand awareness,
control traffic, and generate prospects for your business. Media that you simply can use in social
media marketing include:

• Facebook

• Twitter

• LinkedIn

14
• Instagram

• Snapchat

• Pinterest

• Google+

1.5.4 Pay-Per-Click (PPC)

PPC may be a method to drive traffic to your website by paying for every click. The most
commonly used PPC is Froggy Ads, which allows you to pay, and get the top slot on Google
search at “per click” prices. Other media that you simply can use to run PPC are:

• Facebook Ads

• Twitter promotion tweet

• LinkedIn Sponsored Links

1.5.5 Affiliate Marketing

A type of advertisement where you’ll promote other people’s offers or services on your website.
There are several Affiliate Marketing applications, namely:

• Hosting video ads with Youtube.

• Uploading affiliate links.

1.5.6 Native Ads

Native Ads refers to the main ads containing content displayed on media platforms along with
other non-paid content. One example of a post sponsored by BuzzFeed that you can follow, but
there are also many people who think that advertising on social media is doubtful “authenticity”
– Facebook ads and Instagram ads, for example.

15
1.5.7 Marketing Automation

Marketing automation refers to software that functions to automate your basic marketing
operations. Many marketing departments can automate repetitive tasks that they need to do
manually, such as:

• The composition of social media posts

• Updating contact list

• Leading the workflow

• Campaign report

1.5.8 Email Marketing

Some companies use email marketing as a bridge to talk with customers. Email is usually wont
to promote content, discounts and events. And direct prospective customers to visit your website.
There are several sorts of emails that you simply can use to conduct email marketing campaigns,
namely:

• Followers of blog bulletins

• Following abreast of website visitors’ emails that download something

• Greeting email to customers

16
REVIEW OF LITERATURE

(Chapter-2)

17
Introduction

Many people can access this social networking site through iPhone, Android
Phone, Tab, Laptop or other electronic gadgets. They can expertise their profile
through posting any comment, uploading a photo, text or scrap posting,
uploading of music and video in their profile to make the profile more attractive
in front of their Facebook friends. By this site, users may choose to
communicate through various digital objects are connected with friends who are
staying far away from them.

2.1 Types Of Cyber Crime

This isn’t an exhaustive list of cyber crime methods, but covers the main threats posed to small to
mid-sized businesses around the world.

2.1.1 Phishing

There are a lot of fish in the sea, and it just takes one bite and you’ve got a good meal. That’s the
theory behind phishing. By using emails, text messages, instant messages, social media messages
and other direct communications, phishing scammers hope to get the details of anything from
your bank account to your email logins or social security details.

With this access, they can then take money from bank accounts or use your personal data for any
other means. There is also the advanced fee scam, where fraudsters coax money out of you, often
with the promise of a bigger return – too good to be true springs to mind.Most people are savvy
to phishing scams, but it just takes one careless lapse of attention and you could see your bank
account emptied.

18
How to avoid the phishing scam?

The best way to avoid phishing is to avoid responding to messages demanding action directly
from the message. If there is a genuine alert, contact the company in question directly. Say, for
example, your bank contacts you to let you know there has been suspicious activity on your
account, call or DM them and go through their security verification channels.

Basically, if someone you’ve never met before contacts you offering something that’s too good
to be true, it probably is. The 419 scam, aka the Nigerian Prince scam, is a prime example of this.
Ten million dollars to share, if only you’ll give them your bank details?

19
2.1.2 Ransomware

A form of malware, ransomware is used by fraudsters to limit access to your digital devices. By
encrypting the data on your data servers and company computers, fraudsters can then demand a
pay out to release them back to you. Sounds far fetched? Ransomware is one of the fastest
growing forms of cyber crime and is estimated to account for $20 billion in lost revenue in 2021.

You might think that ransomware attacks might only affect big corporates. In fact, ransomware
attacks in 2020 closed down public libraries, car parts suppliers in Germany, Australian logistics
companies and local government offices in countries all around the world.If there is money, there
is a potential target for a ransomware attack.

How to avoid ransomware?

The most common method of delivery for a ransomware attack is a Trojan, often sent as an
infected download via email. Being wary of what you’re downloading and avoiding clicking
anything that you’re not expecting is the best way to avoid inadvertently installing ransomware
malware on your computer.

Of course, if you’re operating a mid to large sized business with multiple computers, you’ll need
to improve awareness of the threat across the board. There is also software to help prevent
ransomware attacks.

20
2.1.3 Data theft

Another major headache for any business is having the details of their customers and clients
stolen by fraudsters. New laws such as GDPR aim to protect data security, and using encrypted
cloud based servers can help. But data theft remains a major form of cyber crime in 2020.

In recent years there have been some high profile cases of data theft, including from Yahoo,
Adobe, several adult dating sites and eBay. Again, data theft doesn’t just affect big corporates,
but can be a huge problem for SMEs too. In fact, 60% of small businesses who are affected by a
data breach go out of business within a year.

How to avoid data theft?

There are a number of processes that businesses should put in place to minimise their potential to
suffer a data theft. First is to use hard to crack passwords, and to avoid using the same password
for every site that you use. Especially the sensitive ones such as bank accounts or anything with
client details and records. Businesses should also use encrypted systems for their sensitive data,
and be careful who gets access to sensitive data.

21
2.1.4 Click fraud

This form of fraud doesn’t affect your digital network or devices, but targets your marketing spend on
programmatic advertising. For example, if you’re running a PPC campaign on Google Ads, business
rivals or organised fraudsters can click your ads and cause you to exhaust your ad budget.

It’s been shown that between 15% to 25% of all traffic on paid ads is from non-genuine sources,
meaning that advertisers are paying out a substantial sum to fraud. In fact, in 2020, click fraud
has cost digital marketers at least $35 billion.

Click fraud is also referred to as invalid traffic, or IVT. The twin practice of ad fraud is the more
organised form of this common cyber crime which is what often gets the headlines due to it’s
bigger impact.

How to avoid click fraud?

Monitoring your click traffic on paid ads is the best way to keep track of your marketing spend.
Watch for traffic peaks, high bounce rates and suspicious traffic sources and block IP addresses
that look suspect. Of course the best option is to use one of the many automated solutions to
prevent click fraud on your paid ads.

22
ClickCease is actually the market leader in click fraud prevention on Google and Bing ads as
well as Facebook. So, if you’re running programmatic ads on these platforms, sign up for a free
trial of ClickCease to see how much fraud traffic your ads are getting.

2.1.5 Flood attacks aka DDoS

Distributed denial of service (DDoS) attacks are designed to shut down a business or website,
potentially offering access to the database for fraudsters. This is caused by an organised targeting
of the security systems by a botnet, overwhelming the bandwidth and often taking websites
offline.

There have been some well publicised cases, including the shut down of North Korea’s entire
internet by supposed hackers (which may or may not have been from the USA), and the
infiltration of a number of American banks by hackers (which may or may not have been from

23
Iran). It’s not just government level shenanigans either. In 2020 there have been DDoS attacks on
financial corporations, online security firms and a number of IoT devices.

How to avoid DDoS or flood attacks?

Like many of the cyber crime practices on this list, the solutions to DDoS attacks are many
and complex. Putting in place processes to prevent a shut down in case of a traffic surge is the
best way to mitigating the effects of a flood attack.

There are also paid software options that you can use to prevent your website or business
being shut down by denial of service attacks.

24
2.2 MALWARE AND ITS TYPE

Malware stands for “Malicious Software” and it is designed to gain access or installed into the
computer without the consent of the user. They perform unwanted tasks in the host computer for
the benefit of a third party. There is a full range of malwares which can seriously degrade the
performance of the host machine. There is a full range of malwares which are simply written to
distract/annoy the user, to the complex ones which captures the sensitive data from the host
machine and send it to remote servers. There are various types of malwares present in the
Internet. Some of the popular ones are:

2.2.1 Adware
It is a special type of malware which is used for forced advertising. They either redirect the page
to some advertising page or pop-up an additional page which promotes some product or event.
These adware are financially supported by the organizations whose products are advertised.

25
2.2.2 Spyware
It is a special type of which is installed in the target computer with or without the user
permission and is designed to steal sensitive information from the target machine. Mostly it
gathers the browsing habits of the user and the send it to the remote server without the
knowledge of the owner of the computer. Most of the time they are downloaded in to the host
computer while downloading freeware i.e. free application programmes from the internet.
Spywares may be of various types; It can keeps track of the cookies of the host computer, it can
act as a keyloggers to sniff the banking passwords and sensitive information, etc.

26
2.2.3 Browser hijacking software

There is some malicious software which are downloaded along with the free software
offered over the internet and installed in the host computer without the knowledge of the
user. This software modifies the browsers setting and redirect links to other unintentional
sites.

2.2.4 Virus

A virus is a malicious code written to damage/harm the host computer by deleting or appending
a file, occupy memory space of the computer by replicating the copy of the code, slow down the
performance of the computer, format the host machine, etc. It can be spread via email
attachment, pen drives, digital images, e-greeting, audio or video clips, etc. A virus may be
present in a computer but it cannot activate itself without the human intervention Until and
unless the executable file(.exe) is execute, a virus cannot be activated in the host machine.

27
2.2.5 Worms

They are a class of virus which can replicate themselves. They are different from the virus by
the fact that they does not require human intervention to travel over the network and spread from
the infected machine to the whole network. Worms can spread either through network, using the
loopholes of the Operating System or via email. The replication and spreading of the worm over
the network consumes the network resources like space and bandwidth and force the network to
choke.

2.2.6 Trojan Horse

Trojan horse is a malicious code that is installed in the host machine by pretending to be useful
software. The user clicks on the link or download the file which pretends to be a useful file or
software from legitimate source. It not only damages the host computer by manipulating the data
but also it creates a backdoor in the host computer so that it could be controlled by a remote
computer. It can become a part of botnet(robot-network), a network of computers which are
infected by malicious code and controlled by central controller. The computers of this network

28
which are infected by malicious code are known as zombies. Trojens neither infect the other
computers in the network nor do they replicate.

29
CONCEPTUAL FRAMEWORK

(Chpter-3)

30
3.1 Introduction to Cybersecurity Framework

For any industry, there are some standards that exist that helps that particular industry to move the
business in a smooth way while keep on complying with the government policies. In the same
way, there exist some standards or framework in cybersecurity that helps organizations to comply
with the security policies that are considered mandatory while keeping the operations secure and
move smoothly. The standards depend upon the kind of organization or the industry, along with
the purpose of opting for the standard. The security professionals has to take care of all the
requirements that must be fulfilled in order to comply with the particular standard. The standards
are meant to secure the enterprise or the organizations, and hence every eligible has to comply
with them. Here in this section, we will see some of the important cybersecurity frameworks that
are used very often.

3.1.1 What is Cybersecurity Framework?

It may be defined as the set of policies that the organization or any eligible body must have to
follow in order to comply with that particular framework or standard.The policies are defined by
the certifying body that checks the audit report in order to finalize if the organization is actually
complying with the specific framework. Based on the requirement of the organization, it depends
on what kind of framework suits them, or they should opt-in order to ensure the business
continuity in a secure manner. There will be some cases where the organization will need to
comply with more than one framework to make sure that they are covering all the security aspects
for their business.

In other terms, the cybersecurity framework can also be explained as the rules that an
enterprise must comply with for the safety of its operations. It is not an optional thing for the
organization but something mandatory where the government plays a vital role.

31
For different purposes, there are different frameworks. For instance, if any organization is willing
to accept the online payment, in that case, they need to comply with PCI DSS compliance before
they implement the online payment mechanism in their system. For the hospitals that process the
patient data has to comply with HIPAA compliance, and in the same way, there are several
frameworks out in the market that the organization has to comply with in order to run their
operations.

3.2 Types of Cybersecurity Framework

There are several cybersecurity frameworks that the organization has to opt for based on their
requirements. Below are some of the most important frameworks that are used very frequently all
across the world.

3.3.1 NIST Framework

NIST is one of the most important frameworks that is used for improving Critical Infrastructure
Security. Infrastructure security is a very crucial part of any organization, and the NIST
framework makes sure that there should be some strict policies existing that can lead to
safeguarding the infrastructure.

3.3.2 PCI DSS

PCI DSS stands for Payment Card Industry Data Security Standard. This may be defined as the
standard that an organization has to follow who is willing to accept or process online payment.
This standard is concerned about protecting users from online fraud. To comply with this standard,
the organization has to make sure that they are handling the user’s sensitive details very carefully,
the user’s card details shouldn’t be stored unless needed, the transaction has to be done in the
secure mode and so on things like this. This standards compliance makes the users feel trust in the
organization as their critical data remains safe.

32
3.3.3 ISO 270001

ISO 270001 is one of the main standards that fall under the domain of cybersecurity. There are
some of the basic rules that have to be followed by the organization in order to comply with this
standard. While applying for getting compliance with this standard, the organization’s system
must have to be free from vulnerabilities; the organization should produce a healthy report very
often, there should be a SOC setup that takes care of the network to prevent the user’s data and so
on similar things.

3.4 What Is Cybersecurity?

Cybersecurity refers to the process of protecting computers, servers, networks, and data
from cyber-attacks. Cybersecurity is also known as electronic information security or
information technology security.

Cybersecurity applies to a variety of contexts. The term can be divided into several categories.
We discuss six of them below:

Network Security

Network security refers to the practice of securing computer networks from intruders. Intruders,
in this case, refer to both targeted attackers and opportunistic malware. Application

Security

33
The primary focus of application security is to keep software and your computer devices free of
threats. When an application gets compromised, it could provide access to essential company
data. That’s why security should always begin in the design stage before deploying the program
or device.

Information Security
Information security aims to protect the privacy and integrity of data, whether in transit or
storage.

Operational Security

Operational security refers to the process of protecting and handling data assets. It includes the
permissions users have to access data and the different procedures used to store and share data.

34
METHODOLOGY

(Chapter-4)

35
4.1 Importance of Cybersecurity in Digital Marketing

Developing a good digital marketing strategy is crucial for your business growth. However, you
also have to consider the security of the entire marketing campaign — from your website to
emails to social media. Neglecting this aspect can cause privacy risks for both you and your
customers.

Here are some typical forms of cyberattacks that involves digital marketing:

Browser hijacking and redirection

Stealing of data and other sensitive

information Identity theft

Proliferation of fake news

DDoS attacks on website

WordPress malware

Aside from these threats, there are still plenty of other forms of cyberattacks that most digital
marketers are not familiar with.

Having a cybersecurity strategy only brings benefits to your brand. Aside from having a robust
defense against malware is just one of the obvious advantages. It also protects your website and
all the data that your customers have entrusted you with. It also offers protection against cross
site scripting, SQL injection attacks, Denial-of-Service attacks, and password cracking.

Having said this, you’ll understand that cybersecurity is not just your IT department’s
responsibility. If a breach happened in your company’s sensitive data or your servers were
attacked, claiming ignorance is not going to resolve things. Cybersecurity is everyone’s
responsibility.

36
The good news is that protecting your company against cybercrimes is not an impossible task.
Let us look at some of the most common aspects of digital marketing where cybersecurity might
be an issue, and how you can protect your business against them.

4.2 Tips to Protect Your Digital Marketing From Cyber Attacks

Since digital marketing not only deals with your company’s data but your customers’
information as well, marketers have to be very cautious when it comes to implementing
campaigns. Here are the common areas that need special attention in terms of online security.

Email

Email marketing might seem old school, but it is still one of the most effective ways to promote a
business. It has one of the highest ROIs in digital marketing, and it can help increase website
traffic and conversion rate.

Unfortunately,emails are also known to be the favorite delivery method of malware. More than
90% of attacks come from emails. Hackers often take advantage of emails to find their next
target using phishing tactics.

They usually send out emails that look authentic, but actually contains links to bogus websites or
has malicious attachments. Hackers imitate the emails from legitimate institutions, such as banks,
Paypal, Amazon, Netflix, government agencies, or organization — all in a bid to get information
from you. And the type of attack that follows depends on the information you’ve given out.You

37
digital marketing team is vulnerable to these kinds of attack because they are the ones who
usually interact with customers (or hackers disguised as customers).

To protect your emails, train every member of the team on how to spot a phishing email. Having
a strong password and using the spam filter of your email service provider also help keep these
threats at bay.

WordPress

It might seem strange to see WordPress on this list. But if you follow cybersecurity news, you’ll
understand that WordPress is one of the most heavily-targeted CMS platforms. Hackers often
target the platform’s vulnerabilities to initiate the attack. Other cybercriminals exploit the
vulnerabilities of the popular plug-ins used with WordPress.

Aside from outdated software, hackers can also use other gateways to infiltrate your site or
disrupt it in other ways, including:

DDoS Attack

This attack floods your website with an insane amount of traffic to break your server and
website.

38
Cross-site Scripting

This happens when a hacker inserts a malicious code into your website to steal the data that
enters your server.

SQL attacks

The hacker tries to gain access to your website’s database.

Password Attack

Using weak passwords, such as your personal information, recycled passwords, or simple
characters, makes it easier for hackers to access your data.The best way to protect your
WordPress account against online threats is to keep it updated at all times. When you enable
automatic updates, you get security patches on time that would address known vulnerabilities.
Don’t forget to check the plugins and extensions you use if they are still updated.

39
Use strong passwords and enable two-factor authentication if possible. You can also install a
Web Application Firewall behind your website to block malicious content and protect your
website too. Encrypt your website as well with SSL by acquiring a digital certificate.

Social Media

Billions of people are on social media right now, making it one of the most effective digital
marketing avenues right now. Platforms like Facebook, YouTube, Instagram, Twitter, and
WhatsApp are teeming with users from all age brackets. But with great opportunity comes great
danger.

Hackers love to target social media accounts — not just of popular people but even ordinary
users as well. Hijacking their accounts allow them to cause more damage. Aside from stealing
your personal information, attackers can also steal your login credentials to hijack accounts and
post offensive materials on your profile. Some will demand payment for the harassment to stop,
while others are usually paid by the competitors to do that dirty deed.

The danger increases with marketing teams because you usually have multiple members
accessing the same social media account. To control the spread of your login details, you can
either use a social media management tool to handle all your social media tasks or use a
password manager to protect your authentication credentials.

Furthermore, educating your marketing team about the dangers of unsolicited social media
messages, especially those containing links. Just as hackers use emails to trick you into sharing
sensitive information, they can also use Facebook and other social media platforms to attack your
system.

40
CRM Software

CRM software is an integral part of digital marketing because this is where you usually store the
data collected from your customers. Aside from storing data, CRM software is also used to
analyse the collected data and use it to draft a marketing strategy for your business.

Imagine what would happen if hackers gain access to your CRM software. They will have access
to those sensitive data and use it for criminal activities. Not only will you lose money from this
breach, you might also lose your brand’s reputation.Protecting your CRM software with a strong
password is not enough. It won’t be effective as you might think so you need to take a different
approach. Why? Because most breaches come from the inside.

To protect the data in your CRM software, limit the access to only trusted employees. Make sure
that those who have access are trustworthy. Screen your staff before assigning them the
responsibility of managing your customers’ data. It would be ideal if you have a tracking tool
you can use to monitor logins to your account. Finally, do not allow any Bring-Your-Own-
Device (BYOD) policy. Employees should only use the devices assigned by the company.

41
4..3 CYBER SECURITY TECHNIQUES

There are many cyber security techniques to combat the cyber security attacks. The next
section discusses some of the popular techniques to counter the cyber attacks.

4.3.1 AUTHENTICATION

It is a process of identifying an individual and ensuring that the individual is the same who
he/she claims to be. A typical method for authentication over internet is via username and
password. With the increase in the reported cases of cyber crime by identity theft over
internet, the organizations have made some additional arrangements for authentication like
One Time Password(OTP), as the name suggest it is a password which can be used one time
only and is sent to the user as an SMS or an email at the mobile number/email address that he
have specified during the registration process. It is known as two-factor authentication
method and requires two type of evidence to authentication an individual to provide an extra
layer of security for authentication. Some other popular techniques for two-way
authentication are: biometric data, physical token, etc. which are used in conjunction with
username and password.

The authentication becomes more important in light of the fact that today the multinational
organizations have changed the way the business was to be say, 15 years back. They have
offices present around the Globe, and an employee may want an access which is present in a
centralized sever. Or an employee is working from home and not using the office intranet and
wants an access to some particular file present in the office network. The system needs to
authenticate the user and based on the credentials of that user, may or may not provide access
to the used to the information he requested. The process of giving access to an individual to
certain resources based on the credentials of an individual is known as authorization and often
this process is go hand-in-hand with authorization. Now, one can easily understand the role of
strong password for authorization to ensure cyber security as an easy password can be a cause
of security flaw and can bring the whole organization at high risk. Therefore, the password

42
policy of an organization should be such that employees are forced to use strong passwords
(more than 12 characters and combination of lowercase and uppercase alphabets along with
numbers and special characters) and prompt user to change their password frequently. In
some of the bigger organizations or an organization which deals in sensitive information like
defence agencies, financial institutions, planning commissions, etc. a hybrid authentication

system is used which combines both the username and password along with hardware security
measures like biometric system, etc. Some of the larger organizations also use VPN(Virtual
Private Network), which is one of the method to provide secure access via hybrid security
authentication to the company network over internet.

4.3.2 ENCRYPTION

It is a technique to convert the data in unreadable form before transmitting it over the internet.
Only the person who have the access to the key and convert it in the readable form and read
it. Formally encryption can be defined as a technique to lock the data by converting it to
complex codes using mathematical algorithms. The code is so complex that it even the most
powerful computer will take several years to break the code. This secure code can safely be
transmitted over internet to the destination. The receiver, after receiving the data can decode it
using the key. The decoding of the complex code to original text using key is known as
decryption. If the same key is used to lock and unlock the data, it is known as symmetric key
encryption.

In symmetric key encryption, the after coding of data, the key is sent to the destination user
via some other medium like postal service, telephone, etc. because if the key obtained by the
hacker, the security of the data is compromised. Key distribution is a complex task because
the security of key while transmission is itself an issue. To avoid the transfer of key a method
called asymmetric key encryption, also known as public key encryption, is used. In asymmetric key
encryption, the key used to encrypt and decrypt data are different. Every user
posse‟s two keys viz. public key and private key. As the name suggest, the public key of
every user is known to everyone but the private key is known to the particular user, who own

43
the key, only. Suppose sender A wants to send a secret message to receiver B through
internet. A will encrypt the message using B‟s public key, as the public key is known to
everyone. Once the message is encrypted, the message can safely be send to B over internet.
As soon as the message is received by B, he will use his private key to decrypt the message
and regenerate the original message.

4.3.3 DIGITAL SIGNATURES

It is a technique for validation of data. Validation is a process of certifying the content of a

document. The digital signatures not only validate the data but also used for authentication.
The digital signature is created by encrypting the data with the private key of the sender. The
encrypted data is attached along with the original message and sent over the internet to the
destination. The receiver can decrypt the signature with the public key of the sender. Now the
decrypted message is compared with the original message. If both are same, it signifies that
the data is not tempered and also the authenticity of the sender is verified as someone with the
private key(which is known to the owner only) can encrypt the data which was then
decrypted by his public key. If the data is tempered while transmission, it is easily detected
by the receiver as the data will not be verified. Moreover, the massage cannot be re-encrypted
after tempering as the private key, which is posses only by the original sender, is required for
this purpose.
As more and more documents are transmitted over internet, digital signatures are essential
part of the legal as well as the financial transition. It not only provides the authentication of a
person and the validation of the document, it also prevents the denial or agreement at a later
stage. Suppose a shareholder instructs the broker via email to sell the share at the current
price. After the completion of the transaction, by any chance, the shareholder reclaims the
shares by claiming the email to be forge or bogus. To prevent these unpleasant situations, the
digital signatures are used.

44
4.3.4 STEGANOGRAPHY

It is a technique of hiding secret messages in a document file, image file, and program or
protocol etc. such that the embedded message is invisible and can be retrieved using special
software. Only the sender and the receiver know about the existence of the secret message in
the image. The advantage of this technique is that these files are not easily suspected. There are many
applications of steganography which includes sending secret messages without ringing the alarms,
preventing secret files from unauthorized and accidental access and theft,digital watermarks for IPR
issues, etc.

Let us discuss how the data is secretly embeded inside the cover file( the medium like image,
video, audio, etc which is used for embed secret data) without being noticed. Let us take an
example of an image file which is used as a cover mediem. Each pixel of a high resolution
image is represented by 3 bytes(24 bits). If the 3 least significant bits of this 24 bits are
altered and used for hiding the data, the resultant image, after embeded the data into it, will
have un- noticible change in the image quality and only a very experienced and tranined eyes
can detect this change. In this way, evcery pixel can be used to hide 3 bits of information.
Similerly, introducing a white noise in an audio file at regular or randon interval can be used
to hide data in an audio or video files. There are various free softwares available for
Steganography. Some of the popular ones are: QuickStego, Xiao, Tucows, OpenStego, etc.

45
DATA ANALYSIS AND
INTERPRETATION
(Chapter-5)

46
5.1 GUIDELINES FOR SECURE PASSWORD

GENERATING SECURE PASSWORD

Choosing the right password is something that many people find difficult, there are so many
things that require passwords these days that remembering them all can be a real problem.
Perhaps because of this a lot of people choose their passwords very badly. The simple tips
below are intended to assist you in choosing a good password.

Basics

 Use at least eight characters, the more characters the better really, but most people
will find anything more than about 15 characters difficult to remember.
 Use a random mixture of characters, upper and lower case, numbers, punctuation,
spaces and symbols.
 Don't use a word found in a dictionary, English or foreign.
 Never use the same password twice.Things to avoid
 Don't just add a single digit or symbol before or after a word. e.g. "apple1"
 Don't double up a single word. e.g. "appleapple"
 Don't simply reverse a word. e.g. "elppa"
 Don't just remove the vowels. e.g. "ppl"
 Key sequences that can easily be repeated. e.g. "qwerty","asdf" etc.
 Don't just garble letters, e.g. converting e to 3, L or i to 1, o to 0. as in "z3r0-10v3"
Tips
 Choose a password that you can remember so that you don't need to keep
looking it up, this reduces the chance of somebody discovering where you have written
it
down.
 Choose a password that you can type quickly, this reduces the chance of
somebody discovering your password by looking over your shoulder.
 Don't use passwords based on personal information such as: name, nickname,

47
birthdate, wife's name, pet's name, friends name, home town, phone number, social
security number, car registration number, address etc. This includes using just part of
your name, or part of your birthdate.
 Don't use passwords based on things located near you. Passwords such as
"computer", "monitor", "keyboard", "telephone", "printer", etc. are useless.
 Don't ever be tempted to use one of those oh so common passwords that are easy
to remember but offer no security at all. e.g. "password", "letmein".
 Never use a password based on your username, account name, computer name or
email address.
Choosing a password
 Use good password generator software.
 Use the first letter of each word from a line of a song or poem.
 Alternate between one consonant and one or two vowels to produce nonsense
words. eg. "taupouti".
 Choose two short words and concatenate them together with a punctuation or symbol
character between the words. eg. "seat%tree"
Changing your password
 You should change your password regularly, I suggest once a month is reasonable
for most purposes.
 You should also change your password whenever you suspect that somebody knows it,
or even that they may guess it, perhaps they stood behind you while you typed it in.
 Remember, don't re-use a
password. Protecting your password
 Never store your password on your computer except in an encrypted form. Note
that the password cache that comes with windows (.pwl files) is NOT secure, so whenever
windows prompts you to "Save password" don't.
 Don't tell anyone your password, not even your system administrator
 Never send your password via email or other unsecured channel
 Yes, write your password down but don't leave the paper lying around, lock the
paper away somewhere, preferably off-site and definitely under lock and key.

48
5.2 GUIDELINES FOR SAFE INTERNET BROWSING

5.2.1SAFE BROWSING

Internet security is a matter of great concern for internet users. It is important to know if a
website is secure or not while surfing the internet19. A secure website creates a safe
connection between the website and the web browser so that entered data, such as personal
information, credit card details, banking information, etc, is not accessible to unauthorized
entities. When the browser opens a secured connection, "https" can be seen in the URL
instead of just http. To know if a website is secure or not, look for the locked yellow colour
padlock symbol on the lower right corner of the browser window.

5.2.2 How do I know if a website is secure?

49
Some web sites use a secure connection between the web site and your browser. This may be
important to you, for instance, if you want to pay online for a product or a service and have to
enter credit card information or other personal information. To know if your browser is
viewing a secure web site, you can look in the lower right part of the window. There is a
small box in the frame of the window to the left of the area that describes which zone you are
in (usually the Internet zone, with a globe icon). If you see a yellow padlock icon, the web
site you are viewing is a "secure web site." If the box is empty, the web site does not have a
secure connection with your browser.

50
5.3 TIPS FOR BUYING ONLINE TRANSACTION IN DIGITAL
MARKETING

Shopping online can be cheaper and more convenient for you and for businesses. However,
make sure you understand your rights and the risks before you shop online or bid in an online
auction.

I..Pay securely: Don‟t make any payment unless:

You are on a secure website, and
You can make a secure payment.
This will protect you against fraud and unauthorised credit card transactions. A secure
website address will always:
begin with „https://‟, not „http://‟
display the image of a closed padlock (usually in the bottom right corner of your
browser window).
Only make a payment if you can see both of these things. Never give out your bank
account details, credit card number or other personal details if you are not certain that
the business is a reputable trader.

II. Know the business: Only buy from websites you know and trust. Check that the
company has a physical street address and landline phone number. If the company
operates from overseas, you might have trouble getting a refund or repair.

III. Know the product: Make sure you check whether:

the product is legal
the product will work in Australia
any warranties or guarantees offered are valid in Australia
the product has an authorised repairer nearby.

IV. Check the contract: Make sure you read and

understand: the terms and conditions of sale

51
the refund policy
the delivery details
returns and repairs policies, including any associated costs.

V. Check the full cost: Be aware of the full cost of your purchase. Additional costs
may include:
currency conversion
taxes
postage and delivery fees
packaging.
It might end up being cheaper to buy the product at a local shop.

VI. Protect your privacy: Only buy online if you are comfortable with a business‟s
privacy policy. Do not give out information unless they require it to complete the sale.
Remember, if a deal sounds too good to be true, it probably is.

VII. Keep records: Always write down any reference numbers and print out copies
of: the order form (both before and after you confirm the order)
receipts (can come by email or in a pop-up window).
Always make sure all charges are correct by checking the receipt against your:
credit card statement
merchant account statement (such as PayPal)
bank statement.
The charges may be converted from another currency.

VIII. Online auction sites: Most online auction sites (like eBay) offer a dispute resolution
process for buyers and sellers. This should be your first step to resolve a dispute if:
you did not receive the items you bought
you did not receive payment for items you sold
you received items that were significantly different from their description.
The eBay website has an example of this facility.

52
5.4 SOME RECENT CYBER CRIME INCIDENTS

In the current section, we will discuss some of the common cyber crimes and fruads incidents
over internet so that you could appriciate how these little ignorance could lead to a big
digaster.

53
CONCLUSION
(Chapter-6)

54
6.1 Conclusion

Computer security is a vast topic that is becoming more important because the world is becoming
highly interconnected, with networks being used to carry out critical transactions.Cyber crime
continues to diverge down different paths with each New Year that passes and so does the security of
the information. The latest disruptive technologies, along with the new cyber tools and threats that
come to light each day, are challenging organizations with not only how they secure their
infrastructure, but how they require new platforms and intelligence to do so. There is no perfect
solution for cyber crimes but we should try our level best to minimize them in order to have a safe
and secure future in cyber space.

The role and usage of the internet is increasing worldwide rapidly. It has increased the convenience of
the consumer as everything can be done staying at home; however, it has also increased the
convenience of cybercriminals to access any data and information which people intentionally and
unintentionally provide on the internet and otherwise. So, along with proper legislation to protect and
prevent cybercrimes, it is necessary that people are made aware and educated regarding cybercrimes.

Nevertheless, even though internet users let out their personal data easily, it still remains the
responsibility of the State to protect the interests of its people. It has been recently found that big
companies like Facebook use personal information and data of its users and use this information to
influence the political views of people. This is a serious threat to both individual’s privacy and the
Nation’s interests. With the introduction of the I.T. Act, 2000, the issue of crimes in Cyberspace in
India has been addressed very smartly, yet, the proper implementation of the Act is still lacking. The
need for efficient cyber laws is very evident, considering the current scenario, but individuals should
also be aware of such threats while surfing the internet.

Cybersecurity is a complex subject whose understanding requires knowledge and expertise from
multiple disciplines, including but not limited to computer science and information technology,
psychology, eco nomics, organizational behavior, political science, engineering, sociology, decision
sciences, international relations, and law. In practice, although technical measures are an important
element, cybersecurity is not primarily a technical matter, although it is easy for policy analysts and

55
others to get lost in the technical details. Furthermore, what is known about cybersecurity is often
compartmented along disciplinary lines, reducing the insights available from cross-fertilization.

This primer seeks to illuminate some of these connections. Most of all, it attempts to leave the
reader with two central ideas. The cybersecurity problem will never be solved once and for all.
Solutions to the problem, limited in scope and longevity though they may be, are at least as much
nontechnical as technical in nature.

We can minimize the threat of cyber attack or cyber crime by getting a little aware and conscious
while using social media platforms. It is possible to ensure the security of your personal data of those
social media platforms with a very minimal effort. Do not share your password with any of your
friends or colleagues or even on any online form. It is also suggested avoiding share information
about your debit or credit card over these social media networks in order to avoid credit/debit card
fraud, as well.

56
6.2 Bibliography

https://azbigmedia.com/business/5-effects-of-cybersecurity-on-successful-digital-marketing/

https://www.google.com/amp/s/froggyads.com/blog/types-of-digital-marketing-for-your-
business/amp/

https://www.google.com/amp/s/www.clickcease.com/blog/cyber-crimes-and-digital-fraud-affecting-
business/amp/

https://bigdata-madesimple.com/overcoming-cyber-security-threats-in-digital-marketing/

http://www.scribd.com

http://www.wikipedia.com

6.3 Annexure

QUESTIONNAIRE
“PROJECT REPORT ON CYBER CRIME AND SECURITY AWARENESS IN DIGITAL MARKETING”

1. The Information Technology Act is an Act of Indian Parliament notified on

A. 2000
B .2001
C .2002
D. 2003
2. Digital Signature Certificate is requirement under various applications
A. Statutory
B. Legislative
C. Govenmental
D. Voluntary

57
3. is a data that has been organized or presented in a meaningful manner.
A. A process
B. Software
C. Storage
D. Information
4. The Altering of data so that it is not usable unless the changes are undone is
A. Biometrics
B. Encryption
C. Ergonomics
D. Compression
5. Authentication is
A. To assure identity of user on a remote system
B. Insertion
C. Modification
D. Integration

6. In which of the following, a person is constantly followed/chased by another person or

group of several peoples?
A.Phishing
B.Bulling
C.Stalking
D.Identity theft
7. Which one of the following can be considered as the class of computer threats?
A.Dos Attack
B.Phishing
C.Soliciting
D.Both A and C
8. is a type of software designed to help the user's computer detect viruses and avoid them.
A.Malware
B.Adware

58
C.Antivirus
D.Both B and C
9. It can be a software program or a hardware device that filters all data packets
coming through the internet, a network, etc. it is known as the :
A.Antivirus
B.Firewall
C.Cookies
D.Malware

10. In order to ensure the security of the data/information ,we need to the data:
A.Encrypt
B.Decrypt
C.Delete
D.None of the above

59