Cybercrime. How not to get caught?
Every year, business spending on cybersecurity increases due to the active work of cybercriminals. This poses additional threats to the business in the form of malfunctions due to hacking attacks, leakage of personal data of customers, reputational damage and loss of profits. Therefore, the recklessness of a business owner in cybersecurity can be too costly.
In 2017, the Parliament adopted the Law “On the Basic Principles of Cyber Security of Ukraine”, which regulated the issue of security in the field of cyberspace. Cybersecurity - protection of vital interests of man and citizen, society and the state during the use of cyberspace, and all actions aimed at harming the digital space are called cybercrime. Let's analyze the main cyber fraud below.
Payment card fraud
In social networks and groups created in popular Internet messengers, there are reports of polls with cash prizes on behalf of a large bank or a well-known company. After participating in the survey, fraudsters send people messages about winning money.
To extort money from you, attackers are asked to provide payment card details or pay taxes on winnings according to the specified details. Do not tell anyone your CVV, PIN and SMS code, to confirm the transaction from your card, because fraudsters will withdraw funds and transfer to their own account. Also, if the money is written off illegally, you must immediately notify your bank and ask to block the transaction.
Theft of money from bank accounts
The scheme is quite simple: fraudsters call a person posing as a bank employee and ask for a card number, PIN code or CVV code, as if to unlock the card or check the data. However, the staff the bank is never asked to name payment card PINs or CVVs on the back of the card. They have the necessary information in the database system. Therefore, block the number from which you were called and do not respond to such requests.
If you have any doubts about whether your payment card is in order, call your bank's hotline and find out. Also, if the money is written off illegally, you must immediately notify your bank and ask to block the transaction.
Spread of computer viruses
One of the most common types of cybercrime. It is enough for a person to open an e-mail containing the virus or go to an unverified site. Typically, such emails are contained in the "Spam" or "Advertising" folder, and most e-mail services notify the user of the danger automatically. However, if you open such an email, the virus may automatically download to your computer after these steps.
In addition, hackers can through the installation of malware steal personal data, gain access to bank accounts, encrypt information on disk and demand ransom.
To steal personal data, attackers use various methods: intercepting Internet traffic, collecting data from pages similar to the official pages of well-known brands, collecting information through the hidden work of the virus.
How to protect yourself? Experts from a company specializing in cybersecurity - Datami.ua, give the following recommendations:
- Be sure to connect two-factor authentication or a physical security key to your account.
- The password must be complex (the best option: the use of lowercase and uppercase letters, numbers, special characters in a random sequence, at least 12 characters long. Example: X4Wu, x#wj [/ 3 or W8Sv} pbq#?: X).
- Each individual account must have a different password. Because it is difficult to remember all passwords, it is better to use a password manager, which will not only store all human passwords, but also encrypt them, so that only the person will have access to them.
- Block duplicate seven cards (via operator, via special codes or your operator's application).
What should I do if I lose my data or account?
- If you still have access to your account, change your password immediately.
- Contact the cyber police or a cybersecurity company with this problem.
- Most popular messengers now have a "log out of all other devices" feature. If you can log in to your account from another device, you must use this feature. The same should be done with mail.
What not to do if I lose data, account or device?
Datami CEO O. Filipov explains that when a person loses his account or device, in a panic he becomes vulnerable to social engineering. At such moments, an attacker can use this and drop a phishing link. The person does not notice the phishing signs and without hesitation goes to the link in the letter, where he enters his login and password as if "to confirm security actions" and loses his account forever.
What to do in this case?
- Never pay kidnappers if they ask for money back.
- Do not follow the link from the attackers and do not download files from them.
OLX scams
Despite reports of fraud on OLX on literally every page, people very often become victims of fraud. The main goal of the scammer is to transfer communication from the olx.ua platform to private communication. You will be asked to send additional photos or videos of the product to the messenger, and then send a phishing site - a page that looks similar to the design of olx.ua, where you need to enter the card data. After entering the information, you will be left without money.
In that case, you need notify your bank and ask to block the transaction. It is also necessary to apply to the cyber police with a statement about committing fraud. Only after registration of criminal proceedings and recognition of you as the victim, there is a chance to return money from olx.ua
Online drug trafficking
Today, no one will be surprised by the fact that Darknet is a collection of websites that have hidden IP addresses of the server on which they are located. The darknet sells illicit goods, such as weapons, drugs or user data, including passport data, credit card data, and tax numbers. This is one of the disadvantages of the rapid development of technology: people can buy restricted or excluded goods quite anonymously.
If you become aware of such facts or of the unauthorized use of your personal data, it is necessary contact the cyber police and report it.
What is the responsibility of cybercriminals?
Information crimes include crimes committed under articles Of the Criminal Code of Ukraineincluded in Section 16 "Crimes in the field of use of computers, systems and computer networks and telecommunication networks". The Criminal Code provides for liability for the following actions:
- Unauthorized interference with the operation of computers, automated systems, computer networks or telecommunications networks. Are punishable by imprisonment for up to 6 years.
- Creation and spread of viruses, regardless of the purpose of such actions. Punished by imprisonment for up to 5 years.
- Unauthorized actions with information processed in electronic computers, automated systems, computer networks or stored on the media of such information, committed by a person who has the right to access it. Are punishable by imprisonment for up to 6 years.
- Abuse of the right of access to information - if an employee of the company using his official duties provided access to the database of customers of his company to third parties or competing companies. Punished by imprisonment for up to 5 years.
Tips on how not to fall prey to cybercriminals
- use social networks safely: set different passwords for different social networks; do not access accounts from other people's devices.
- do not send prepayment to unfamiliar online stores.
- check the information provided to you (which lottery, which bank, phone number in the search engine).
- You can check the information by the following parameters: bank card number, phone number or link to the site. This can be done through the official website of the cyber police: https://cyberpolice.gov.ua/stopfraud/
Psychology of telephone scammer
- To confuse and to give time for reflection (messages like "Mom, I'm in the police").
- Create the belief that it is profitable to transfer money and receive certain benefits.
- Create the impression of the possibility of rapid enrichment (winning the lottery, instant transfer of funds to the card).
What to do if you are a victim of cybercrime?
First of all, it is necessary to understand that it is possible to fight against this type of crime as well as to find the culprits. Of course, this will not be easy, because attackers often use encrypted IP addresses, as well as fake SIM cards. However, there are ways to combat them:
- Apply to the cyber police. This is done through their official website https://cyberpolice.gov.ua/ . The steps are quite simple: read the memo on statements and reports of criminal, administrative offenses, provide your details, describe the event and send a statement.
- If you have acted illegally with your bank card - contact your bank and ask to cancel the transaction.
- If you suspect that your computer has a virus, take the equipment to a specialist for testing.
Finally, I would like to advise you not to treat personal data irresponsibly, use the Internet with caution and remember that hackers are cool only in movies, in reality they commit many serious and not serious offenses. In order not to become one of their victims - treat your cybersecurity consciously.
Authors of the article: Dmytro Nikiforov, Victoria Balatska.