The number of cybercrime attacks, particularly ransomware, has exploded in the past year and no industry appears to have been spared with targets ranging from infrastructure to education and gaming. In many cases, the intensity and level of attack have baffled even cybersecurity experts and have caused them to wonder how such massive attacks didn’t trip a single alarm.
While it is true that sometimes even the most secure networks may end up with a potential data breach, or come close to being attacked, the more aware everyone is of cyber scams and what can be done to protect themselves, the better our chances of preventing falling prey to it. Whenever a cybercrime occurs, it’s usually because the criminal found a weak point of entry that they exploited to gain access to their target. And the targets when it comes to cybercrimes are typically money (just as with several other kinds of crimes in the physical world) and data — personal or otherwise.
In this piece, we examine a few major kinds of criminal schemes that cybercriminals mostly use to defraud victims of millions of dollars a year, and look at a few key tips on how to protect yourself better and add another crucial layer of security to your cyber world. These are mainly drawn from information published by the Federal Bureau of Investigation (FBI).
Cybercriminal Modi Operandi
According to the FBI, there are seven main kinds of high-profile methods that cybercriminals use to target victims. The Bureau goes on to describe them as:
Business E-Mail Compromise (BEC) — A sophisticated scam targeting businesses working with foreign suppliers and companies that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Data Breach — A leak or spill of data that is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and can involve sensitive, protected, or confidential information that is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
Denial of Service — An interruption of an authorized user’s access to any system or network, typically one enacted due to malicious intent.
E-Mail Account Compromise (EAC) — Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised e-mails to request payments to fraudulent locations.
Malware/Scareware — Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
Phishing/Spoofing — Both terms deal with forged or faked electronic documents. Spoofing generally refers to the dissemination of e-mails that are forged to appear as though it was sent by someone other than the actual source. Phishing, also referred to as “vishing,” “smishing” (a combination of the words SMS and phishing), or “pharming,” is often used in conjunction with a spoofed e-mail. It is the act of sending an e-mail falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user’s information.
Ransomware — A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through spear phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as Bitcoin, at which time the actor will purportedly provide an avenue to the victim to regain access to their data.
Apart from those, another growing threat to children and youth is the increase in instances of online predators. This is, perhaps, by far the most dangerous of the lot given it could lead to more serious crimes like child sex abuse, production of child sex abuse material (CSAM), kidnapping, rape, drug abuse-related crimes, human trafficking, murder, etc. As convenient as the internet is to the rest of us, it’s important to remember that the very same tool may also be easily misused by those with malicious intentions.
Basic Tips To Protect Yourself From Cyber Crime
One of the ways in which the government and law enforcement agencies in the United States are combating cyber threats is by closing the gaps in intelligence and information security networks that could be exploited by criminals. The FBI works with federal counterparts, foreign partners, and the private sector to close those gaps. It says that it fosters a “team approach” through unique hubs where government, industry, and academia form long-term trusted relationships to combine efforts against cyber threats.
Within the government, that hub is the National Cyber Investigative Joint Task Force (NCIJTF). The FBI leads this task force of more than 30 co-located agencies from the intelligence community and law enforcement. The NCIJTF is organized around mission centers based on key cyberthreat areas and is led by senior executives from partner agencies. Through these mission centers, operations and intelligence are integrated for maximum impact against U.S. adversaries.
Then there are other various measures, including the Justice Department’s actions that we mentioned earlier in the piece, that the government and law enforcement agencies have taken. The DOJ has also taken several other steps in the battle against cybercrime. Biometrica wrote about those in an earlier story, which can be found here. In the meantime, what can individuals do to make it tougher for cybercriminals to target them?
Here are a few basic tips from the FBI to protect your computer/laptops and other devices:
Keep Your Firewall Turned On — A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords and other sensitive information. Software firewalls are widely recommended for single computers. For multiple networked computers, hardware routers typically provide firewall protection.
Install or Update Your Antivirus Software — Antivirus software is designed to prevent malicious software programs from embedding into your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.
Install or Update Your Antispyware Technology — Spyware is just what it sounds like: software that is surreptitiously installed on your computer to let others peer into your digital activities. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the internet or at your local computer store. But be wary of ads on the internet offering downloadable antispyware.
Keep Your Operating System Up to Date — Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
Be Careful What You Download — Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know.
Turn Off Your Computer — With the growth of high-speed internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection — be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.