The cost of Cyber Crime or its value to the criminals is a totally unknown figure. In 2013 McAfee sponsored a Centre for Strategic and International Studies (CSIS) report that came back with figures of $400 Billion, but some estimates are more than double that.
However, there is one thing that the security industry does recognize; it typically costs 100 times the loss to fix the problem!
Think about that; for every single £1 that is lost in the value of the data or the fraud, you need to spend £100 to fix the original problem.
One of the major problems is that groups of talented programmers are working together to identify potential threats and then exploit them. The amount of money these groups of hackers and their organized crime sponsors have to invest in the development of new threats is matched only by the amount they are willing to pay for simple ways to exploit people with those threats.
Once the threat has been developed it needs to be deployed. If the criminals are able, they can get Chinese hosted systems that are difficult to shut down but expensive (in relative terms).
Previously hacked computers known as Zombies are grouped together in what is known as a BotNet.
The going rate among top-of-the-line American machines is 1,000 zombies for $120, 5,000 zombies for $550, and 10,000 zombies for a cool $1,000. ( Source: https://threatpost.com/how-much-does-botnet-cost-022813/77573#sthash.jYTxlF9I.dpuf)
Those BotNets are used to infect other computers with the latest software threat and so it begins.
Again, it is relatively cheap to set up an Internet Based telephone system, you get all the features of a major phone system for about £10 per user per month plus the cost of calls when they break out from the internet onto the local phone system.
But, as I mentioned, these people have money and setting up a group of 20 or 50 call “centre staff” is not a problem. These are “staff”, who will know exactly what they are doing, could be trafficked humans or are getting paid for their part in the scam.
Biggest Current Threats
CryptoLocker: This is technically something that we term Scareware, but it is a real threat in most cases. Often Scareware is no real threat but CryptoLocker is different.
You should understand that if you are a business then you should get a licensed version and if contact the author of this article as he can arrange better value on these.
Of course you can protect yourself from this threat with the right piece of software, we recommend CryptoPrevent because it works for free (home users) with all versions of Windows.
CryptoLocker works by encrypting your data (maybe your complete disk drive) during the countdown period. To decrypt it you need a unique key, the threat is that if you don’t pay up before the countdown ends then the key will be destroyed and therefore your data will be unrecoverable. This threat is very real.
During the Countdown period an IT Engineer should be able to remove the threat without any serious data loss.
So how can you protect yourself from these types of ID Fraud? Understand and remember the following and you will be on your way to protecting yourself.
The sophisticated fraudster won’t actually empty your account; they may make a small purchase and seemingly do nothing else. In reality they are building a new version of your identity and obtaining other sources of credit. These are then used to obtain goods and before you know it someone is calling you about the debt on an account you never opened.
Again the scam can be performed by sending you a special offer in an email that seems to be from a site you use and by following the link, you end up at a clone of the site, complete the purchase with your credit or debit card and bam! The deed is done and so are you!
Phishing is usually performed by sending mass emails that look legitimate and tempt you into clicking a link that takes you to your Bank or Building Society website…. Except it is not the real website, it is a clone.
You enter your online banking details and suddenly find that the bank is undergoing maintenance of its systems – please come back later. You have just handed your details to the fraudster and they can now order other services, use your funds, create new accounts etc.
This is no small threat, it costs the UK nearly £3 Billion a year and that figure is rising. ID Fraud can be conducted online and offline. From “dumpster diving” to sophisticated malware to simple phone scams and in particular Phishing.
- Your Bank or Building Society will NEVER send you an email
- Only ever open emails from people you know and trust
- If what seems like a legitimate email arrives and you are interested in an offer then if you have to click on the link study the website address when you arrive at the website.
- Does the website address match the company’s website exactly?
- When you open another tab in your browser and search for the company, click the link in the search results, does the website address match and the site look the same?
- During any purchase process is the website data encrypted?
- Look at the website address in the browser, usually it would start http:// but if you are in a secure environment it will start https://
- Is there a padlock symbol in the address bar?
If the answer to any of these is no, then why not pick up the phone and call the company to check the offer before proceeding?
The Windows or Microsoft Scam
This is a phone scam, the caller will claim to be from Windows or Microsoft and tell you that there is a problem with your computer and that it is affecting the network or the internet.
First of all, Windows is an Operating System not a company; second, Microsoft doesn’t phone people about problems with their computer.
The aim of the scam is to gain remote access to your computer to:-
- Infect it and turn it into a Zombie
- Sell you some software; usually claiming your Anti-Virus software isn’t good enough and charging you for their Anti-Virus program which is anything but what it claims to be
- Claim that your Windows License is not valid and that you have to pay them for a new licence or they will stop Windows from working
All of these will result in you losing access to your computer in one way, shape or form.
Their aim is not just to compromise your computer but to get your credit/debit card details as well.
The caller will become more aggressive as you try to reject their claims, so please be aware of these calls.
Your Phone Bill
Another scam involves a caller claiming to be from your Telephone Provider, they will say that your last bill did not get paid or something similar. They will ask you for a payment by card to prevent you being cut off.
If you push for proof of who they are they will at some point ask you to hang up and then try and make a call to someone.
You will find you don’t get a dialling tone so you can’t make a call. Then your phone will ring and the scammer will explain that they just cut your phone off and then reconnected it.
All sounds legitimate, but in fact when you hung up, they did not, they just muted the call. So when you tried to dial there was no dial tone and you couldn’t dial out because you were still connected. Once you hung up and did nothing for a minute they hang up and call you back.
Please be aware of these and similar scams. If in doubt, ask them for contact details so you can call them back, then look up the proper number for the company concerned and check with the real company to see if there is an issue.
If you become a victim or if someone tries to scam you, then please report them:-
Business owners always want everything for nothing – please don’t be insulted, I’m in business and I begrudge spending money on solutions unless they are really necessary and I can see the benefit.
Business owners always want security fixed for the lowest fee possible, but we have to look at the business and analyse the data and the threats and then do an evaluation of solutions before we recommend the way forward.
Sounds simple but let a colleague and real security expert explain it to you. ‡Rich Hollis is one of the very few Security Guru’s that I follow closely. I have had the fortune to meet after one of his eCrimes Wales talks, interestingly the video below will help any company assess the threat and identify what needs protecting. If you are serious about security then you really need to watch these short videos.
Zen And The Art of e-Business Security Part 1 (Parts 2 & 3 should follow on completion)
Stephen Richards is the Owner of Computer Technical Solutions who provide a full range of IT and Telecomms business support in and around North Wales.
‡Rich Hollis is the Director of Risk Factory based in London https://www.riskfactory.com/