TL;DR:
- Cybercriminals exploit digital systems to conduct illegal activities like theft and fraud across borders.
- Studying real-world attacks helps victims recognize threats early and implement effective defenses.
Cybercriminals are individuals who exploit computer systems, networks, and digital devices to conduct illegal activities including theft, fraud, and disruption. Understanding what they do in practice is far more useful than any abstract definition. Cybercrime is borderless and highly profitable, turning computers into instruments of complex transnational crime that affects governments, businesses, and private individuals alike. The examples in this article cover the full range of criminal activity, from everyday phishing scams to state-sponsored espionage, giving you a clear picture of the threats you and your organisation actually face.
1. What makes a good cybercriminals example?
A useful cybercriminals example does more than name an attack type. It shows the method, the target, and the real-world consequence. Cybercriminals exploit systemic vulnerabilities to gain unauthorised access, disrupt services, and cause financial or reputational damage across a wide range of victims. The primary motivation in most cases is straightforward: theft of sensitive data used to commit further fraud and identity theft. Knowing the “why” behind an attack helps you recognise it before it succeeds.
2. Phishing and Business Email Compromise (BEC)
Phishing is the most widely reported cybercrime type affecting individuals and organisations. An attacker sends an email that appears to come from a trusted source, such as a bank, a senior colleague, or a government body, and tricks the recipient into clicking a link or surrendering credentials. Business Email Compromise takes this further: the attacker either hijacks or spoofs a company email account and instructs finance staff to transfer funds to a fraudulent account.
A typical BEC attack costs a business far more than a standard phishing attempt because it bypasses technical controls entirely. The criminal relies on authority and urgency rather than malware. Phishing and BEC are among the top five cyberattack types affecting organisations globally, according to Huntress analysis from june 2026.
Pro Tip: Set up a verbal confirmation rule for any payment instruction received by email, regardless of who appears to have sent it. One phone call to a known number stops most BEC attacks cold.
3. Ransomware attacks
Ransomware is malicious software that encrypts a victim’s files and demands payment, usually in cryptocurrency, in exchange for the decryption key. Hospitals, schools, and local councils have all been targeted in the UK. The attacker typically gains entry through a phishing email or an unpatched vulnerability, then moves quietly through the network before triggering the encryption.
The damage goes beyond the ransom itself. Organisations face operational shutdown, data loss, regulatory fines, and reputational harm. Paying the ransom does not guarantee file recovery. Ransomware sits firmly within the top five cyberattack categories and shows no sign of declining in frequency or severity.
4. Malware infections: spyware and trojans
Malware is a broad term covering any software designed to cause harm. Spyware runs silently in the background, recording keystrokes, capturing screenshots, and harvesting login credentials without the user’s knowledge. Trojans disguise themselves as legitimate software, such as a free utility or a cracked application, and install malicious code once the user runs them.
Both types are used to build long-term access to a victim’s system. An attacker with a spyware implant on a corporate device can monitor internal communications for weeks before acting. Understanding how to identify cybercrime evidence at the device level is the first step towards containing this kind of breach.
5. Denial of Service (DoS and DDoS) attacks
A Denial of Service attack floods a target’s servers with traffic until the service becomes unavailable. A Distributed Denial of Service attack scales this up by using thousands of compromised devices, known as a botnet, to generate the traffic. Online retailers, financial institutions, and gaming platforms are frequent targets.
The criminal motive varies. Some attackers extort payment in exchange for stopping the flood. Others use DDoS as a distraction while a second team conducts a quieter intrusion elsewhere on the network. The attack itself leaves no stolen data, but the downtime and recovery costs can be severe.
6. Credential stuffing and password spraying
Credential stuffing uses lists of username and password combinations leaked from previous breaches and tests them automatically against other services. Because many people reuse passwords, the success rate is significant. Password spraying takes the opposite approach: it tries a small number of common passwords against a large number of accounts, avoiding the lockout thresholds that detect repeated failed attempts.
Both methods are low-effort for the attacker and high-impact for the victim. A single compromised account in a corporate environment can give an attacker access to internal systems, customer records, and financial data. Multi-factor authentication is the most direct defence against both techniques.
7. Real-life high-impact cases: cryptocurrency fraud and identity takeover
Real cybercrime cases show how sophisticated these schemes become in practice. Three examples illustrate the range.
-
The Gwalior cryptocurrency fraud. A chartered accountant received a WhatsApp message from a contact named “Divya.” Over seven months, the attacker built trust through staged withdrawals and fabricated profits before misappropriating the victim’s life savings. The fraud totalled Rs 21 crore, with over 20,000 transactions used to launder the stolen funds across multiple accounts. The multi-layered laundering made tracing the money extremely difficult.
-
Digital identity takeover via a single text message. In a case reported in june 2026, one text message and a phone call gave an attacker complete control over a victim’s digital identity. The attacker locked the victim out of their devices, email, and digital wallet. No technical expertise was required on the victim’s part to be compromised.
-
Fake trading platforms. Criminals build convincing replica investment platforms, show victims fictitious returns, and encourage larger deposits. When the victim attempts to withdraw funds, the platform either imposes impossible conditions or disappears entirely. Attackers build trust through staged interactions over months before the theft becomes apparent.
Understanding how police investigate cyber crime in cases like these helps victims know what evidence to preserve from the outset.
8. Cyber espionage, state-sponsored attacks, and supply chain breaches
Cyber espionage sits at the more complex end of the spectrum. State-sponsored actors target government networks, defence contractors, energy infrastructure, and research institutions to steal intellectual property or disrupt critical services. U.S. ICE guidance identifies state-sponsored cyberespionage as a distinct cybercrime category alongside more common offences.
Supply chain attacks are particularly difficult to defend against. Rather than attacking a well-protected target directly, the criminal compromises a trusted third-party vendor or software provider and uses that access as a stepping stone. The distinction between a common cybercriminal and a state actor matters for the response: state-sponsored attacks often involve persistent access maintained over months or years, with objectives that go beyond financial gain.
| Attack type | Primary target | Typical objective |
|---|---|---|
| Cyber espionage | Government, defence, research | Intellectual property theft |
| Supply chain breach | Software vendors, IT providers | Persistent network access |
| Critical infrastructure attack | Energy, transport, healthcare | Disruption and leverage |
| State-sponsored intrusion | Political institutions | Intelligence gathering |
9. Emerging cybercrime trends: cryptojacking, ad fraud, and cyberstalking
Cryptojacking hijacks a victim’s computing resources to mine cryptocurrency without their knowledge. The victim notices only a slowdown in device performance and an increase in energy costs. The attacker profits without ever touching the victim’s data directly.
Cybercrime examples now include cyberbullying and cyberstalking alongside financial offences, reflecting how digital tools have expanded the range of harm criminals can cause. Online harassment campaigns can destroy professional reputations and cause serious psychological harm. Financial fraud targeting digital wallets and online banking accounts has grown as more transactions move away from cash.
- Cryptojacking: Malicious scripts embedded in websites or software silently mine cryptocurrency using the visitor’s CPU.
- Ad fraud: Automated bots generate fake clicks on digital adverts, diverting advertising budgets to criminal accounts.
- Cyberstalking: Persistent online harassment using social media, messaging apps, and location data to monitor and intimidate victims.
- Digital wallet fraud: Attackers use social engineering or malware to gain access to payment apps and drain funds instantly.
Pro Tip: If your device runs unusually hot or your browser slows dramatically on certain websites, run a scan for cryptojacking scripts. Browser extensions such as uBlock Origin block many known mining scripts by default.
Protecting your digital identity and personal data is the first line of defence against these emerging threats, even without specialist IT knowledge.
Key takeaways
The most effective way to defend against cybercrime is to study real examples, because attackers rely on victims not recognising the pattern until it is too late.
| Point | Details |
|---|---|
| Phishing remains the entry point | Most attacks begin with a deceptive message, whether email, SMS, or social media. |
| Trust exploitation takes time | Investment scams and identity fraud often unfold over weeks or months before the victim notices. |
| State actors use different tactics | Espionage and supply chain attacks prioritise persistence and stealth over immediate financial gain. |
| Emerging threats are low-visibility | Cryptojacking and ad fraud cause harm without triggering obvious alerts or user awareness. |
| Evidence preservation is critical | Victims who act quickly to preserve digital evidence give investigators the best chance of tracing funds and identifying attackers. |
The pattern I keep seeing at Computerforensicslab
After years of examining devices and data in cybercrime cases, one thing stands out clearly. The attacks that cause the most damage are rarely the most technically complex. The Gwalior cryptocurrency fraud started with a WhatsApp message. The identity takeover described in june 2026 required only a text and a phone call. The victims were not careless people. They were targeted precisely because they appeared trustworthy and financially active.
What concerns me most is the gap between how organisations think about cybersecurity and how attackers actually operate. Businesses invest in firewalls and endpoint protection, then lose hundreds of thousands of pounds because a finance manager received a convincing email on a Friday afternoon. The technical controls were fine. The human layer was not.
Forensic investigation matters enormously after an incident, but the role of digital forensics in law enforcement extends beyond prosecution. A thorough forensic examination tells you exactly how the attacker got in, what they accessed, and whether they left anything behind. That knowledge prevents the second attack, which is often worse than the first.
The organisations that handle cybercrime best are the ones that treat it as a continuous operational risk, not a one-time IT problem. Continuous education, clear incident response procedures, and access to professional forensic support are not optional extras. They are the baseline.
— Computer
How Computerforensicslab can help when cybercrime strikes
When cybercrime affects your business or personal life, the quality of your response in the first hours determines what evidence survives. Computerforensicslab provides professional digital forensics services to individuals, legal professionals, and businesses across the UK. The team examines computing devices, mobile phones, cloud accounts, and social media to recover evidence, trace criminal activity, and produce court-ready expert witness reports. Whether you are dealing with a ransomware attack, a financial fraud, or an identity compromise, Computerforensicslab maintains full chain of custody throughout every investigation. Contact the team to discuss your case and understand your options.
FAQ
What is cybercrime, with a simple example?
Cybercrime is any illegal act carried out using a computer or digital network. A straightforward example is phishing, where an attacker sends a fake email to steal login credentials or banking details.
What is the most common type of cybercriminal attack?
Phishing, ransomware, malware, DDoS, and credential-based attacks are the five most common cyberattack types affecting individuals and organisations, based on Huntress analysis from june 2026.
Can a single message really compromise your entire digital life?
Yes. A reported june 2026 case showed that one text message and a phone call gave an attacker full control over a victim’s devices, email, and digital wallet, with no technical knowledge required from the victim.
How do cybercriminals launder stolen funds?
Cybercriminals use multi-layered laundering networks involving thousands of transactions and accounts to obscure the origin of stolen money, as demonstrated in the Gwalior cryptocurrency fraud case.
What should I do immediately after a cybercrime incident?
Preserve all digital evidence without altering devices or accounts, document every communication related to the incident, and contact a professional forensic investigator to assess what was accessed and how the attacker gained entry.

