I thought I was sort of an expert. I thought I knew a lot about cybercrime, because I’m always talking about it, right? Well, October was Cyber Security Awareness month, and after attending the Cyber Security summit the BBB hosted in Omaha, then sharing a car ride to South Dakota with two actual experts and attending a second summit in Sioux Falls, I was humbled and astounded by how little I knew.
Cybercriminals are crooks who use the computer to commit their crimes, which include a broad range of offenses from computer malware and viruses designed to kidnap data, to selling our personal information and, of course, identity theft.
Phishing (sending out official looking emails to try to get at sensitive data) and pharming (luring unsuspecting users to fake websites via phony links or email attachments) trick consumers into revealing personal information. These thieves steal all kinds of data, such as PINs and passwords, login information and even bank account numbers.
We try to protect ourselves by blocking spyware and by arming our systems with antivirus software, but computer repair companies will be the first to confirm that a lot of their hours are still spent repairing computers that have been damaged by malware or viruses.
Why is the situation getting worse for ordinary people and smaller businesses, who have so little to steal?
Because, as the sophistication level of the criminals has grown, security has become of paramount importance to large companies and institutions, which are no longer easy pickings for cyberthieves. We might not think our personal or even our business’s information is anything really worth stealing; our data might seem like nothing cybercriminals could exploit, but it’s all useful to them. Every tiny bit of information is salable on the black market, because every nugget of data can help a thief.
I was aware that cybercriminals are sophisticated, but I didn’t fully grasp the complexity of their systems until I listened at our summits.
We aren’t just up against heartless scammers in Jamaica, anymore, or callous Ukrainian thieves working out of Quonset huts; these days, organized crime is perpetrating a lot of the cybercrime out there, and individuals and small businesses are more vulnerable than ever. The world is rife with crime syndicates, and many of them are peddling our information, now in the same way they might also deal in drugs or slavery.
Some malware even takes our precious data hostage, so companies or individuals have to pay a ransom to get it back, and I recently came across a disturbing story out of Australia, where a woman was allegedly lured to South Africa by someone who’d been scamming her online. She’d already sent the Nigerian man well over $100,000 and when she went to Johannesburg to meet him, someone stole her money, her credit cards, her laptop and her jewelry — before finally taking her life.
In a word, beware. They can take more than our information, and they can gain access to more than our money.
Children are especially vulnerable and are even more likely than adults, certainly, to click on bad links, to be persuaded to answer questions that seem harmless, or to provide information that might seem innocuous. The bad guys exploit every weakness to get what they want, and what they want is everything.
The Better Business Bureau has joined with the National Cyber Security Alliance’s “STOP. THINK. CONNECT.” campaign to recommend the following tips to avoid becoming the next victim of a criminal enterprise:
>> Avoid sharing. Don’t reveal personal or financial information in an email and do not respond to email solicitations for this information. This includes following links sent in emails. Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
>> Pay attention to a website’s URL. Hover over any links to see where they lead. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different — but similar — domain.
>> If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.
>> Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware and other online threats. In general, you get what you pay for, and the free anti-virus software isn’t always enough. Inexpensive web-hosting also is sometimes a dangerous choice for businesses when storing sensitive data.
>> Be suspicious and stay vigilant. Open emails, attachments and links only from people you know, and teach your children to do the same. Use anti-virus software regularly and enhance email filters to block threats. Watch out for unsolicited emails that contain misspellings or grammatical errors and be sure your children don’t talk to strangers online, ever.
Jim Hegarty is president of the Better Business Bureau representing Nebraska and southwest Iowa. To contact him, email firstname.lastname@example.org or call 402-898-8520.