Covid-19 is transforming business within the illicit economy according to We Fight Fraud’s recent report. Alarmingly, the report charts a trend towards transacting the proceeds of crime via bank transfers and trading illegal goods on social media. This will alarm legitimate businesses, especially banks and FinTech organisations, who are being used to launder money, in breach of the regulations governing them. Legitimate businesses are also being used to facilitate fraud.
Dr Nicola Harding, WFF Advisor and academic specialising in fraud, is lead author of the whitepaper explaining: “The operational changes we found mirror those experienced by legitimate businesses during the pandemic, who reported a dramatic decrease in the use of cash. We found that the preferred option for criminals is now bank transfers, while some are also using PayPal or premium rate telephone numbers to send funds.”
Simon, who works in IT, shared with the researchers the process of buying cannabis from a page on Instagram. He paid by bank transfer and the drugs were delivered to his house via Royal Mail – all within 36 hours.
Forbes estimates that cybercrime will cost the global economy more than $6 trillion per year by the end of 2021.
We often think of cyber attacks as events that involve international corporations and brands worth billions of dollars, but in reality, we are all vulnerable. In this guide, we’ll explore some practical ways to deal with the ever-present threat of cybercrime.
Education and learning
You might not have extensive knowledge of how security breaches occur or what happens if systems or networks are targeted. Read articles, seek professional advice and look into possibilities like doing classes or a cyber security course or finding online learning resources. It’s hugely beneficial to learn how to spot warning signs, how to protect your computer and devices and how to shield sensitive data and information.
Recognise warning signs
The Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), United Kingdom’s National Cyber Security Centre (NCSC) and Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors last year and those vulnerabilities being widely exploited thus far in 2021.
One of the key findings is that four of the most targeted vulnerabilities in 2020 involved remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options due to the COVID-19 pandemic challenging the ability of organisations to conduct rigorous patch management. In 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. This advisory lists the vendors, products, and CVEs associated with these vulnerabilities, which organisations should urgently patch.
“In cybersecurity, getting the basics right is often most important. Organisations that apply the best practices of cybersecurity, such as patching, can reduce their risk to cyber actors exploiting known vulnerabilities in their networks,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors.”
Sometimes, when you open your junk email or a text on your phone from an unknown number, it’s possible to tell it’s a scam instantly, but in other cases, attempts to extract information or encourage you to share data are much more subtle and sophisticated. Learning how to spot warning signs and red flags is incredibly useful. Common signs include emails and messages from addresses and numbers that are not saved in your contacts, poor grammar and spelling mistakes, requests for personal information, for example, bank account details, and the use of inaccurate logos or company names. Always check the source of messages before clicking on links or replying. Reputable organisations, for example, banks, will never ask you to provide personal details via email.
Make use of security software and tools
If you use a smartphone, a laptop, a tablet or a desktop computer at home, it’s wise to make use of security software and tools to bolster your defences, protect your data and reduce the risk of downtime. Anti-virus software, firewalls and programmes and tools designed to identify and block phishing emails can help you stay safe online. Assistant Minister for Defence, the Hon Andrew Hastie MP, said the Australian Cyber Security Centre (ACSC) continues to receive increased reports of ransomware incidents.
“Backups are one of the best ways to build resistance against ransomware, making it much harder for cyber-criminals to hold Australians to ransom,” Assistant Minister Hastie said. “Regularly backing up your data and keeping it off your network on a USB or in the cloud will make it faster and easier to restore your important files if they ever become lost, stolen, or compromised. In the case of ransomware, it may not be possible to recover data and get your business or projects back up and running without backups stored offline. Your private and personal information – health, financial, and valued photos – are at risk if they are not regularly backed up in a safe location.”
Backups are digital copies of valuable information stored on devices, such as photos, documents, videos, and data from applications. Backups can be saved to external storage devices or to the cloud.
Change passwords frequently
One of the simplest and most effective ways to lower the risk of cyber attacks and security breaches is to change your password frequently. Start by selecting a password that is difficult to guess and then replace it with a new password every few weeks.
Use secure networks
If you don’t want to run out of data, it can be tempting to log onto any old network to access free WiFi. If you are out and about, always ensure that you use private, secure networks and sites that have the padlock sign.
Cybercrime tends to hit the headlines when multinational corporate giants are targeted by hackers, but it’s a threat to all of us. Everyone can be proactive in taking steps to protect sensitive data and shield networks and systems. Take these tips on board today to keep threats at bay.
How a personality trait puts you at risk for cybercrime
Impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware attacks. New research examines the behaviors — both obvious and subtle — that lead someone to fall victim to cybercrime involving Trojans, viruses, and malware.
“People who show signs of low self-control are the ones we found more susceptible to malware attacks,” said Tomas Holt, professor of criminal justice and lead author of the research. “An individual’s characteristics are critical in studying how cybercrime perseveres, particularly the person’s impulsiveness and the activities that they engage in while online that have the greatest impact on their risk.”
Low self-control, Holt explained, comes in many forms. This type of person shows signs of short-sightedness, negligence, physical versus verbal behavior and an inability to delay gratification.
“Self-control is an idea that’s been looked at heavily in criminology in terms of its connection to committing crimes,” Holt said. “But we find a correlation between low self-control and victimization; people with this trait put themselves in situations where they are near others who are motivated to break the law.”
For computer behavior, they asked participants about their computer having slower processing, crashing, unexpected pop-ups and the homepage changing on their web browser.
“The internet has omnipresent risks,” Holt said. “In an online space, there is constant opportunity for people with low self-control to get what they want, whether that is pirated movies or deals on consumer goods.”
As Holt explained, hackers and cybercriminals know that people with low self-control are the ones who will be scouring the internet for what they want — or think they want — which is how they know what sites, files or methods to attack.
Understanding the psychological side of self-control and the types of people whose computers become infected with malware — and who likely spread it to others — is critical in fighting cybercrime, Holt said. What people do online matters, and the behavioral factors at play are entirely related to risks.