Glossary term
Cybercriminal
A cybercriminal is a person or group that uses computers, networks, digital accounts, or online systems to commit theft, fraud, extortion, intrusion, or other crimes.
Updated
Read time
What Is a Cybercriminal?
A cybercriminal is a person or group that uses computers, networks, digital accounts, or online systems to commit theft, fraud, extortion, intrusion, or other crimes. Cybercriminals may target individuals, businesses, governments, nonprofits, schools, hospitals, or financial institutions.
The financial impact can be immediate and severe: stolen funds, ransomware payments, business interruption, identity theft, account takeover, data-breach costs, legal exposure, and reputational damage.
Key Takeaways
- Cybercriminals use digital systems to commit or enable crime.
- Common tactics include phishing, ransomware, credential theft, business email compromise, malware, and account takeover.
- The target is often money, data, access, identity, or leverage.
- Businesses face both direct losses and secondary costs such as downtime, recovery, notification, and legal expense.
- Victims should report cyber-enabled crime through appropriate law-enforcement and incident-response channels.
How Cybercriminals Operate
Cybercriminals often exploit trust and weak controls. A phishing email may trick an employee into entering credentials. Malware may encrypt systems until a ransom is paid. A business email compromise scheme may impersonate an executive, vendor, or closing agent to reroute payments. Credential-stuffing attacks use stolen passwords from one breach to access other accounts.
Some cybercriminals work alone. Others operate as organized groups with specialized roles: malware developers, access brokers, money mules, negotiators, infrastructure operators, and fraud coordinators. The work can be cross-border, which makes investigation and recovery harder.
Common Cybercrime Patterns
Pattern | Financial Risk |
|---|---|
Phishing | Credentials, payments, or personal information are stolen. |
Ransomware | Systems are locked or data is threatened for payment. |
Business email compromise | Payments are rerouted through impersonation. |
Account takeover | Bank, brokerage, payroll, or shopping accounts are misused. |
Data theft | Customer, employee, or trade-secret information is exposed. |
Financial Consequences
The direct loss is only part of the problem. A business may need forensic investigation, legal counsel, customer notification, credit monitoring, system rebuilding, regulatory response, insurance claims, and public communication. A household may face stolen savings, fraudulent loans, tax identity theft, or long-term credit cleanup.
Time matters. Delays can reduce the chance of recovering funds, preserving logs, stopping lateral movement, or warning affected parties. Companies should know who can freeze payments, isolate systems, contact banks, notify insurers, and coordinate legal response before an incident occurs.
Prevention and Control
Strong controls reduce opportunity. Multifactor authentication, payment verification, least-privilege access, employee training, patch management, backups, endpoint protection, vendor controls, and incident-response plans can all reduce losses. For financial transfers, out-of-band verification is especially important when instructions change.
No control eliminates risk. Cybercriminals adapt quickly and often target human behavior rather than only technology. A good program assumes attempts will occur and builds layers so one mistake does not become a catastrophic loss.
Reporting and Recovery
Victims should contact financial institutions quickly when money is moved or accounts are compromised. Businesses may also need to notify cyber insurers, legal counsel, regulators, customers, or law enforcement. In the United States, the FBI directs victims of cyber-enabled crime and fraud to the Internet Crime Complaint Center.
Reporting can support investigations and sometimes fund recovery, but it is not a substitute for immediate containment. The first hours often determine whether the event stays limited or spreads.
Household Exposure
Households face cybercriminal risk through bank accounts, brokerage accounts, email, tax filings, payment apps, retirement accounts, and identity records. A stolen password or compromised email account can become a financial event when it gives criminals a path to money movement, credit applications, or impersonation. Families can reduce damage by using unique passwords, multifactor authentication, account alerts, credit freezes when appropriate, and a habit of verifying unusual payment requests through a separate channel.
The Bottom Line
A cybercriminal uses digital systems to steal, defraud, extort, or gain unauthorized access. The financial risk reaches beyond technology into payments, identity, operations, insurance, legal exposure, and trust.