2012 was the worst year ever for internet security with 2,644 incidents of data-breach recorded around the globe. The largest reported incident accounted for a whopping 150m customer records belonging to D&B Marketing being stolen and sold. Despite the ever-increasing sophistication of security tools, fact remains that cybercriminals have been getting smarter and bolder when it comes to stealing online data, as these five new online fraud trends point out:
1. Spreading Malware Through Social Networks
Some of the biggest names in technology today are social network companies and it is estimated that 72% of online adults use social networking sites. Given those statistics, it's no surprise that cybercriminals are targeting social networks to spread malware.
Consider a recent attack on Facebook that infected more than 800,000 users: A video is sent to users from what appears to be friend. When they click on the link, the user is prompted to download a plugin in order to watch the video. If the user downloads the plugin, they will, in actuality, be downloading a virus that can access Facebook and Twitter passwords. This allows the attacker to pretend to be their victim and access personal data.
Due to the personal nature of interactions on social media, even tech-savvy individuals fall prey to social network cyber attacks.
2. Infecting Computers With “Ransomware”
Ransomware is a type of software program that literally holds your computer to “ransom” by blocking access to key functions. The only way to get rid of the software is to either pay a fee or buy a ‘ransomware removal’ software. And guess what? The companies selling the removal software are usually the ones spreading the malware as well, which, in theory, is the same as McDonald’s selling diet pills.
To make matters worse, some scams such as Reveton Ransomware, even market themselves with the FBI name and logo, fooling users into believing they are downloading legitimate, FBI authorized software.
3. Website Hijacking
This scam has been around for quite some time but has gained more traction of late. Criminals hack a popular website and insert malicious links into the content. It isn’t uncommon for website owners themselves to not know about the hijacking for weeks. This is especially true for older, irregularly maintained websites. The worst part? IT departments are often helpless as the malware can infect individual computers before spreading through latent channels to other computers.
4. Browser Hijacking
Browser hijacking is one of the newest online security risks that’s been giving IT departments sleepless nights. In this method, hackers inject malware into the computer through remote URL - a standard enough practice in online fraud. However, where this method differs is how the malware manages to bypass the computer’s firewall and network security systems. Once loaded, the malware authenticates itself using SPF (Sender Policy Framework) email validation protocol, which is nearly impossible to detect (you can read more about it here).
5. Good Old Fashioned Theft
The largest data breach in 2012 - a total of 150m customer records, as noted above - didn’t happen because of malicious links or malware; it happened because remote contractors simply stole the records and sold them to the highest bidder. In a world where work is connected and collaborative, this problem is becoming increasingly more common. You might need to send important data to partners or contractors who may not share your security protocols, or have as rigorous employee background checks, which opens up your data to criminal theft, as was the case with D&B Marketing and its Shanghai based partner.
Despite the proliferation of cyberattacks and the increasing-intelligence of cybercriminals, there are basic precautions you can take to avoid falling vicitim to online attacks. For starters, never click on stray links, no matter how interesting the content seems to be. If it seems out of character or doesn't seem to fit with the site's content, it probably doesn't.
Second, consider taking extra precautions for sensitive data- keeping your company's important documents of record in a virtual data room can help protect them in the case of a security breach. If an employee unknowingly clicks on a stray link and compromises their computer and passwords, having critical documents stored online, in a data room, instead of on their computer, is invaluable. Additionally, some virtual data rooms, like SecureDocs, come with two-factor authentication standard, meaning that in the case that passwords are compromised, information in the data room will still remain inaccessible to cybercriminals.