Cybercrime indiscriminately affects organisations and individuals in some form or another. The ripple effect caused by this type of scam impacts private individuals and large organisations alike. As scammers adapt and react to counter-criminal measures, it’s worth knowing what we, as consumers, can do to stop them in their tracks.
The BCS (formerly British Computer Society, now the Chartered Institute for IT) indicate that there are no authoritative statistics on how many PCs are currently infected in the UK, but estimates vary between 1-15%. In the opinion of BCS, 5% would be a conservative estimate of the actual scale of the problem.
Often these PCs become part of a ‘Botnet’, a network of tens of thousands of individual devices which cyber-criminals use to send spam emails or launch a ‘denial of service’ attack against an organisation, which can be ‘rented out’ for criminal purposes.
There are various terms that are used to describe the different ways in which these criminals operate, and differing levels of complexity and technicality in what they do.
So, what are the common types of scams that are conducted online by cyber-scammers, and what actions can we take to ensure that we protect ourselves and our devices.
Phishing (and Vishing and Smishing) & ‘Social Engineering’
Most cyber scammers gather information via social media and email. A ‘mixed-media’ approach enables scammers to gather data through a number of channels which the individual utilises. This serves to create a more comprehensive picture of the consumers’ private details and fills gaps which other methods may have overlooked or missed.
Phishing remains the best known of these 3 types of scam and typically involves the scammer gathering personal information (such as banking details) by masquerading as a legitimate source. This can take the form of an email from an organisation such as HMRC, a streaming service provider or delivery companies the consumer may have used before. These emails often advise of a failed payment or request the resetting of a password. Attempts to comply with the emails request usually redirect the user to a fake website which appears like the genuine article. When the requested information is submitted, it can give the scammer full access to the consumer’s account(s).
These scams can appear even more legitimate if the consumer is contacted directly by telephone or SMS (also referred to as ‘Vishing’ or ‘Smishing’). These social engineering techniques take the form of unsolicited contact. However, more complex efforts can appear to be from familiar sources such as a friend or family member requesting money. This method is referred to as ‘blagging’ and often appears to come from people close to the target, making them seem like genuine requests.
The term ‘malware’ is an amalgamation of ‘malicious’ and ‘software’. This is a particularly vicious type of cyber-attack that can take various forms. The ultimate motive of the scammer is to obtain control of the device.
In 2012, the House of Commons Science and Technology Committee published ‘Malware and Cybercrime’, which outlined how a target may never know that they have been the subject of one of these attacks as the only noticeable consequence being a loss in performance of the device(s).
There are also situations in which the cyber-scammer can use malware to infect a device and then use this to lock the person out of their emails and personal documents, demanding payment to be made in order to remove the virus. Threats can extend to the information which the hacker has obtained from the target’s device(s), threatening that the individual’s web history will be made public (often mentioning the use of adult sites). Even more disturbingly, scammers have threatened to release webcam footage of the target which they have obtained from the device(s) without the individual’s knowledge.
The most important thing to note when threatened with cyber blackmail is to ensure that no payment is made and immediately inform the relevant authorities. These acts are criminal and need to be reported as such.
Paying scammer the sums requested rarely solves the problem, and may lead to further instances of extortion; either using the same information to request even more money be paid, or the sale of this information on to other scammers who can make similar attempts.
Internet Service Provider (ISP) interaction
Interaction between the Internet Service Provider and consumer in the UK is limited when compared with other countries who more openly and proactively contact their customers to advise when a breach of security happens or when a device becomes compromised by ‘botware’ or malware.
The number of infected machines has seen a dramatic decrease over time, with ISP’s becoming more vigilant in their attempts to protect consumers. The sharpest decrease demonstrates a reduction from 5.5 million occurrences of infection in September 2010 to 3.5 million in 2012.
The evolving nature of these attacks and the increasing complexity and intensity of cyber scammers means that vigilance is key both on the behalf of the ISPs that consumers are paying to supply a service and the general public at large.
At consumeradvice.scot, we believe that cyber security is of the utmost importance in protecting your personal information. We have put together some of the top tips for ensuring you remain cyber-secure, not only for Cyber Scotland Week, but day-to-day-
Passphrase protection – Ensure that your passwords are not easily guessed by upgrading them to ‘passphrases’. Use three random words that are memorable to you – But not connected and easy for potential scammers to guess. Try to use different passwords on non-essential sites (such as forums) than you do for regularly accessed sites and apps (banking, emails etc).
Update regularly – Ensure software and app updates are up to date – many updates contain vital security updates that help to protect devices from scammers installing malware. This should include Anti-Virus software.
Avoid and report suspicious activity – If you get an email requesting a change of password and a link is provided, avoid clicking this as you may be redirected to a cloned site that looks legitimate but IS NOT. Report any suspicious activity to the official website in question or contact consumeradvice.scot.
Be aware of scam trade tricks – Remember that scammers can use multiple sources to gather information and target you, including social media. Be wary of the information that you share online that others can see and don’t get caught out. Keep up to date with the current tricks that scammers are using.
Back up important data – Ensure that photos and important documents are backed up in case your machine is compromised. Backup can be made to a hard drive which is external to the device or a secure cloud-based storage system.
In instances where a breach of security has occurred, consumers should contact the police who have specialist teams who will deal with all reports confidentially and sensitively.
If you are concerned about scams or think that you have been scammed, consumeradvice.scot are able to offer free and practical advice on this, and other consumer issues. You can contact consumeradvice.scot on 0808 164 6000. We are open 9am-5pm, Monday-Friday. You can follow us on social media – Twitter: @advicedotscot and Facebook at www.facebook.com/advice.scot, Instagram: @advice.scot, or get ahead by visiting our knowledge centre at www.consumeradvice.scot.
You can also report suspected scams and suspicious activity at scamwatch.scot.
Cyber Scotland Week runs from 22nd-28th February; A week long series of events making Scotland cyber aware and resilient.
More information is available at CyberScotland Week – CyberScotland Week draws together events across Scotland