What the Next Big Cybercrime Technology Should Be

cybercrime technologyWe use technology every day in our lives for everything. People just expect the lights to be on, they expect to turn on the tap and water to come out. Did you know you’re activating about 250 different microchips when you’re driving a modern automobile?

Every machine you get connected to in the hospital, the ATM you use at the bank, your credit card purchases – its all somehow or another connected to a computer and the Internet. Even home appliances have become Internet-enabled.

Technology is just becoming the fabric of the modern world – we’re becoming increasingly dependent on it. People don’t realize that behind all of these systems theres computers that were probably built 20 years ago. All of those computers and software are deeply insecure. As consumer technology advances, so does cybercrime technology.

Cybercrime is a Business

The standard view of a cyber criminal is some 16-year-old pimply kid in his mom’s basement hacking away at a keyboard in between games of World of Warcraft or Call of Duty. But it’s changed – today its actually a business, ran by traditional organized crime groups and new modern organizations. They’re global, they’re multinational, multilingual and they’re operating 24/7.

If you are a victim of a car theft, you know that your car is stolen. You can call the police, they can look for it, etc. The difference with cybercrime is that it happens in the background, and by the time you actually realize it, if you ever do, its way too late. 99% of the people who  have been victims of cybercrime don’t even know about it. The machines have been hacked, the bad guys are living inside your computer, they’re monitoring what you’re doing.

According to the latest studies in 2014, the average time until detection is over 200 days – that doesn’t matter if you’re a mom sitting at home, a carpet cleaning business or a major corporation in Silicon Valley. By the time you realize you’ve got a problem, it’s way too late. Now you have a major case of Internet fraud. Your customers credit cards are now out on the Internet or people are starting to short your stock in really odd ways.

Cybercrime Technology is a Global Threat

Here’s a simple scenario: These cybercriminals are going to first break into a computer in Buenos Aires, then they’re going to hop to a computer in Italy, from Italy they’ll go to London, and then they’ll go to the bank they want to take over in New York. Now you have an international criminal investigation and the evidence is incredibly ephemeral. For some in different parts of the world, the whole concept of a cyber world of Internet and computers is so new. They have absolutely no laws against cyber crime. If we don’t have legal framework that allows the countries to cooperate then the victim can’t do much about the attacker. We don’t have a set of frameworks that address the full range of cyber hazards.

The technology is developing way too quickly for us to rely upon legal instruments to fix this problem. Beyond that, most of the world’s information is not encrypted – whether it be your credit card number, your personal data or your health records. We have the attackers running very very quickly and its extremely difficult to defend against them. The real question for us is, “Do I feel safe in this online environment?”

There’s never been a better time for exponential change in the cyber security world. I think the next big cybercrime technology should be a safer Internet. What do you think?

– M

How to Prevent Identity Theft

Today’s post comes from our friend Michael, a business owner who does catering in Champaign, Illinois (quite a fancy place, I hear). But like the rest of us, he’s a part-time cybercrime enthusiast. He’s kindly provided five tips for how to prevent identity theft, just as a reminder for all of us.

Simple Tasks Can Lead to Complicated Problems

Tasks as simple as buying gas or using an ATM can put you at risk for identity theft. Criminals are smarter than ever, staying current with new technologies and continuously finding new ways to commit crimes. So, here are five tips to help you prevent identity theft and avoid becoming a victim.

5. Look out for skimmers. These virtually undetectable devices are commonly placed on credit card machines, at gas pumps and on ATMs. They’re disguised as part of the machine and are positioned right over the slot where you insert our credit or debit card. If you’re using ATMs, check to see if the card slot looks in any way suspicious. Alternatively, go into stores and get cash back at the register.

4. Change usernames and passwords often. Frequently change your usernames and passwords to websites that contain your personal information such as online banking sites.

3. Don’t respond to emails, text or phone calls with personal information. This is called “phishing” as we’ve posted previously about. Not even your credit card company will ask for your full social security number.

2: Check your online account balance and transactions often. Making this a habit will help you catch theft before it gets really ugly.

1. Obtain identity theft protection. Without insurance coverage, recovery is a long tedious process and it can take years to clear your name.

Although these tips will better protect you, insurance companies identity theft coverage includes protection for your family. But review coverage carefully -different companies have different levels of coverage. Most insurance companies identity theft protection is around $25-30 per year and include monitoring services. Many of their systems work 24/7 to let you know of any unusual activity, stopping criminals in their tracks.

To learn more, visit https://www.identitytheft.gov/.

– M

How to Spot Phishing Emails

In today’s post, I’d like to stray from the usual Case Study and share something that I received in my inbox recently: Phishing Emails – you may not see them frequently, but they can be hard to spot (These cyber crooks are gettin’ good these days).

“Phishing” emails are malicious emails sent by criminals attempting to compromise your personal information. And they can seem legit.

Many phishing emails can be disguised as a message from an authoritative entity asking you to visit a website and enter personal information. These websites are set up by criminals to gather personal details which they can then use to hack into your accounts and commit fraud. Some links and attachments in these kinds of emails contain malicious software, known as malware, that will try to install themselves on your computer. These malware can collect data such as usernames and passwords. If you recognize these emails, delete them immediately.

It’s estimated that 156 million phishing emails are sent every day and of those, 16 million get through the protection software, 8 million are opened, 800,000 links are clicked and and 80,000 innocent people fall for scams and give away their personal details. Knowing how to recognize these emails can lessen your chances of you getting caught. Here are some of the signs of phishing emails.

1. Email Address

This is the first thing you should look at. Criminals use two tricks when crafting email addresses – first, they’ll put a real company’s name before the “@“ to make it look credible and second, use a web address similar to the genuine one. For example, http://www.cleanrmow.com is a genuine website and they may have a real email address such as “contact@cleanrmow.com” or “info@cleanrmow.com.” Scammers will craft phishing email addresses almost identical to the real addresses. They could change the letter “L” to an “I” like so: http://www.cieanrmow.com. Or they may change the letter “O” to a zero like this: info@clearnm0w.com. Check these emails carefully to make sure they are the same as the real web address.

2. Generic Greetings

Beware of emails with generic greetings such as “Dear Valued Customer” and similar welcomes. Look for poor spelling, punctuation or grammar. However, you can alway rely on these obvious signs as sometimes scammers go to great lengths to make their phishing emails look authentic as possible. They’ll use the company’s real logo and even the names of people that work there.

3. Sense of Urgency

Phishing emails may use phrases such as “you should update your password immediately” to create a sense of urgency in order to lure their targets into giving away their personal information. They may even use a threat like, “You’ll be fined if you don’t act now.” These scammers may make you feel as if you’re missing our on something, peak your curiosity or use your fears to push you into making an instant response. If you feel you’re being pressured in any way, or that something just doesn’t feel right, be especially careful.

4. Links

If there is a link within the email, hover your cursor over the link to view the underlying address. In other words, check to see where it would take you if you were to click the link.

5. Name

Look to see whose name is at the end of the email. If it’s from a department or team, do they actually exist? If it’s from a person, is their name in the email address and is the email address real?

These are just generic emails which are sent out to large groups of people, knowing that it only takes a few to click to make the effort worthwhile to the scammers.

Spear Phishing

Criminals sometimes target individuals. These cyber attacks are called “spear phishing” and this method is on the increase because criminals know many more people are fooled by them. Spear phishing emails often use personal information obtained from social media pages to make the emails look more credible. For example, criminals might use your name or tailor the email to reflect things you like; your hobbies, interests, where you live or what is happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

It can often feel like we’re bombarded with emails both at home and at work, and many of them have genuine links and attachments. Be sure to look for the signs of phishing emails and think before you follow any links or open any attachments.

Take care.

– M