Cybersecurity, or simply the concept of internet security, is something that even the layman internet user is beginning to be familiar with nowadays, and with good reason! The word cybersecurity brings to mind things such as; computers, the internet and hackers -for most people. These associations are, in fact, very apt and the high factor of concern over cybersecurity is perfectly warranted. Evidence of this is that 2021 industry predictions for cybersecurity are reflecting top trends that both casual and business internet users need to be aware of. The fact that hordes of cybercriminals are preying on everything from innocent internet users to the largest companies and even governments, is telling of the current cybersecurity dilemma worldwide. This is even more apparent now with a much larger active remote workforce. Due to these facts, one of the top concerns coming into the 2020s that has carried over from the last decade is identity theft via phishing scams.
The state of cybersecurity is a legitimate concern nowadays. Cybersecurity solutions businesses as well as the top levels of law enforcement are aware of it, to quote FBI Director Robert Mueller “There are only two types of companies: those that have been hacked, and those that will be”. Cybercrime is inevitable, but in order to give cybercriminals a hard time we need to be informed and proactive on this subject.
What is a Cybercriminal?
Cybercriminal is a broad term, encompassing several different meanings as well as having many uses. Fundamentally, a cybercriminal is a digital criminal or criminals and cybercrime is conducted with the use of computers. Cybercrime is the digital counterpart of real life crime, only in that digital crimes do not often involve physical harm (but can lead to it at their most ruthless). The term cybercriminal means either an individual or group adhering to cybercrime, that may be after social engineering hacks for identity fraud, or may be state-level groups (digital terrorists) that aim to disrupt an entire nation, digitally. Cybercriminals, more widely appreciated as simply ‘hackers, are very difficult to pinpoint by law enforcement and cybersecurity teams. The signature of a cybercriminal or cybercriminals as a group, is to anonymize themselves with the use of cybersecurity tools and be as invisible as possible, conducting their business with as little a trail of breadcrumbs leading back to them. Cybercrime involves; social engineering scams and malware ransomware attacks, among others. Their number, as well as their attack surface, grows by the day due to their persistent search for profit and control.
What is Phishing And Online Identity Theft?
Frank Abagnale, known as the father of social engineering and whose life story inspired the movie Catch Me if You Can, told the story of a life spent with fake identities and fraudulent financial practices, “If you make it easy for people to steal from you, it is unfortunate, but people will” Abagnale stated. In a cybersecurity interview, Abagnale also stated that “Technology breeds crime, always has and always will” and that it is now thousands of times easier for cybercriminals to conduct identity theft -which even law enforcement will usually turn a blind eye to if the case is not high-profile enough.
Phishing is the primary form of social engineering identity theft recognized online today. In essence, it is reminiscent of the word ‘fishing’ and for a reason, because phishing entails the cybercriminal ‘fishing’ or ‘baiting’ the victim for sensitive information and credentials. Identity thieves will utilize phishing to gain access to a victim’s personal and sensitive information such as; addresses, names, bank accounts, employment information, social security and card numbers. Just the fact that over $100 billion has been stolen only in the past few years by identity thieves is enough to know how big of a problem it is. Sometimes, the data that is ‘phished’ will be further sold to the ‘deep web’ to be sold to others anonymously.
Cybercriminals will leverage ‘phishing’ via the following methods;
• Instant Message (IM)
• Social media comments
• Text messages
• Telephone call
Cybercriminals will use the above methods to contact someone, posing meanwhile as either;
• An online business
• A bank
• Someone offering you money or a prize
• Lottery personnel telling you that you have won the lottery
• Any other way that they come up with to socially bait you into it
Phishing scams always have the ‘too good to be true’ element involved, whatever the method being used is and usually the person on the other end will be rushing you into paying or deciding quickly. Phishing emails, for example, can include dangerous links that you should never click on if you do not recognize the sender.
How to Prevent Online Identity Theft
When receiving emails, texts, calls or social media comments -whatever the case may be- the way to prevent giving cybercriminals key information about yourself that they may later use is to thoroughly inspect where the content is from, who the sender is, the subject, date and attachments (if it is an e-mail). Phishers will often target people who are not technically aware, which gives phishing scams that slimy feel.
Here are some methods and techniques to prevent online identity theft and phishing scams;
• Never use the same password across your accounts, and make sure to use unique and complex passwords
• Use of a privacy-oriented browser that prevents third-party cross-tracking, fingerprinting and blocks unencrypted connections
• Any links that are sent you by email must be ‘encrypted’ when you hover over them, which means the link must have HTTPS at the beginning
• Filter your social media accounts in the privacy settings so that people you don’t know can’t contact you, and avoid oversharing as well as sharing personal or sensitive information online
• Browse with a VPN installed (Virtual Private Network), that will encrypt and anonymize you from the rest of the internet
• Use a secure email client like ProtonMail and let the spam filters do their work
• Read through your emails thoroughly and see if you recognize and misspelling or weak grammar which may indicate a phishing email
• Never download unauthorized apps and always peruse online reviews before you download or install