now browsing by tag


#cybersecurity | #infosec | Smashing Security #153: Cybercrime doesn’t pay (but Uber does)

Source: National Cyber Security – Produced By Gregory Evans The cybercrime lovebirds who hijacked Washington DC’s CCTV cameras in the run-up to Donald Trump’s inauguration, the truffle-snuffling bankers at the centre of an insider-trading scandal, and the hackers that Uber paid hush money to hide a security breach. All this and much more is discussed […] View full post on

#cyberfraud | #cybercriminals | Disputes, Issue 1: Cybercrime: beware the business email compromise

Source: National Cyber Security – Produced By Gregory Evans Over the past three years, the “business email compromise” has become one of the most common, vexing, and financially injurious forms of cybercrime. On any given day, companies around the world and across industry sectors are finding themselves the victim, the pawn or both in cybercrime […] View full post on

#cyberfraud | #cybercriminals | American Consumers Recognize Their Role in Preventing Cybercrime, are Bothered by Perceived Inconveniences of Advanced Security

Source: National Cyber Security – Produced By Gregory Evans


55% of consumers understand they need to do more to protect their personal data; but 59% are bothered by temporary inconveniences of advanced security measures

Only 45% of consumers have received formal cybersecurity training from their employer

According to the 2019 Cybersecurity Awareness Insights Study released today by Fiserv, most Americans consider themselves at least somewhat informed of cybersecurity threats, yet many fall short at proactively protecting their personal data. Despite this lack of action, more than half (55%) of American consumers understand they need to do more to protect their data, presenting significant opportunity for businesses to reinforce best practices.

Conducted in the summer of 2019 and originally commissioned by First Data, now Fiserv, the study gathered insights from 1,005 Americans ages 18 to 73. The study explores how aware American consumers are of online privacy and security risks, and how they behave when it comes to protecting themselves from cyber threats.

“While cybercrime continues to grab headlines, our study shows that many Americans have not taken action to protect themselves, and the majority say they are bothered by temporary inconveniences brought about by advanced security measures,” said Jay Ablian, Head of Merchant Security and Fraud Solutions, Fiserv. “There is a clear opportunity for businesses to educate consumers and employees to help them understand both the potential impact of inaction and how security measures are designed to protect them.”

Consumer Awareness

The more consumers know, the better they’re able to protect their personal information online. According to the 2019 Cybersecurity Awareness Insights Study, 75% of consumers consider themselves at least somewhat informed of cybersecurity threats. In addition, 55% of respondents understand they should do more to beef up their online security – especially when using social media, online banking, or online shopping.

Despite this, more than half of consumers can be classified as ambivalent, in denial, or oblivious to cybersecurity risks, with only 6% currently taking the steps needed to proactively protect themselves.

Consumer inaction may be driven by perceived inconveniences. To that end, 59% of consumers report they are bothered by temporary inconveniences brought about by advanced security measures that help ensure higher levels of protection.

Consumer Behavior and Data Protection

Although many consumers consider extra cybersecurity precautions a hassle, they are taking some steps to protect themselves. According to the study, dodging inbound phishing attempts is a strong suit of consumers, but additional vigilance around password security is needed:

  • The top measure consumers take to protect themselves is refusing to click email links or open attachments from people they don’t know, cited by 61% of consumers
  • On the other hand, changing passwords is a cybersecurity step 42% of consumers take only if they are required to
  • Of consumers surveyed, 33% have a go-to password they modify slightly to meet password requirements, and 20% use names of significant people, places or pets. Neither of these methods is considered a best practice.

Cybersecurity Awareness at Work

Consumers often look to their employer to provide cybersecurity training, but aren’t always getting the support they expect. Fifty-eight percent of consumers said their employer sends regular cybersecurity updates, and 45% said their employer offers formal cybersecurity training. Of consumers who aren’t provided cybersecurity training, only 9% said their employer has a plan in place to do so.

Employers have a vested interest in cybersecurity awareness, as educated employees can secure their own information and that of the business. Best practices for employers launching their own cybersecurity training include:

  • Emphasize education at work Ongoing education about new cybersecurity threats equips employees to recognize them and understand potential implications
  • Encourage lockdown at home – Employees can secure their home networks, starting with changing all default passwords – especially for internet routers. Those with families can teach children about the dangers of cybercrime
  • Keep information out of the public eye – Whether on personal or business computers, covering up screens when entering passwords and credentials in public areas helps keep information safe.

Additional Resources

About Fiserv

Fiserv, Inc. (FISV) aspires to move money and information in a way that moves the world. As a global leader in payments and financial technology, the company helps clients achieve best-in-class results through a commitment to innovation and excellence in areas including account processing and digital banking solutions; card issuer processing and network services; payments; e-commerce; merchant acquiring and processing; and the Clover® cloud-based point-of-sale solution. Fiserv is a member of the S&P 500® Index and the FORTUNE®500 and is among the FORTUNE Magazine World’s Most Admired Companies®. Visit and follow on social media for more information and the latest company news.


View source version on

Source link

The post #cyberfraud | #cybercriminals | American Consumers Recognize Their Role in Preventing Cybercrime, are Bothered by Perceived Inconveniences of Advanced Security appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Australian small businesses targets of half of all cybercrime

Source: National Cyber Security – Produced By Gregory Evans

Three common small business scams 

1. Fake billing or invoice scams 

The scam: According to the ACCC’s Scamwatch, there have been 8,269 cases of false billing scams resulting in over $7 million in loses in 2019 alone. These scams occur when scammers send out fake invoices to businesses asking for payment for anything from supplies to website domain renewal. They can even be sent from a legitimate supplier or business you commonly deal with if their email address has been compromised. 

How to protect your business: Both Scamwatch and NAB state that the best way for businesses to safeguard themselves against fake billing or invoice scams is through vigilance. Querying invoices or payment requests from unfamiliar sources is a must, as is contacting existing suppliers if they send through an invoice at an unusual time or with a different bank account in order to confirm whether or not it’s legitimate.       

2. Tax scams 

The scam: Many Aussies have likely received a dodgy call from someone pretending to be from the Australian Tax Office and figures show just how common these can be, with the ATO reporting that it had received over 40,000 reports of impersonation scams just in the period from January to April 2019! 

According to NAB, there are two common small business tax scams. The first is scammers claiming to need personal and bank details in order to send a business a tax refund. The second is scammers claiming that a tax debt is owed which needs to be paid immediately (with a credit card, money transfer or even a git card) in order to avoid arrest. 

How to protect your business: While the ATO has stated that it may contact businesses via a phone call, email or SMS, it has also released the following advice to help taxpayers remain cautious: 

– The ATO will not send an email or SMS asking taxpayers to click on a link directing them to any login page

– The ATO will not threaten taxpayers with immediate arrest, jail or deportation

– The ATO will not request payment via iTunes or Google Play cards, prepaid cards, cryptocurrency or to a personal bank account

– The ATO will not request a fee in order to release a refund

3. Payment Scams 

The scam: There a number of different common payment scams, including overpayment scams. 

One example NAB gives is a ‘terminal takeover’ scam in which a scammer asks to take hold of a payment terminal when paying for goods or services. The scammer then cancels the original payment request (often while distracting the cashier) and enters a new payment amount far higher than the original which is then paid for with a stolen credit card. The scammer will then demand that a refund of the difference be made in cash or onto a different card. 

How to protect your business: NAB recommends that in-person payments using a terminal are always conducted behind a counter so that potential scammers can’t edit a transaction themselves and that if a refund does need to be made, it should be done using the original card the customer provided. 

Looking for more small business resources? 

Check out the Mozo business banking hub for the latest small business news and a range of helpful guides, as well as comparison tables featuring some of the hottest business loans, business credit cards and business bank accounts around.

Source link

The post #cyberfraud | #cybercriminals | Australian small businesses targets of half of all cybercrime appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Farms a cyber-crime target | Farm Weekly

Source: National Cyber Security – Produced By Gregory Evans

DO you think you’re cyber safe?

Cyber security expert and lecturer at Edith Cowan University David Cook said that people in regional areas were common targets for cyber crime.

And as farm business became more invested in technology and utilised data, Dr Cook said that in the next five years, rural businesses were going to become increasingly at risk.

“I think one of the big issues when I come to rural and remote places is that regional people are so nice and trust people,” Dr Cook said.

“They have a different way of life from city people.”

Dr Cook said that cyber crime was perhaps more prevalent than other crime, such as theft, but doesn’t have the same awareness.

“Cyber crime is one of the fascinating things where you never get to meet the criminal, compared to say a home break-in, where you might see the person or at least realise that you’ve been robbed,” he said.

“In general, our police do a lot better job of tracking down people breaking into houses, than people breaking into computers.

“It’s very easy for people to do things you are unaware of.”

According to Dr Cook, the criminals who were most interested in stealing agricultural data were from governments and organisations in other countries.

As more data begins to come from farms, with the rise of technology being used, “interest from multi-nationals and other countries’ governments will access our data and steal it so they can influence the price of commodities”.

“Three years ago, in the State’s north west, the price of iron ore plummeted and largely that was on the back of people infiltrating data and stealing it, and they worked out they could lower the price of iron ore – I’m talking about China because in that case, they basically influenced the market.

“So that’s the future for us, we have to be careful about what we share.

“Farmers are the way in into multi-million dollar data systems and in a few years when more data is coming from farms, I can guarantee that being relaxed on things like passwords, storage and emails will come back to haunt them.”


Dr Cook said one of the easiest ways that people could increase their cyber security was through passwords, but they have to be secure.

Using passwords such as the name of a loved one, pet, place of birth, maiden name, birthday or year of birth, address, favourite sporting team are all unsafe as they can be found by cyber criminals on social media or even government websites like Births, Deaths and Marriages and the electoral role.

Dr Cook suggested a method that he has used for 10 years and in that time, has never written a password down.

“I have a passphrase that I carve up into four passwords,” he said.

“It doesn’t mean anything to anyone, or make any sense but it’s my little thing and something I remember – Bye bye Rosie off you go Birmingham western.

“We all have mnemonics in our head that mean nothing at all, so just think of something from the past because they work best.”

Dr Cook does use numbers but not his date of birth, address or the number one.

For six months his passwords for all his accounts might be bye bye Rosie!2 and then six months later changes all his accounts to Off you go!3 etc.

“I change my passwords every six months, guaranteed,” he said.

“Sometimes it won’t let you use the same password more than once but in almost all of our systems, that lasts for up to 24 months.

The cloud

Nowadays many people store their files and photos in ‘the cloud’, but how safe is it?

“The cloud (that is free) literally means a run down shed somewhere cheap in the world, like India or The Philippines, and it’s low security,” Dr Cook said.

“If it’s data about your farm, then it is critical that it’s stored securely.

“The question is how much is your information worth?

“If you use the free cloud for data from your farm, then you are likely putting your security at risk.”

Dr Cook said it was only a matter of time until someone hacked into that run down shed, where ever it is, and everyone’s data is shared on the dark web, especially if you’re password is not secure enough.

“It’s important to remember that it’s your information on someone else’s system somewhere,” he said.

“If you want protection, if you want security, the best protection is with yourself and when you don’t share everything.”

Cyber security risks that are more of a concern to everyone, and less so to farm businesses in particular include:

Baseline security

One of the common issues that impacts baseline security is when people unknowingly give their information to third parties by entering competitions.

Often there are raffles being held by local clubs to win a car or holiday and the entry asks for your name, address, email address and mobile number.

But in the fine print on the ticket, it will read something like ‘Please be advised we may use this information and pass it on to a third party’.

The club or charity passes all the ticket stubs onto a third party where the names and information become harvested and are sold to other third parties.

As a result, the club or charity gets paid about $50,000 for doing that and can buy the prize.

So the club is able to make a profit, thinking they are doing it out of goodwill.

But because so many people don’t read the fine print, they are then placed on various email lists and that they can’t truly unsubscribe from and their data is harvested and sold.

Dr Cook said another issue with baseline security is using free Wi-Fi.

Although it’s convenient, especially when travelling overseas, free Wi-Fi that either has no password or the same password for everyone is on a “pancake network”.

“It means everyone is on it and can see what everyone else is looking at,” Dr Cook said.

He advised to not use free Wi-Fi when overseas to check accounts such as emails and banking and instead find somewhere where you can pay for it.

“The amount of people that target people this way is on the rise, because when you’re travelling is when you’re vulnerable,” he said.


“Sometimes people put things up on Facebook that gives up so much information about them,” Dr Cook said.

He said cyber criminals would follow what other people put on Facebook about people, as more often than not, that gives away more information, such as comments and tagged photos.

Dr Cook suggested to avoid posting photos while overseas, as cyber criminals will know that’s an ideal time to hack your accounts.

Photos taken on your property have a geo-location so criminals can find out where you live.

He also recommended caution when posting photos of children, as there was a chance of them being found by online predators and circulating the dark web.

Online shopping

When targeting people via online shopping, Dr Cook said cyber criminals wait for you to be on an unsecure network or website.

To ensure you’re buying something securely, at the point where the money is handed over, the web address should read: https:// – noting the ‘s’, which changes the website to a secure version for making the payment.

If the web address does not have an ‘s’, as some websites might bypass the secure version, simply type it into the address box and click refresh.

Dr Cook said to also check for the padlock which was pictured in the same text box where the web address was, as it acted as another level of security.

“But be careful because some criminals have worked out how to put a picture of a padlock on websites but it’s not where it should be,” he said.

Dr Cook said PayPal was the most trustworthy method of online payment where the person on the other end can’t see your card details.


“We share a lot of information in emails and spam emails are harvesting data,” Dr Cook said.

He recalled an example where a woman responded to an email from an ‘African prince’, which is a common scam.

She replied to the email asking that the emails be stopped and signed it with her name and location.

“The thieves are only waiting for the last three or four words in her email, because they know a lot about her now and they start to aggregate data about her,” he said.

“This is called email harvesting and they will harvest information about farmers of significant properties and businesses are of immense interest to cyber thieves.”

Dr Cook also advised to be aware of scam PayPal emails, which ask you to update your PayPal details via a link in the email.

“The only way to do that is to login to the PayPal website, not from a link in an email,” he said.

Another key for spotting PayPal email scams, or scams impersonating other organisations for that matter, is to look at the email address it came from.

If it’s a scam, it won’t be the correct email address.


Telephone scams have been around a long time and Dr Cook said most people think they know a phone scam when they hear one.

But he said criminals were becoming savvier, smarter and sneakier about scamming people and stealing their money.

“It’s important to not stay on the line with them,” Dr Cook said.

“Some people like to joke around or mess with them, but it’s best to just hang up.”

Dr Cook referred to a common current phone scam, known as the ‘Telstra scam’.

It goes something along the lines of a woman operating out of Queensland, she has an Australian accent and there is no delay on the phone line.

“She rings and says your Telstra bill is $11.15 overdue and asks you to pay it how you normally would, be it at the Post Office, BPay etc,” he said.

“Then she talks to you, which is so clever and the new way of telephone scams in rural and remote areas and organisations because people talk back and fall for it, apparently they like a yarn.

“It’s what we call social engineering, which is the cleverest way to get information out of people and they are experts at it.”

Dr Cook said it’s more common against women, as they were more likely to have a chat.

“They will agree with whatever you say and massage your ego and make you feel like you’ve made a friend,” he said.

“Then at the end of about five minutes, the conversation will change and she’ll get flustered and say ‘I was meant to have rung all these other people and now I’m going to be in big trouble with my boss’, which will last about 30 seconds.

“The she’ll hit you with the punch line: ‘If you give me your credit card details, I will put this $11.15 through and I can tell my boss I’ve moved onto the next one’.”

On bank statements the transaction won’t read Telstra but something similar like Telstrasoc or Telstracomnet.

“It’s just enough to make you think it’s Telstra, then every month you will be charged some amount under $15 for the rest of your life,” Dr Cook said.

“People have certain limit when it comes to money, they notice being billed for $500 but not $11.15 every month, because we have a certain mindset when it comes to small numbers because we see so many of them in our statements.

“So we know the golden rule for criminals is under $15 and after a while people normalise it.”

Dr Cook said the statistics showed about one in 10 people fell for this scam but one in five people in regional locations fell for it.

“It’s because they are nice to people, like a yarn and trust people and when they are nice to them on the phone, they like to help them out,” he said.

Dr Cook said there was a version of this scam for every utility.

Source link

The post #cyberfraud | #cybercriminals | Farms a cyber-crime target | Farm Weekly appeared first on National Cyber Security.

View full post on National Cyber Security

Cybercrime: How To #Define It And #Defend #Yourself #Against It

There’s a good chance words like “cybersecurity” and “hacking” are floating around the minds of Atlanta’s internet users in light of the recent ransomware attack on the city’s computer network or the data breaches that affected Equifax customers.

In 2014, 47 percent of adults in the U.S. had some of their personal information exposed by hackers, and a recent Gallup poll showed that 67 percent of Americans worry “frequently or occasionally” about cybercrime.

Falling victim to cybercrime is a scary thought, but there are steps people can take to protect themselves from malicious agents on the internet. WABE has compiled a guide to common internet crimes with tips on how Atlantans can avoid falling victim to them.

Ransomware attacks affect victims large and small. It was a ransomware attack that left Atlantans without the ability to pay their bills for days in March, but these attacks can affect individual users’ computers as well. Once they’re running on someone’s machine, ransomware programs take control of the computer and threaten to restrict access to it indefinitely unless a ransom is paid.

Ransomware enters a computer or network either by “exploiting a security hole in vulnerable software or by tricking someone to install it,” according to internet security company Norton.

Victims of ransomware might find themselves compelled to pay the money asked of them to get their data back, but the FBI states that’s exactly what a user should not do. Ransomware should be removed by a “computer professional” because even when the malware appears to be gone, it could still be working in the background.

Phishing Scams
Phishing is the act of luring in users with emails or phone calls that appear to be innocuous but are actually sent to trick users into giving away access to their computers, according to Microsoft. Phishing scams usually originate in spam emails or phone calls from people claiming to be with companies such as Microsoft saying they need to gain access to a user’s machine.

It is relatively simple for attackers to disguise the emails they send to look like they originate from someplace official, be it a company’s IT department or even Microsoft itself.

Clicking on a seemingly harmless link in an email can be a trigger to install malware or a route for hackers to access personal information. In 2017, phishing scammers managed to steal the paychecks of 27 Atlanta Public Schools employees, costing the district nearly $300,000, according to the AJC.

Microsoft recommends a few best practices for staying away from phishing scams: make sure to hover over links before clicking on them to be sure they go where they say they do. Be wary of official-looking emails that are full of spelling or grammar mistakes and be sure to double-check spelling on URLs that look official because a slightly misspelled web address could lead somewhere dangerous.

Data Breaches
All it took to put 56 million credit cards at risk and create $62 million in costs was a set of stolen log-on credentials for the computer network of Atlanta-based Home Depot, according to USA Today.

In addition to the credit card information that was stolen from self-checkout counters in Home Depot stores, millions of email addresses were stolen, leading to victims being at risk of further phishing scams.

One thing to remember is that, according to Experian, even though someone might be a victim of a data breach, they are not necessarily a victim of identity theft. The three steps the business services company recommends for people who have fallen victim to this are closely monitoring credit history and looking out for new accounts, keeping track of Social Security benefits and monitoring tax returns for unusual activity.

Denial Of Service Attacks
A Denial of Service, or DoS attack, is when an attacker attempts to take down a computer or network by targeting it with a barrage of requests. Every attempt to access a website by typing a URL or clicking a link is a request, but large numbers of these at the same time can overload a server and prevent legitimate users from accessing a website or its content, according to the United States Computer Emergency Readiness Team.

In 2016, the University of Georgia’s internet was brought to a halt by a Denial of Service attack that “saturated” the university’s internet capacity of 20 gigabytes per second of data, blocking all access to the internet for everyone on campus, according to the AJC.

These attacks are difficult to prevent, simply because they take advantage of the way a server works. But many of these attacks utilize networks called botnet, which are computers connected by the same piece of malware that can all be used at the same time. While a user may not be able to prevent a DoS attack against a network, they could potentially avoid their computer becoming the newest member of a botnet by remaining wary of phishing scams and ensuring their antivirus software is up to date.

Protecting Yourself
While anyone can be the victim of cybercrime, there are a few helpful tips to keep in mind. Norton recommends practices such as using long, difficult-to-guess passwords, keeping your network secured and using a full-service internet security suite.


The post Cybercrime: How To #Define It And #Defend #Yourself #Against It appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Girl #Scouts fight #cybercrime with new #cybersecurity #badge

Source: National Cyber Security News

For the first time, millions of Girl Scouts nationwide are taking on hacking and cybercrime as they work towards earning newly introduced cybersecurity badges.

If you think being a Girl Scout is all camping, crafting, and cooking, think again.

For the first time, millions of Girl Scouts nationwide are taking on hacking and cybercrime as they work towards earning newly introduced cybersecurity badges. Girl Scouts of the USA teamed up with security company Palo Alto Networks to devise a curriculum that educates young girls about the basics of computer networks, cyber attacks, and online safety.

Sylvia Acevedo, CEO of GSUSA, said they created the program based on demand from the girls themselves.

“Protecting their identity online, how to protect themselves when they’re browsing, how to protect their computers, their family networks from being hacked, those are things that are of real interest to girls,” Acevedo said in an interview with NBC News.

In Alameda, California, Girl Scouts of Troop 32749 are already hard at work learning about the basics of coding and computer networks.

“Evelyn, you’re going to be my message sender,” said troop leader Danielle Zorn, holding an unruly ball of green yarn.

Read More….


View full post on National Cyber Security Ventures

Canada to #Devote $1 #Billion of Federal #Budget to #Fighting #Cybercrime

Source: National Cyber Security News

The Canadian government will release details of its federal budget this coming week, and local news outlets are reporting it will include a $1 billion cybersecurity fund. According to CBC News, federal government agencies requested for the funding to bolster Canada’s cybersecurity infrastructure, as multiple departments are facing growing cybercrime issues.

A bulk of the funding will be a much-needed supplement to Canada’s 2010 National Cyber Security Strategy — although the revised plan would not be included in the budget. The revised plan is expected to come out later this year from Public Safety Canada.

The proposed budget would finance a number of efforts to combat cybercrime in the country, which could include training the next-generation of so-called cyber-professionals and encouraging them to apply their craft in Canada. The money would also likely be used to strengthen military’s cybersecurity capabilities by outsourcing the expertise needed from local private companies. The idea is to keep the pool of cyber-security warriors trained in and working for Canada.

Many experts also see the budget translating to funding cyber “co-development” projects between the government and the private sector. Cybersecurity in Canada would be provided for by Canadian information and technology companies, which in turn would work with the federal government to develop both hardware and software solutions.

Read More….


View full post on National Cyber Security Ventures

Cybercrime #warning for #homes and #businesses

Source: National Cyber Security – Produced By Gregory Evans

BUSINESSES and households around the region have been warned about the growing danger of cybercrime.

The rise of the internet has led to the potential impact of cyber-theft, cyber-vandalism and even cyber-extortion increasing dramatically, with experts warning that the more we rely on the net, the more potentially vulnerable we become.

Mark Hughes, chief executive of BT Security, said it was “a daunting thought” that there are now about 27 billion devices connected to the internet, more than three times the human population of the world, and that this figure was expected to reach 125 billion by 2030.

Mr Hughes said: “If you think this issue doesn’t affect you and that it is a mainly a matter for governments and large organisations, then think again.

“There are growing indications that small and medium businesses, the bedrock of a regional economy such as the one in Yorkshire and the Humber, are increasingly in the firing line of the criminals, and research indicates that many are unprepared to meet this threat. Research by Accenture showed that 55 per cent of British workers can’t recall receiving cyber security training, whilst one in five weren’t sure they could identify a phishing email – a common method used by cyber criminals to raid personal bank accounts.”

Mr Hughes said BT security team detect 100,000 unique malware samples every day – more than one per second – and protect the BT network against more than 4,000 cyber-attacks daily.

He urged all homes and businesses to take steps to protect themselves from cyber attacks, including updating anti-virus software regularly, installing any patches recommended by the software, investing in regular cyber security training for staff, and reminding staff to be wary of opening suspicious emails or links.

The post Cybercrime #warning for #homes and #businesses appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #difference between #cybersecurity and #cybercrime, and why it #matters

Source: National Cyber Security – Produced By Gregory Evans

The #difference between #cybersecurity and #cybercrime, and why it #matters

A Texas woman in her 50s, let’s call her “Amy,” met a man online calling himself “Charlie.” Amy, who lived in Texas, was in a bad marriage. Charlie said he was a businessman and a Christian, and wooed her. “He was saying all the right things,” Amy later told the FBI. “He was interested in me. He was interested in getting to know me better. He was very positive, and I felt like there was a real connection there.” Early on, Charlie told her he was having some problems with his business and needed money. She wanted to help.

From 2014 to 2016, she sent him US$2 million – often in installments of a few thousand dollars at a time, always hoping and expecting to get paid back. After she alerted the FBI, two Nigerian citizens were arrested near Houston – both pleaded guilty to wire fraud charges in connection with Amy’s relationship with Charlie. The person who played the character of Charlie has not been identified.

This story is a cautionary example of a crime that happens online. But most advice for avoiding online dangers – like having long passwords, using two-factor authentication and encrypting data – wouldn’t have helped Amy.

The crime that befell her has nothing to do with cybersecurity. It’s cybercrime, a human-centered crime committed in a digital environment. There are more of these each year: In the U.S. in 2016, 298,728 complainants reported losing more than $1.3 billion in various types of cybercrimes, including romance scams but also involving fraudulent online sales, extortion, violent harassment and impersonation scams, among others. As a social scientist who studies online behavior and as the program coordinator for one of the few cybercrime undergraduate programs in the United States, I find it unfortunate that problems like Amy’s get relatively little national attention, especially compared to cybersecurity.

Understanding the differences

Cybersecurity is not merely a set of guidelines and actions intended to prevent cybercrime. The two types of problems differ substantially in terms of what happens and who the victims are, as well as the academic areas that study them.

Cybersecurity is ultimately about protecting government and corporate networks, seeking to make it difficult for hackers to find and exploit vulnerabilities. Cybercrime, on the other hand, tends to focus more on protecting individuals and families as they navigate online life.

Cybersecurity Cybercrime
Types of crimes Crimes where a computer network, software or hardware is the target (ransomware, viruses, worms, SQL injection, distributed denial of service attacks) Crimes where the human or the human’s data is the target (romance scams, cyberbullying, hate speech, sexting, child pornography trafficking, trolling)
Victims Corporations and governments Families and individuals
Academic programs Computer science, computer engineering, information technology Criminology, psychology, sociology
Intellectual focus Applied science oriented – coding, networking and engineering strategies for making networks more secure Basic science oriented – theoretical understandings of how and why crime is committed

The U.S. has created several initiatives to improve its cybersecurity, including investments in cybersecurity education and expanding efforts of government agencies.

Unfortunately, upgrading official networks and training future generations of cybersecurity professionals will not necessarily benefit people like Amy. Technical solutions won’t solve her problems. Social science research into human behavior online is how to help millions like her learn to protect themselves.

Little research

One of the few studies on romance scams like the one that ensnared Amy suggests that there are three stages to these types of cons. It starts with the criminal engaging in intense online communications with the victim. In Amy’s case, Charlie undoubtedly contacted her repeatedly as their relationship began. That built her trust and lowered her defenses – and commanded much of the time and energy she had for social interaction.

Once the victim is isolated from other interpersonal social experiences, the illusion of connection and interdependence can deepen. Charlie no doubt kept this illusion alive any way he could, taking as much of Amy’s money as he could. In the third and final stage, the target finally sees through the veil and learns that it’s all been a scam. That’s when Amy, urged by her financial advisor, suspected fraud and called the FBI.

More research on cybercrime could help deepen scholars’ and investigators’ understandings of how these social science problems play out online. To my knowledge there are just four cybercrime programs at residential four-year colleges. With more effort and investment, academics and law enforcement could learn more and work better together to identify and protect the real people who are at risk from these online criminals.


The post The #difference between #cybersecurity and #cybercrime, and why it #matters appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures