Last year was a test of endurance for businesses, which had to embrace digital transformation or risk lagging behind. Many opportunities emerged from the crisis, and the businesses that managed to adapt could even find ways to grow. However, with the advent of digital transformation also came a higher risk of cybercrime. More people using the Internet and working from home, from unsecured devices, meant more opportunities for hackers, who took advantage of software vulnerabilities to exploit personal and corporate data.
According to a recent report released by the FBI (Internet Crime Report 2020), cyberattacks reached an all-time high last year. The Bureau received over 790,000 cybercrime complaints, which is 69% higher than in 2020, and all these attacks caused combined losses of $4.2 billion. What’s more, the FBI received over 28,000 complaints of COVID-19 scams. Many people discovered that their personal data had been stolen and used to submit unemployment claims or stimulus check applications, and, later during the year, millions of messages and emails were sent advertising vaccine scams.
The rise of cybercrime is a particularly dangerous side-effect of digitization. While digital transformation itself is a good thing and should not be stopped, in order to reap its benefits, we have to learn to recognize the fraudulent practices used by cybercriminals and take action to protect ourselves from them.
How do cybercriminals get access to confidential data?
Cybercrime has advanced a lot in the past few years. The practices and technologies used by hackers are becoming more and more sophisticated, which means that it’s really easy for them to mislead a person who is not too familiar with online security. According to FBI Section Chief Steven Merrill, criminals are very opportunistic, and they prey on vulnerable users. The most common practices they use include:
Business Email Compromise
Although the number of companies that were affected by Business Email Compromise (BEC) dropped in 2020 compared to 2019, this remains the most expensive type of scam. As part of this scam, cybercriminals send emails that look official, pretending to be legitimate vendors or company clients. More often than not, the email address is a spoof of a legit website, and hackers use malware to gain access to sensitive company information, or they convince the recipient that they are indeed reliable and wire them money that is then secured in a crypto or offshore account.
Direct cyberattacks targeted at a specific company
Many times, hackers set their target on a particular company and do whatever they can to penetrate their security systems. One of the most recent examples is the SolarWinds hack, which, according to the White House, affected over 100 companies. The hack is particularly scary because it shows that not even the biggest tech companies are safe; security experts explained that a team of hackers, allegedly from Russia, added malicious code into the SolarWinds software systems. The code then created backdoors into the company’s thousands of US clients, installing even more malware and gaining access to confidential business and customer data. Unfortunately, it took months until the SolarWinds hack was discovered, compromising many organizations as early as March 2020. One report from the White House revealed that, apart from the 100 private companies directly affected by the scam, nine federal organizations were also affected. In total, it is estimated that nearly 18,000 clients received the malicious code.
The tech support scam
Pop culture depicts hackers as ominous individuals who sit in dark rooms and breach their victims’ personal data by brute force but, many times, hackers pass as helpful tech support staff. It’s an increasingly common scam, and it affects elderly Internet users in particular. For this scam, cybercriminals call victims on the phone, pretending they represent a utility company or their ISP and that they can solve a (nonexistent) tech issue. For example, they can say that the client’s operating system license has expired or that their computer got hacked. In any case, the goal is to sound convincing enough to get them to tell them their credit card number or wire them some money. According to the FBI, the number of tech support scams increased by 171% in one year, causing losses of over $146 million.
Ransomware continues to rise.
Even before the pandemic, ransomware was a worrying practice. In 2019, ransomware attacks caused losses of $9 million, three times more than in 2018. In 2020, the losses reached $29 million, making ransomware one of the most financially damaging cybercrime practices. One of the biggest misconceptions about ransomware attacks is that only big corporations are targeted. They definitely are, but that doesn’t mean that small businesses are immune. In fact, ransomware attacks are all the more dangerous for small businesses, and hackers often choose them because they don’t have the infrastructure, financial, and legal power to fight them. And if a big company can bounce back relatively quickly after a cyberattack, for small businesses, the blow is so hard that they can’t manage to recover.
Elderly Internet users and people with poor Web literacy, the most vulnerable targets for cyberattacks
Although cyberattacks can affect anyone, even people who know computers, most of the time, hackers don’t bother with them because they’re not easy targets. Instead, they exploit users who aren’t very familiar with computers and who are easy to fool, such as the elderly. Because they did not grow up with technology, seniors are more likely to trust a cybercriminal who pretends to call on behalf of Microsoft, telling them that their license will expire soon and that they need to wire $150 to renew it, or that they have a computer virus and it costs a measly $50 to remove it. This is a matter of social engineering, which is why it’s all the more important to raise awareness of the dangers of cybercrime and teach everyone how to follow basic cybersecurity practices.