Detailed Report On ...
 
Notifications
Clear all

Detailed Report On CyberFraud

1 Posts
1 Users
0 Reactions
540 Views
sakshi_kanani
(@sakshi_kanani)
Posts: 3
New Member
Topic starter
 

CYBER FRAUD

 

What do you mean by cyber fraud?

 

  • Cyber fraud is the most widespread and dangerous type of fraud that occurs around the world.
  • Throughout the twenty-first century, the cyber world has expanded and grown, allowing fraudsters to hack victims' personal and financial information in a variety of methods.
  • Fraudsters can then use the information they collect to either monetarily fund themselves or, more worryingly, to sponsor terrorists.
  • As a result, it is critical that individuals and businesses understand how to protect themselves from cyber fraud.
  • Cyber fraud has become more prevalent as computers have become more important in commerce, entertainment, and government, particularly through the Internet.
  • Some cyber scams directly attack computers or devices in order to destroy or disable them, while others attack computers or networks in order to spread malware, illicit information, pictures, or other items.
  • Some cybercrime focuses on infecting computers with viruses that then spread to other computers and, in some cases, entire networks.
  • The nonlocal nature of cybercrime is a fundamental feature: activities can occur across huge distances between jurisdictions.
  • Law enforcement has major challenges as a result of this, as previously local or even national offences now demand global cooperation.
  • The use of the Internet to perpetuate financial fraud, including, but not limited to; phishing emails to gather personal data from unsuspecting readers, fake items for sale on ebay, email scams that claim the recipient is owed money if they perform some transaction for the sender, phony investment schemes and identity theft. Many of these scams, are simply online variants of fraudulent practices that have long existed off line. However, the Internet has given criminals access to a worldwide base of consumer targets as well as more opportunities to elude enforcement as they need not be in the same country, or even in the same hemisphere, as their victims.

 

 

 

Types of Cyber Fraud:

 

Due to the rise of cyber fraud that occurs on a daily basis, the term has grown to cover a wide range of criminal activity. At its core, cyber fraud is any crime that is committed with the use of a computer or to computer data. This can look like many things, such as:

  • Identity theft
  • Stolen bank account numbers
  • Stolen online passwords
  • Hacking
  • Phishing
  • Terrorist attacks
  • Bullying
  • Copyright infringement
  • Cyber stalking
  • Theft of Intellectual Property (IP)
  • Theft of Personal Health Information (PHI)
  • Theft of Personally Identifiable Information (PII)

 

  • Phishing
    Phishing is a fraudulent attempt to trick individuals into divulging sensitive information (usernames, passwords and banking details) by pretending to be a trusted source, often through email communication 
  • Spear phishing
    Email targeting a specific user, or many users at a specific organization

 

  • Whaling
    A focused phishing email targeted against senior executives of a company, or those with special access to information (aka the “big fish”)

 

  • Business email compromise (BEC)
    A form of phishing where a criminal attempts to get a worker, customer or vendor to send money or disclose private information by sending a phony email that appears to be coming from a trusted company figure

 

  • Ransomware
    A type of malicious software, or malware, that is designed to deny access to, or "lock," a computer system until a sum of money (ransom) is paid

 

  • Social engineering
    Within the cybersecurity context, social engineering describes an attempt to manipulate people into divulging confidential information or performing actions inimical to the interests of them or their organizations

 

 

How serious is cyber fraud and how does it occur?

The world of cyberspace is growing. We now save more personal and financial information on the internet than ever before, which has led to an increase in cybercrime. The seriousness of cyber fraud offences is increasing.

Consider the following scenario:

 

  • In 2013, Target Corporation, the second-largest department store retailer in the United States, fell victim to a cyber fraud scheme that exposed the credit card information of 40 million customers.

 

  • In 2014, hackers used cybercrime to steal 56 million credit card numbers from customers at Home Depot, a prominent US store.

 

  • In 2015, Chinese cyber criminals broke into the US Office of Personnel Management and stole the personal information of more than 20 million people, including their fingerprints.

 

The world of cyberspace is growing. We now save more personal and financial data on the internet than ever before, which has unfortunately resulted in a surge in identity theft. Any fraudulent crime that is carried out via a computer or computer data is referred to as cyber fraud. The crimes are numerous.

 Fraudsters can access victims' personal information, online accounts, and bank accounts using the internet. The money and information obtained from this can subsequently be used to sponsor terrorism. Because of the widespread and widespread usage of online banking and mobile banking, thieves have more options than ever to commit cyber fraud. It is an extremely serious crime that must be dealt with harshly.

 

In 2017, the United Kingdom had a strong response to cyber fraud, with cyber card fraud offences falling by 8%. This is the first time since 2011 that cyber fraud offences targeting the financial industry have decreased in the United Kingdom. Furthermore, the UK market is the first to see a decrease in cyber fraud offences involving card not present (CNP) transactions. This is owing to the UK's efforts to combat cyber fraud, in which it has partnered with banks to invest in more powerful security measures.

However, this has not been the case throughout Europe, since cyber fraud offences targeting the financial industry, particularly CNP transactions, continue to be perpetrated in Denmark and Hungary.

 

 

 

 

 

 

 

 

 

 

  • Major cyber fraud threat:

 

  • Cyber Criminals Becoming More Aggressive

 

 

Cyber criminals are reducing the time it takes to launch computer attacks that take advantage of publicly disclosed security holes. According to IBM’ s latest Internet Security Systems XForce report, there are two growing trends in Internet threats:

 

  1. Online criminals’ use of programs that help them automatically generate attacks based on publicly available information about vulnerabilities. In the past they spent more time finding those security holes themselves. Now finding them is no longer required; it occurs automatically.

 

  1. Quicker and increasingly detailed release by security researchers of information relating to newly discovered software flaws.

 

Details: Though researchers have typically waited until the affected company has released a software patch before revealing details, increasingly they are releasing not only details of the vulnerability but also proof - of - concept exploit code to show that the fl aw is legitimate.

 

Problem: This gives criminals a framework for creating new cyber-attacks. Example: In Web browsers, hacking exploits are now available within one day after flaws are discovered 94 percent of the time — up from 79 percent in 2007.

 

 

  • Computer Fraud: Understanding the True Nature of the Insider Threat:

 

For decades, computer security specialists have spent the lion’ s share of their budgets hardening their organizations’ defences against external fraud and cyber - crime threats.

 

 

Most common: Viruses, worms, Trojan horses, keyloggers, and other common forms of malicious attack that resulted in either system sabotage, theft of confidential information, or diversion of the organization’ s financial assets or those of its customers. Only in the past few years has it become abundantly clear that insiders are equally if not more serious fraud threats to their employers than outsiders.

Result: Today, any organization lacking a stringent set of internal computer security policies, processes, and procedures to counter the numerous threats of insider fraud puts itself at serious risk of financial and reputational damage, as well as legal and/or regulatory repercussions in the event of a successful insider attack.

The good news: While monitoring and assessing insider computer fraud risks is potentially complex and costly — as are the identification and implementation of optimal antifraud technology, policies, and procedures — understanding the actual nature of the insider computer fraud threat is surprisingly simple. Key concepts.

  • The term trusted insider includes employees, former employees, contractors, consultants, service providers, software vendors, and so on. Any of these parties can be potential abusers of your computer system to perpetrate diversion of funds in a host of ways.
  • Key elements of computer fraud include:

 

  • Accessing or using a computer without authorization, or by exceeding authorization.
  • Accessing or using a computer with the intent to commit a fraudulent or other criminal act. “Other criminal act” can refer to illegally obtaining restricted data or confidential financial information, or damaging or destroying information contained in a computer.

 

  • Common Forms of Computer Fraud:

 

According to key research, the varieties of computer fraud are equally straightforward.

 

  1. They fall into three main categories: Input transaction manipulation schemes. These include:

 

  • Extraneous transactions:

 These are illegal transactions initiated by a trusted insider, such as unauthorized billing transactions that result in disbursement of company funds to the perpetrator or a shell company he or she controls. These frauds can also involve manipulating the organization’ s computer data pertaining to one or more customers, vendors, products, accounting entries, salespeople, and so on that the perpetrator exploits at a later time.

 

  • Failure to enter transactions:

 This is a common technique in many billing schemes. Examples: A purchasing associate who is perpetrating a billing scheme can intentionally prevent a bogus invoice from being entered into the payments system.

  • Transaction modification:

 Also common in billing schemes or collusion, these involve fraudulently increasing or reducing amounts charged to a particular account.

  • Misuse of adjustment transactions:

 Computer systems for legitimately correcting accounting errors or to record adjustments to inventory loss or spoilage can be abused by employees with access to such systems by falsifying entries to cover up outright theft or more elaborate billing schemes. Related schemes: Entering fraudulent error corrections or intentionally omitting such corrections to conceal fraud.

 

  1. Unauthorized program modification schemes: This category of computer - generated insider schemes typically involve making unauthorized changes to automated payment or accounting software programs. A common form of this crime involves programming the system to execute high numbers of mini frauds such as rounding of numbers, fraudulently adding service charges, or diverting amounts of money so small as to fall below the radar of internal controls on accounts owned by the fraudster.
    • Processing undocumented transaction codes: By manipulating the payments system to accept undocumented, false transaction codes for small transactions in situations where controls are absent, the fraudster can program the system to process fraudulent transactions that are entered directly by the perpetrator or by the computer via unauthorized programming changes

 

  • Balance manipulation: Here a dishonest internal computer programmer alters specific programs in a way that fraudulently forces account balances, in order to conceal embezzlement or other types of fraud that would otherwise be detectable by auditors.

 

  • Lapping schemes: An insider with authorization to utilize the organization’ s automated accounting system can steal incoming payments and credit them to his or her own account and then manipulate the system to fraudulently credit the intended payee’ s account with a payment subsequently received from another account. The process is repeated until, due to slipup in timing or sharp auditing, the scheme is detected.

 

  • Fraudulent fi le modifications: These crimes involve secretly changing account status through basic computer programming.

 

 Examples: Opening a fraudulent new account to receive automatic payments from payroll, retirement, unemployment, or welfare systems, destroying records of a fraudulent account, or fraudulently increasing a credit limit on a revolving credit line.

 

  1. File alteration and substitution schemes:

Common examples:

  • Accessing a live master file. The internal fraudster accesses the fi le and, using a specially written program or a general retrieval program, makes fraudulent adjustments to the fi le, such as a Vendor Master File, by modifying account balances, altering a payee, changing supplier addresses, adding bogus vendors, and so on.

 

  • Substitution of a dummy version of a real file. The fraudster initiates the scheme by obtaining access to the master fi le and then uses a special computer program to run the legitimate master fi le in order to create a duplicate. However, the duplicate has a few modifications when it is substituted for the legitimate fi le, thereby enabling the fraudster to hide fraudulent transactions that would otherwise be detected.

 

 

 

  • Cyber - Fraud Detection:

 

  • Five Cyber Gold Mines for Finding Evidence of Fraud:

 

 Though e - mail evidence continues to play a powerful role in fraud investigations and litigation, technology is evolving in such a way that tech - savvy fraudsters are creating digital evidence in a variety of new formats. For attorneys and fraud investigators, this means searching for digital leads in the form of instant messages, Web content, metadata, and an expanding list of other sophisticated data formats. When searching for cyber clues, fraud investigators and counsel should consider the following electronic gold mines:

 

  • E - mails and attach*ments: E - mails and attachments can be created and stored on operating systems, USB drives, PDAs, digital cameras, music players, and more. When seeking e - mail evidence, be sure to request attachments associated with an e - mail. In addition, inquire about e - mail storage conventions, such as limitations on mailbox sizes/storage locations, schedule and logs for storage, and so on. Also ask for any information relating to corporate e - mail retention, preservation, and destruction policies.
    • E - mail evidence was instrumental in such high-profile fraud cases as those involving Bear Stearns in 2008, Citigroup analyst Jack Grubman in 2001, and Martha Stewart in 2002.

 

  • Web content: From public Websites to intranets, portals, and extranets, potentially relevant data can exist all across the Web. The growing popularity of blogs and vlogs (blogs that use video as the primary medium for distributing content) also makes the Web a priceless data mine.
    • Caution: When examining Web content, keep in mind that it may have dynamic features such as moving graphics and animations, sometimes rendering an auto-mated capture that merely records screen shots insufficient for the investigation.

 

  • Embedded data and metadata: Embedded data, hidden and unavailable to computer users who are not technically adept, can be a significant form of evidence in a fraud case. Likewise, metadata — the data about the data — includes information about who created a fi le, the date it was created, and when it was last modified.
    • Example: In an e - mail message, metadata header information would likely include the e - mail’ s author, the list of addressees, and the date it was sent. Embedded data and metadata can reveal a computer user’ s conduct by leaving behind information about the history, tracking, or management of an electronic document.

 

  • Instant messages: Communicating via instant messaging (IM) has become the modern equivalent of watercooler conversations in the workplace. Unfortunately for some individuals who type and send messages they may have intended for off the record consumption by a co-worker, these conversations have the potential to be permanently preserved on a computer hard drive or IM archive. Depending on the instant messaging software used, these conversations may be recoverable. The growing number of companies logging and monitoring IM chat sessions makes the chances of obtaining evidence of fraudulent activity better than ever before.

 

 

  • Emerging formats: Animations, digital audio, video and audio-visual recordings, and digital voice e - mails are parts of a growing list of new formats that can store valuable electronic evidence. Electronic data created and stored in these unconventional formats is discoverable, and prosecutors and investigators should not hesitate to request such data if it is relevant to the case at hand.

 

 

 

How to detect Fraud & Identify Theft:

 

 

The sooner fraud is detected, the lower the financial impact. Often the victim is the first person to discover fraudulent activity. Follow these suggestions to recognize the warning signs of identity theft:

1.    Monitor your accounts

Check your account activity frequently for anything unusual. View your online accounts to detect fraud earlier and contact your financial institution immediately if you see anything suspicious. Also, keep an eye on accounts that belong to your children, parents or other family members. If you suspect that any of your accounts with Ally have been compromised, please notify us immediately using the Contact section at the top of the page.

2.    Use online alert tools and services

Whenever possible sign up for email or text alerts that notify you when certain events occur such as ordering checks or reissuing debit or credit cards. It’s also helpful to set up threshold alerts to notify you of low account balances or unusually high account transactions. Alerts like these can help signal fraudulent spending, so you can put a stop to it quickly.

3.    Use a credit monitoring service

Consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.

10 warning signs of fraud:

  • Unrecognizable accounts on your credit report or inaccurate information
  • Bills or statements unexpectedly stop arriving by US mail. (This could mean an identity thief has taken over your account and changed your billing address.)
  • Checks are significantly out of order on your bank statement
  • Unreasonable denial of credit
  • Banks and financial institutions freeze accounts unexpectedly
  • Receiving credit cards without applying for them.
  • Notification that you’ve been denied credit that you didn’t apply for
  • Debt collectors contact you about merchandise you didn't buy
  • Notifications about address, password or information changes that you did not make

4.    Know the scams

If it sounds too good to be true, it probably is. Scams are not only limited to the Internet. Criminals also use phone, text, social media and email scams to gain personal information and commit fraud and identity theft. Here are a few typical identity theft and fraud scams.

5.    Watch out for wire transfer email scams

Criminals are actively using email schemes to defraud financial institutions and their customers by deceiving them into conducting wire transfers that appear legitimate.

These schemes often target individuals purchasing real estate or other parties involved in the transaction (broker, title agent, attorney, buyer/seller), for the purpose of altering the payment instructions and diverting funds used to close the deal. To avoid falling victim to these wire transfer scams, make sure to:

  • Verify wire instructions independently with the intended recipient before sending any funds.
  • Be cautious when conducting any transactions online or with unknown third parties.

6.    Too good to be true

  • You don't remember entering a lottery or contest, but are notified by phone, text, email or letter that you’ve won.
  • You’re promised to make extra money working at home in return for using your bank account to send or receive money.
  • You’re promised to receive a huge sum of money in return for transferring funds, often internationally.

7.    Request for Money

  • You're asked to pay money in advance for "administration fees" or "taxes" prior to receiving a prize or winnings.
  • A friend sends an urgent request for money via email or a social media site. One common scam scenario leads you to believe that your friend is traveling in a foreign country and needs money wired to them immediately.
  • You get an email notification that you are entitled to a long, lost relative's inheritance, but you must send money to claim your portion.
  • An advanced fee is required to stop foreclosure, modify a loan or receive advice from a company or individual to stop paying your mortgage. The FTC provides an informative videoon this subject.

8.    Shady sellers or buyers

  • While buying or selling a car online, you're asked to transfer funds or pay by mail via cashier’s check or money order.
  • The buyer overpays you with a check and asks you to refund the difference. Then the check bounces when you try to cash or deposit it later.
  • Always make sure checks have cleared before paying off loans and delivering items to a buyer.
  • Never trust a buyer or seller who refuses to talk on the phone or meet in person.

9.    Do your homework

Stay in the know about the latest scams and tactics by visiting  Onguard Online . This is a Federal Trade Commission (FTC) maintained site that provides practical tips on how to guard against Internet fraud, secure your computer, and protect your personal information.

Also, take the time to verify any calls or emails that you receive about your finances by contacting your financial institution directly. Locate the contact information from their company website, your online statements or other materials from the company.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • Cyber - Fraud Prevention:

 

  • Guarding against Newest Malware Threats:

 Malware is the term coined for malicious software designed by cyber criminals to damage a computer or network of computers. Malware comes in the form of viruses, worms, spyware, botnets, and other sinister - sounding cyber concoctions.

 

Important: Before use of the Internet became so widespread, most malware was created as pranks or vandalism. Now, however, malware makers are after big profits.

Example: Spyware is the term for malware programs that track the user ’ s computing activities and secretly gather information for advertisers or other parties.

 

It is often installed without consent during another program download or when the user clicks on an untrustworthy pop - up window. Similarly, latest generation Trojan horses are so sophisticated that the criminals who distribute them can use them to grab filled - out forms such as credit card applications, mortgage papers, and other documents containing confidential personal information while the victim is completely oblivious to the theft.

 

Moreover, as companies store larger and larger amounts of customer information, those that are unprepared are at greater risk of a malware infection resulting in a data breach. Customer information in the hands of criminal’s results in costly identity fraud and equally burdensome damage control for targeted organizations.

 

Preventive basics:

  • Keep your operating system updated. With the millions of lines of code, it’s foreseeable that a security vulnerability will exist that can be exploited by a malicious program writer.
  • Install a firewall — it’s a barrier that filters the information allowed into your system.
  • Install the most up - to - date antivirus software available.
  • Be prepared. No system is breach - proof. Recovery from such a disaster can be greatly facilitated if your organization regularly makes and maintains system backups

 

 

 

 

 

 

 

How You Can Reduce Your Risk of Cyber Fraud:

 

 

  • Cyber fraud had been escalating at worrisome rates even before the coronavirus pandemic. For example, during the first half of 2020, Arkose Labs, a fraud protection firm, discovered and blocked 1.1 billion online fraud attacks, more than doubling the volume of the second half of 2019.

 

  • Unfortunately, the epidemic has merely served to exacerbate an already alarming trend. Cybercriminals have escalated their efforts to steal sensitive information and engage in extortion as a result of increasing digital activity and greater concern. For example, the FBI reported receiving more than 3,600 reports regarding COVID-19-related scams by April 21, when the pandemic was still in its early stages.

 

  • Furthermore, no one or institution has been spared from the attacks; government organisations, private businesses, and people have all been affected. Unfortunately, phishing tactics against first responders and bogus COVID-19 websites with malware have been used to deceive anyone looking for information about the virus.

 

  • Obviously, greater caution is essential at this time. Fortunately, you can dramatically lower your risk by following a few simple best practises, which have been and will continue to be the best defence against cybercrime in any setting.

 

 

 

 

 

 

 

 

The Pervasiveness of Cyber Fraud:

 

Cybercriminals are continually refining their attack strategies in order to find new ways to get around controls and steal assets and money.

 

1.7 Million

Fraud Reports

26%

Have been breached

375 thousand

Malware threats

In 2019, the Consumer Sentinel Network, the Federal Trade Commission’s database that stores reports from consumers about problems they experience in the marketplace, registered over 1.7 million fraud reports, totalling $1.9 billion in losses, an increase over 2018. (Consumer Sentinel Network Data Book 2019, January 2020).

Globally, 49% of companies surveyed say they have experienced a data breach at some point and 26% say they have been breached in the last year. (2020 Thales Data Threat Report Global Edition).

McAfee Labs observed 375 malware threats per minute in Q1 2020. (McAfee Labs COVID-19 Threats Report, July 2020).

 

 

 

 

 

  1. Continually update your computer and mobile devices.

Cybercriminals frequently gain access to information by using known flaws in the software and operating systems that run your computer or phone. Updates are crucial; patching these flaws and vulnerabilities can make it less likely that you will become a victim of a successful cyberattack.

 

  1. Employ anti-virus software and anti-malware protection on your computers.

Cybercriminals also use technical attacks to deploy viruses, botnets, malware, keyloggers and spyware to infect or take over your machine. Most new machines will come with a free anti-virus software trial pre-installed that you can purchase once the trial is over, but there are literally hundreds of anti-virus applications available. Make sure the software solutions you choose provide adequate protection, keep them updated with the latest virus definitions and schedule full scans for at least once per week.

  1. Use good password habits.

Do not repeat passwords across multiple websites, change your passwords every three to six months, and create strong, difficult-to-guess passwords. New research indicates that long passwords can be just as effective as passphrases if you avoid terms or names that can be directly tied to you. Remember to use a combination of letters, numbers and symbols whenever possible. For a brief description of passwords and passphrases, visit SANS Security Awareness.

 

  1. Strengthen your home network.

It may seem daunting to manage all of your devices, but starting with your internet router will improve your security at the source. Change the password from the default provided by your ISP, and choose the appropriate encryption, starting with at least Wi-Fi Protected Access 2 (WPA2). Also, check your router to see what is connected; the number of items connected may surprise you. To view a quick guide regarding router security, read How to Boost Your Router Security from Consumer Reports.

 

  1. Access to your computer and devices.

For mobile devices, enable a PIN/passcode and choose the option within your settings for auto-lock. For computers, keep multiple profiles, which will enable you to apply restrictions to accounts used by younger children.

 

  1. Back up the data on your computer and your mobile devices.

Even the best machine or device may become compromised or crash. Regular backups to an external hard drive will help you recover your information in these situations. They can be purchased at any electronics store and programmed to perform nightly backups of either specific files or everything on your computer. Make use of redundant backups by using an external hard drive and a secure cloud provider for irreplaceable items, such as family photos.

 

  1. Talk to your children and family about internet security.

Young children are vulnerable to even the most basic of cyber tricks. Teenagers, while savvy, are online more frequently and often visit riskier sites, such as file sharing platforms for movies, videos and games. And older family members have what every criminal wants: financial assets and limited digital knowledge.

  1. Understand and protect against identity theft.

Certain types of personal information can be used to commit fraud, such as account takeovers, unauthorized money transfers or new lines of credit opened in your name. This may result from malware on your computer, social engineering that tricks you into giving personal information over the phone or internet, or a thief stealing your mail or trash to access personally identifiable information. You can protect against identity theft by following several best practices — including shredding sensitive documents, avoiding suspicious links and attachments in your email, learning to recognize and block Smishing attacks and reviewing your credit report on a regular basis.

  1. Know what to do if you become a victim.

If you discover that your information has been exposed, you may want to enable a fraud alert or a credit freeze on your credit information. A fraud alert on credit reports requires potential creditors to contact you and obtain permission to open new accounts or lines of credit. A security freeze may help block institutions or lenders from accessing your credit report, unless a pre-set PIN is provided to “thaw” the report, which prevents them from opening new accounts in your name.

  1. Keep control of your information.

Do not automatically hand over social security numbers, account numbers or other highly sensitive information just because you are asked. Also, never release your credit or debit card information to someone who initiates contact with you.

 

 

 

 

 

 

Important Steps That All Cyber Crime Victims Must Take:

 

There has been a 350% surge in cybercrime cases registered in India*. From crude phishing emails to sophisticated malware attacks, the thefts are designed to steal private data or disrupt access to your systems

Factors like high-speed internet connectivity, increase in smartphones usage, and lack of awareness about Internet security often play a role in consumers falling prey to cyber criminals.

While it is advisable to be safe and secure, it is equally important to know what to do when you become a victim of cybercrime.

Here are some actions you should take to minimise the risk.

1. Disconnect and Detach

In case of an ongoing attack on your computer or IT infrastructure, your first step should be to disconnect the device from the Internet as this is the most effective way to prevent further loss of data

In case of cyber bullying or cyber stalking, one should simply step away from the screen before proceeding to initiate legal action.

In the event of a successful phishing attack where you are conned into revealing private and confidential information, you should immediately initiate steps like:

  • Freeze your bank accounts and credit cards
  • Alter your Internet an d mobile banking passwords
2. Take Legal Action

Do not ignore and delay the process, initiate legal action even as you are trying to minimise the negative consequences of the cybercrime. Contact your local Cyber Crime Investigation Cell to file a written complaint against the cyber criminals. Provide detailed information about:

  • Nature of the crime
  • Extent of damage
  • Relevant documents, data, and other information relevant to the compliant

 

Never make the mistake of presuming that cyber criminals cannot be caught. Provisions under the Information Technology Act and the Indian Penal Code define cybercrime as a punishable offence. Complaint against a crime committed in Delhi can be filed even in Mumbai. Hence, don’t delay filing the complaint because the cybercrime occurred when you were out of town.

3. Inform your Contacts

Theft of your virtual identity can be misused by the cyber criminals to steal information and data from all your online contacts. Use social media to spread word about the incident. This simple step will minimise risk of your identity being misused to commit further crimes, and will ensure better awareness about cybercrime amongst your friends and relatives.

4. Take Preventive Steps for the Future

Install licensed antivirus software, use a strong password with a combination alpha numeric character and never disclose your banking details to anyone.

While cyber thefts continue to remain a challenge and no one is immune to it, however the right action at the right time will definitely help reduce the damage.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Real examples:

1.Invasion of the Facebook Account Snatchers! 

You wake up on a weekday morning and see an email notification on your phone. It lets you know that your Facebook email has been changed to an old Hotmail address you haven’t used in years. The next email in your inbox informs you that your Facebook password has been changed. 

 You sit bolt upright in bed. This can’t be right! You try to log into Facebook, but your old password won’t work. 

 Okay, don’t panic. This can be fixed. You find that one of the notification emails has a link to secure the account if this change was unauthorized. Relieved, you click it, ready to get your account back. But the whole page is in Turkish, incomprehensible. You can’t make heads or tails of it, or find a way back into your account. 

Pulling up your account by URL you find somebody else’s face on your profile, and somebody else’s name. Your account has been invaded, and somebody else has taken your place. They have access to all your messages, your friends, your photos and personal information about you stored in your account. Even other websites and apps that you use Facebook to access. 

Somebody has stolen your digital life from you! 

The Reality 

This really happened to Jeff Bercovici, Inc.’s San Francisco bureau chief. 

So how did the hacker get access to his Facebook profile? Through an old Hotmail address that Jeff hadn’t used in years. Hotmail will release old addresses to be re-registered if they haven’t been in use for two or more years. 

This old email account was still connected to Jeff’s Facebook profile, and the hacker was able to use it to get in. He then changed the password and the primary email and took total control of the account. If Jeff wasn’t a tech journalist with connections at Facebook, it might have taken him a lot longer to get his account back. 

What can you do to prevent this? 

  • You should check your security settings on your Facebook account. 
  • Check for any connected email addresses and remove old ones. 
  • Make sure you have two-factor authentication enabled. 
  • Lock down privacy settings to prevent people from using your Facebook account to gather information about you. 

2. The Silence of the Phones

You’ve had a great weekend up in the mountains, enjoying the clean air and beautiful weather. You phone hasn’t rung once, and you honestly haven’t missed it. 

  You pull into the driveway, and suddenly your phone blows up with messages, emails and notifications. It seems your bank card’s PIN has been changed and multiple withdrawals have been taken out of your accounts. 

How was this possible? You set up two-factor authentication for all of these services, nobody should be able to access them without a code sent only to your phone. 

 You immediately call your bank, only to find that you have no cell service. You only got these messages because your home wifi connected. You can’t make or receive calls at all! Somebody has stolen your phone number. And with it, your bank information, your social media accounts, your email. 

You see messages pop up from some of your friends, wondering why you’ve been asking for so much money... 

The Reality 

This is exactly what happened to Christine, who writes the Her Money Moves blog. She suspected that hackers somehow got to her money through her use of a mobile banking app, despite the fact that she never saved her password in the app. 

 It’s impossible to know how exactly they got access to her banking information, but they certainly took control of her phone number. 

 This kind of theft is becoming more and more common. With a few basic pieces of information, like the last four digits of your Social Security Number (perhaps from a website breach), somebody can impersonate you when calling your cell service provider. They might even go so far as to walk into a cell phone store and impersonate you, complete with a fake driver’s license

 Once they have your number attached to their phone, all of your two-factor authentication becomes meaningless. 

What can you do to prevent this? 

It might seem like there’s nothing you can do here, but there are a few important preventative measures you can take. 

  • Call your cell phone company and set up a “verbal password” or PIN. 
  • Make sure that this password is required for all account changes. 
  • Make sure that web access to your account is highly secured and also uses two-factor authentication. 
  • Once this is completed, try to hack yourself. Call you cell company from a friend’s phone and see if they’ll let you make changes without the pin.

 

  1. 210 days later:

You wake up one morning and find yourself locked out of your Instagram. Checking your feed, you can see that somebody has been deleting your photos, uploading other ones. 

Somebody has stolen your Instagram account. You don’t want to care, but it’s an important part of your professional life. You had a verified account, surely it can’t be that hard to get it back. 

But the company is run by ghosts. Nobody responds to your support requests. You try their website, but the “help centre” is useless. Every article leads back to an article you’ve seen before, a form you’ve already tried. You wander this maze of “help” pages endlessly, submitting forms and getting no response. 

And through all of this, nobody will talk to you. Not one single human has reached out to you about your issue. Days turn into weeks, and you try everything again. Weeks stretch into months. Still no response. You try every help form again, and again, and again. 

Finally you realize that you are alone. Nobody is ever going to help you get your account back. The only replies you can expect are from robots: cold, uncaring, and unable to help you. 

The Reality 

Rachel Tsoumbakos detailed the arduous process of trying to get her account back in this blog. She submitted form after form, tried every support address she could locate, and nobody would help her. 

Her blog chronicles months on end of trying to get her account back, as well as the process that finally helped her get access.  

 She was contacted by what seemed to be a person but was probably just a bot, asking for a picture of her holding a hand written sign including a code they’d sent her. It took a few tries, and she found that writing in thick black marker was what did the trick. 

 After 7 months of waiting, she was finally granted access to her account again. 

 

What can you do to prevent this? 

First, do everything you can do lock your account down. The best way to deal with this is to prevent yourself from getting hacked in the first place. See our instructions for Facebook above, which include: 

  • Check for any connected email addresses and remove old ones. 
  • Make sure you have two-factor authentication enabled. 
  • Lock down privacy settings to prevent people from using your Instagram account to gather information about you. 

If you’ve already been hacked, here are a few Instagram resources:

  • Try calling their support number: 650–543–4800 
  • Try their support address: [email protected] 

 

 

This topic was modified 3 years ago by sakshi_kanani
 
Posted : 18/04/2022 11:45 am
Share: