As the world adapts to the internet, cybercriminals have become more sophisticated in their approach.
Cybercrimes now come in different forms and each customized approach is designed to effectively access individual targets and corporate organizations.
According to the 2023 World Economic Forum risk report, cybersecurity is among the top 10 current and future global risk, with a projected cost of $10.5 trillion by 2025.
In light of continuous digital dependence in the global economy, the need for end-to-end control, amongst others, is now being highlighted.
There are at least 7 categories of cybercrimes that affect both individuals and corporate organizations.
- Phishing scams: Phishing scam involves the use of scam emails, text messages or phone calls to lure unsuspecting people to take an action which can compromise their online safety. Most phishing scams are carried out via email messages or text messages and normally encourage victims to click on a link or open an attachment. Taking any of these actions can lead to the installation of malware or the revealing of sensitive information.
- Identity theft: As the name implies, identity theft is when someone steals another person’s personal data including bank account details, social security number or credit card data to commit fraud or other criminal activities.
- Malware infections: Malware is also known as ‘malicious software’. It is designed to disrupt systems and networks and gain access to sensitive information.
- Social engineering attacks: Social engineering attacks exploit human psychology to gain access to systems and networks. Common techniques include the use of fear, curiosity, greed or empathy to entice victims to take an action. A good example is a fake email from the ‘bank’ asking for immediate supply of passwords to prevent a restriction on a bank account.
- Online banking fraud: This happens when cybercriminals gain wrongful access to online banking systems to steal money and carry out other criminal activities.
- Ransomware attacks: Common in business organizations, ransomware attacks are a kind of malware attack that deny owners access to systems and networks except upon payment of a ransom at a stated deadline. In the process of these attacks, data and files are encrypted, thereby rendering them useless.
- Business email compromise (BEC): As the name implies, Business email compromise is a kind of phishing attack aimed at businesses with the ultimate goal of stealing money or sensitive information.
According to the 2023 Verizon data breach investigations report, phishing scams take the lead with 46% occurrence when compared to other kinds of cybercrimes.
Identity theft follows closely with 37%, then malware infections with 34%, social engineering attacks (28%), online banking fraud (25%), ransomware attacks (22%) and Business Email Compromise (18%).
The threat actors are continuously innovating new ways to commit online fraud. As a digital citizen, you must take responsibility to protect yourself from their various tactics.
Individual best practices
- Minimize your digital footprint: Use VPN, deactivate old email and online accounts, disable location tracking and unsubscribe from unnecessary newsletters and subscriptions.
- Shred sensitive documents: Any document containing personal information should be thoroughly shredded before disposal to avoid getting it into the wrong hands.
- Keep your software updated: Updated software does not just provide new and improved functionality; it patches security flaws. These patches in turn block threat actors from planting malware.
- Use strong passwords: It is advisable to combine alphabets, numbers and special characters when creating a password to avoid easy guesses. In addition to this, activate two- factor authentication for all online accounts.
- Take it easy with the downloads: Be cautious of downloading software indiscriminately- some of them may contain malware or other disruptive agents.
- Shop on secure websites only: Limit your online shopping to selected, secure stores. If you must shop on a new store, ensure it is safe before you punch in your personal data.
- Scan inbound messages: Be cautious of opening mails, links or attachments from unfamiliar contacts. If you are unsure about the authenticity of an email from a seemingly genuine organization or individual, try to confirm from the sender directly before taking any action.
The digital landscape is an ever-evolving resource and so proactive measures against threat actors is an ongoing process. The list of online precautions will expectedly be updated- cyber criminals are constantly exploring new methods of perpetuating cybercrimes and we must be a step ahead to combat their efforts.