Newsletter & Blog

H2 Newsletter No 6

Romance Scams

While romance scams aren't new, their popularity continues to rise and in the US people lost $547 million to romance scams in 2021, up 80% compared to 2020 and six times higher than in 2017. Don't be lulled into a false sense of security thinking this is just the US, Brits are just as susceptible. Thinking back a long way, people might just remember the I Love You virus. This virus was an email which was entitled simply "I Love You" . The premise was that many of the people receiving this would open it out of sheer curiosity. This happened in the company I worked for at the time and it was the CEO who opened it first - he should of realised that nobody loved him!! Luckily the payload was fairly benign and we eradicated it from the network quite quickly. The point though is that we, and our employees, are all human, with human frailties, which is of course what scammers rely on.

A romance scam typically works like this: The criminal will set up an account on a dating site with fake information and photos, which of course are of someone who looks inviting, trusting, and attractive. The profile seems too good to be true actually. They reach out to several candidates and try to start an online relationship.

Once the target reciprocates and trust has been established, the scam usually escalates to the thief's unveiling of a problem involving money. Typical scenarios include the request for funds to be able to travel to meet you in-person or to help the thieve's sick relative.

This type of scam has been shown to work on all ages and sexes. This is not a case of men preying on women, but of someone hiding behind a profile, preying on both sexes with almost equal success.

You can protect yourself from these fraudsters by doing the following:

  1. There's no need to post all of your information online. Withhold personally identifiable information such as your home addresses, work specifics, phone numbers, educational background and information about your children. This is also a good idea on social media and any other online profiles in order to keep your personal information from falling into the wrong hands.
  2. A little research goes a long way. Compare the information the person provides during your conversations with the information that exists about them online to see if anything is conflicting. A person without any online presence is certainly a red flag. You can also search their images on Google to see if they are actually of another person.
  3. Get a second opinion. Friends and family will often have better radar than you will since they are not directly involved in the romance. Introduce the love interest to a friend and ask for their honest opinion.
  4. Never, ever provide any financial assistance whatsoever.
  5. If something seems fishy or too good to be true, it probably is. Trust your instincts, and don't let yourself become love-blind.

Mobile Banking Scams

I put up a post last week where I briefly mentioned mobile banking and the problems that have become associated with it. It's something most of us now do privately and most businesses now link to their banks via a cloud based app through which most transactions take place.

It is interesting that it is estimated that around 28% of organizations were hit with a botnet infection. Roughly one-third of cyberattacks were perpetrated by insiders, and 27% of all global businesses were affected by threats involving mobile devices. Mobile banking malware jumped 50% during 2019.

These numbers come from Check Point Research's "2020 Cyber Security Report," which contains attack trends, malware statistics, prominent vulnerabilities, and other factors that shaped the security landscape throughout 2019. Businesses saw malware types migrating into mobile and were hit with more informed and targeted ransomware campaigns. Magecart became an epidemic, and a series of major vulnerabilities were found in Microsoft Windows and Oracle.

We saw the rise of targeted ransomware in 2019 as attackers sought to buy or find their way into specific organizations. Most of these threats were driven by increasing cooperation among threat actors: As an example, researchers point to the distribution of Emotet, which landed in many global organizations and opened the door to any attackers who were willing to pay for access to them. 

While misconfiguration and mismanagement of cloud resources are still the top cause for cloud attacks, the past year brought a growing number of attacks directly aimed at cloud services providers. More than 90% of businesses use some type of cloud service, but 67% of security teams complained about poor visibility into cloud infrastructure, security, and compliance, demonstrating how the cloud will continue to be an area of concern in the years to come. For anyone not enabling two factor authentication for instance, think again.

So how will cybercrime continue to evolve? Targeted ransomware is probably top of the list. After major attacks hit healthcare organizations, researchers predict attackers will continue to spend more time gathering intelligence on victims to achieve more disruption and demand larger ransoms.

Phishing tactics are expected to continue expanding beyond traditional email campaigns to include more SMS-based attacks and fraudulent messaging on social media and gaming platforms. Mobile malware attacks are expected to increase overall, they predict, after mobile banking malware jumped 50% in the first half of 2019. Anyone who thinks that social engineering is yesterdays problem, is likely to be disappointed. If your staff don't understand what that is, then they need to be educated.

It may surprise people to know that mobile banking malware requires little technical knowledge to develop, and even less to operate. The malware searches for a banking app on the targeted device and creates a fake overlay page once it's opened. The user enters credentials, which are sent to the attacker's server.

Use of the Internet of Things (IOT) devices will continue to grow rapidly, fueled by the bandwidth of 5G, making networks vulnerable to large-scale, multivector cyberattacks. It is also predicted that a greater reliance on public cloud infrastructure will increase businesses' exposure to outages, a risk that could drive organizations to consider hybrid cloud environments.