Digital Threat Financial Cover

Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.

While hacking might not always be for malicious purposes, nowadays most references to hacking, and hackers, characterise it as unlawful activity by cybercriminals — motivated by financial gain, protest, information gathering (spying), and even just for the fun of the challenge.

Many think that “hacker” refers to some self-taught whiz kid or rogue programmer skilled at modifying computer hardware or software so it can be used in ways outside the original developers’ intent. But this is a narrow view that doesn’t begin to encompass the wide range of reasons why someone turns to hacking.

Hacking has evolved from teenage mischief into a billion-dollar growth business, whose adherents have established a criminal infrastructure that develops and sells turnkey hacking tools to would-be crooks with less sophisticated technical skills (known as “script kiddies”).

In fact, it’s accurate to characterise hacking as an over-arching umbrella term for activity behind most if not all of the malware and malicious cyberattacks on the computing public, businesses, and governments.

Hacking is typically technical in nature (like creating malvertising that deposits malware in a drive-by attack requiring no user interaction). But hackers can also use psychology to trick you into clicking on a malicious attachment or providing personal data. These tactics are referred to as “social engineering.”

Besides social engineering and malvertising, common hacking techniques include:

• Viruses
• Worms
• Trojans
• Ransomware
• Botnets
• Browser Hijacks
• Denial of Service
• DDoS Attacks
• Ransomware
• Rootkits

The best defence is to download a reliable anti-malware product (or app for the phone), which can both detect and neutralise malware and block connections to malicious phishing websites.

Know that no bank or online payment system will ever ask you for your login credentials, social security number, or credit card numbers by means of e-mail.

Whether you’re on your phone or a computer, make sure your operating system remains updated. And update your other resident software as well.

Avoid visiting unsafe websites, and never download unverified attachments or click on links in unfamiliar emails.

If a hacker discovers one of your passwords that you use for multiple services, they have apps that can breach your other accounts. So make your passwords long and complicated, avoid using the same one for different accounts, and instead use a password manager.

Identity theft is the crime of obtaining the personal or financial information of another person to use their identity to commit fraud.

This includes making unauthorised transactions or purchases.

Identity theft is committed in many different ways and its victims are typically left with damage to their finances, credit rating, and reputation.

Identity theft can be committed in many different ways. Some identity thieves sift through trash bins looking for bank account and credit card statements.

They may search the hard drives of stolen or discarded computers, hack into computers or computer networks, access computer-based public records, use information-gathering malware to infect computers, browse social networking sites, or use deceptive e-mails or text messages.

There are various forms of identity theft, but the most common is financial.

• Financial Identity Theft
  In financial identity theft, someone uses another person’s identity or information to obtain credit, goods, services, or benefits.
  
  
• Synthetic Identity Theft
  Synthetic identity theft is a type of fraud in which a criminal combines real (usually stolen) and fake information to create a new identity, which is used to open fraudulent accounts and make fraudulent purchases. Synthetic identity theft allows the criminal to steal money from any credit card companies or lenders who extend credit based on the fake identity.
  
  
• Tax Identity Theft
  Tax identity theft occurs when someone uses your personal information, to file a fake tax return in your name and collect a refund.
  
  
• Criminal Identity Theft
  In criminal identity theft, a criminal poses as another person during an arrest to try to avoid a summons, prevent the discovery of a warrant issued in their real name, or avoid an arrest or conviction record.

E-mail fraud is an intentional deception for either personal gain or to damage another individual by means of e-mail. It can take the form of a con game or scam.

E-mail fraud usually targets individuals who put their confidence in schemes to get rich quickly – exploiting the inherent greed and dishonesty of victims. These include ‘too good to be true’ investments or offers to sell popular items at ‘impossibly low’ prices. Many people have lost their life savings due to the prospect of a bargain or the temptation of 'something for nothing'.

Spoofing:

Spoofing is pretending to be someone else on e-mail. Common spoofing takes the form of the actual sender’s name and the origin of the message being concealed or masked from the recipient. Many instances of e-mail fraud includes spoofing to avoid easy traceability.

Phishing:

Phishing is tricking victims into providing personal details or login information. Spoof messages purport to be from an existing company, often one with which the victim already has a business relationship. An example may be a spoof message from the bank's "fraud department", asking the victim to confirm their information, log in to their account, or to create a new password. Instead of being directed to the website they trust, victims are referred to an identical looking page with a different URL on which their private information is captured by the criminal.

In many cases, phishing e-mails can appear to be benign, for example a new friend request on a social media platform.

Bogus Offers:

Fraud often starts as e-mail solicitations to purchase goods or services. The fraudulent offer typically features a popular item or service at a drastically reduced price, or in advance of its actual availability. For example, the latest video game may be offered prior to its release, but at a similar price to a normal sale. In this case, the greed factor is the desire to get something that nobody else has, and before everyone else can get it, rather than a reduction in price. These item are paid for, but never delivered.

Winnings & Inheritance:

Receiving an e-mail regarding winning an automatically entered competition, or inheriting from a distant family member or stranger, is a common form of e-mail fraud. It often requires the victim to first deposit an amount of money to clear the funds, or to provide banking details for the deposit.

Request for Help:

A more subtle way of e-mail fraud is a request form help by a stranger, in return for a reward ("hook"). The reward may be a large amount of money, a treasure, or some artifact of supposedly great value.

Invoice fraud involves a fraudster notifying you that payment details have changed and providing alternative details in order to defraud you.

Fraudsters can imitate e-mail addresses to make them appear to be from a genuine contact, including someone from your own organisation.

Funds are often quickly transferred so recovering money from fraudulent accounts can be extremely difficult.

• Always check the details of any new / amended payment instructions verbally, by using details held on file, and do not solely rely on the new instruction.
  
  
• If you are suspicious about a request made by phone, call them back on a trusted number. Fraudsters will attempt to pressure you into making mistakes.
  
  
• Look carefully at every invoice and compare it to previous ones received that you know to be genuine – particularly the bank account details, wording used and the company logo.
  
  
• When making a payment, ensure your invoices quote the full legal or ‘trading as’ name.
  
  
• Consider setting up single points of contact with the companies you pay regularly.
  
  
• Apply the same principles to requests from within your own organisation. Ensure that staff are regularly educated, particularly those that are responsible for making payments.
  
  
• Regularly conduct audits on your accounts.
  

Most accommodation owners and rental agents of holiday properties advertise online. Finding potential victims to scam, is thus easy.

• Distinguish between legitimate and fraudulent accommodation listings by using reputable sites when searching for accommodation, and verify as much of the information given as possible before making any payments.
  
  
• Once you have found a suitable property, do an online search of the rental agent or owner to get confirmation of their contact details and address, as well as check for complaints from other customers.
  
  
• Use Google Maps to make sure that the address exists, and compare images of the surroundings with those used to advertise the property.
  
  
• If a facility has hundreds of rave reviews online, but it has only been listed for a short period of time, you should be suspicious as those reviews are probably fake.
  
  
• A good way of finding reputable holiday accommodation is through word of mouth. Ask friends and family for recommendations and referrals.
  
  
• If the accommodation listing is in a resort, complex or estate, phone the caretaker or manager to confirm the establishment exists, and verify the details of the owner. If the area you plan to visit has a tourist information centre, they should also be able to verify the existence of such listings, and perhaps even the owner or rental agency too.
  
  
• Don’t be embarrassed to ask as many questions as it takes for you to be satisfied that the information is credible. If someone is hesitant to answer your questions or gives vague and incomplete information, it should raise a red flag.
  
  
• Ensure that you have the advertiser’s full name, e-mail address and contact number, and insist on written confirmation of your booking and any payment made.
  
  
• If something sounds too good to be true, it usually is. If the accommodation is much cheaper than the norm in that area, or if a prime location is still available, days before peak season arrives, it is probably fake.
  
  
• Don’t be bullied into making a hasty booking or payment and don’t fall for an insistence that urgent payment is required to secure your booking. If the party you are dealing with seems way too eager to get their hands on your money, you might be dealing with a scammer.

Cyber extortion is a worldwide, continuously growing, multi million dollar enterprise. It is the act of cybercriminals demanding payment through the use of or threat of some form of malicious activity against a victim, such as data compromise or denial of service attack.

Cyber extortion often occurs via e mail-based ransom demands. With this tactic, recipients are told that their personal information will be released to their social media contacts, family, and friends if a ransom is not paid. The recipient is then instructed to pay in some form of currency (such as bitcoin) with an extremely tight deadline.

Organisations can start raising awareness by providing social engineering and phishing training to employees. The threat of malicious software (including ransomware) can be prevented by antivirus protection and ensuring that patching for all software is up to date.

Legitimate organisations and financial institutions will never ask for personal or financial information via e-mail. If a message appears to be a phishing or spam e-mail, it probably is.

• Never reveal personal or financial information in response to an e-mail.
  
  
• Never provide login details (usernames and passwords) in response to requests.
  
  
• Do not open suspicious e-mails or, at least, do not click links contained in such e-mails.
  
  
• In general, do not post sensitive information online.