Cyber Crime on the rise

Author: Martin Voelk
February 3, 2016

You can read about Cyber crime in the papers daily. Breaches and hacks in all parts of the world. However what is often neglected is the fact that a lot of the Cyber crime is committed by a lot absolute amateurs with very little IT knowledge. The victims unfortunately, in most cases, are even less experienced in even basic IT Security. A lot of the crimes could be prevented by basic user education. Even a lot of companies fail to educate their users around the threats out there, so one can imagine how the security awareness is around individuals and families.

No doubt there are sophisticated hacking groups, organised networks and individuals who are very skilled and true Black hats. But the sort of scams we see almost daily are sometimes so basic, yet so effective due to the lack of education.

A few very bad examples we encountered:

  • Bad guy sends an email to someone’s wife asking for confidential information like a credit card by email. Bit of research, new gmail or Yahoo address and the results are stunning how many people send their Credit Card information to their alleged husband/wife
  • Installing Malware with a Microsoft installer and even disabling AV because the instruction of the great game or tool asks people to
  • Trusting any Facebook profile if people believe it’s actual a friend, not realising that anyone can set up any Facebook profile and pretext to be someone else
  • Get a $100 USD/EUR/GBP voucher for XYZ  by simply answering 5 questions and authenticate with your Gmail / Yahoo / Hotmail / Amazon or Ebay account. This is a bit more sophisticated but for the bad guys easily done. The problem is cross authentication where you have legit sites which allow you to use FB/Twitter login. If in doubt – don’t enter credentials! No one will give anyone a $100 voucher for a few questions.

A few golden rules to mitigate threats:

  • Mistrust all email which isn’t digitally signed (verify offline, call the boss, husband, wife or whoever asks for something sensitive by Email)
  • Don’t blindly install cool games or tools. Run an AV scan on everything first
  • Don’t trust Social Media and especially not requests for sensitive information over that medium. Verify offline
  • No one will give you a $100 USD voucher for just a few questions. And if someone really does, there is no need to supply a password ever!

A police officer in a small town in the UK recently addressed the fact that 80% of Cyber crime could be prevented by basic user education and security awareness. Very good article.




Comments are closed.