COVID-19 Update: Despite Covid-19 it is very much business as usual at ramsac. Our team are working remotely to continue to deliver the industry leading IT support and project work you expect from us. Please get in touch to find out how we can support your business or check out our Covid-19 resources.
Posted on June 4, 2020 by Louise Howland
No business is too small to be the target of a cybercriminal. With an estimated 65,000 attempted attacks happening in the UK every day, on small businesses alone, it’s never been more important to find new and effective methods for tackling cybercrime. One such method is to try to think like a cybercriminal. By better understanding a cybercriminal’s motives and techniques, it becomes easier to pre-empt and prepare for an attack.
Cybercriminals’ motives are almost always to obtain sensitive data to use for financial gain. Sensitive data refers to the following personal information:
The methods with which a cybercriminal uses such information to their advantage can differ.
Some small scale cybercriminals will seek to obtain an individual’s personal details to then sell on the dark web. The buyer of this information will then most likely use it to commit fraudulent activity.
If a cybercriminal is able to obtain a person’s sensitive data, it is often possible to access their bank accounts. This means that the criminal can make any desired payments, such as online purchases, moving money into an alternative bank account, or deposits on larger items such as a holiday or car.
Instead of directly seeking access to a person’s money, some cybercriminals look to steal personal data in order to ask the owner of that data for ransom. This type of cybercrime is more common among businesses than individuals because a business is more likely to pay a large price in order to protect the data of their employees or customers.
The loss of such data can be hugely detrimental to a business because it means their existing stakeholders will lose trust, and potential new customers will be put off. Learn more about preventing ransomware attacks.
While most types of cybercriminals want to obtain monetary funds, there are a few who have other, more personal motives.
Cybercriminals are sometimes motivated by arrogance; they consider successfully hacking an individual or business as a trophy to be bragged about. This is most likely to be the case for small-scale criminals who are often operating on the dark web. They communicate with other cybercriminals and talk of their ‘accomplishments’ in acquiring information or access to funds.
Another type of cybercriminal has political motivations. These people seek to cause financial or reputational harm to a government or political group for the purpose of sabotaging their regime or campaign. Such criminals work on a larger scale as part of an organised cybercrime operation.
There are all kinds of levels of cybercriminals, from small scale individuals to bigger organised cybercrime groups. They can be somewhat separated into the kind of activity they carry out.
The goal of some cybercriminals is to access other people’s personal details in order to impersonate them and commit fraudulent activities. This could be anything from applying for loans to online gambling and other purchases.
Often, a victim of identity theft is unaware of the attack until they notice missing funds or they receive unexpected communication such as from a loan provider. This is because the cybercriminal has been able to obtain personal information without being detected, simply by hacking into a person’s online accounts. Those with weak passwords are likely to find that they are more vulnerable to hacking, and when there was less encryption on banking apps, for example, it was easier for a cybercriminal to gain access.
One of the most common types of cybercriminal is a phisher scammer. These people create false communication from a seemingly trustworthy source, such as a bank or government organisation, in order to trick people into offering up their personal details. Methods of phishing can be via email, text message (known as smishing – SMS phishing), or a copycat website.
Many cybercriminals are extremely skilled at replicating genuine communications, and so it’s not difficult to fall victim to such a scam. The best advice is to be doubtful of unexpected communication and be on the lookout for spelling mistakes and other errors. Find out more about how to spot a phishing email.
This is a more long-term approach to cybercrime, and therefore perhaps slightly less common. It involves a cybercriminal stalking an individual’s or business’ online activity over a substantial period of time, to obtain personal information, bribe them, or commit slanderous activity. This is generally done through social media platforms and malware, which can track computer activity with minimal detection.
Such cybercrime can be extremely harmful to businesses. An internet stalker can use the information they find to cause emotional distress to their victim, reveal damaging information about the company or its employees, or steal data for blackmail.
At the larger end of the cybercriminal-scale, are those who use techniques to commit digital terrorism. This kind of organised cybercrime involves attacking governments or political groups. The perpetrators work to obtain data, or even corrupt computer systems and networks for bribery or to expose information.
The overall goal of this type of cybercrime is to cause harm to countries, governments, or political groups in the form of a digital attack. The motivations could be to do with opposing politics within the same country, or hostile relationships with another country.
To lower the likelihood of an attack, it’s useful to think like a cybercriminal. If you can understand the various types of digital crimes and cyber criminals’ motives, you can better understand how your data could be accessed, and what measures you need to put in place to stop this from happening. One of the most effective defences against all types of cybercrime is a human firewall; that is, knowledge and understanding on the part of the device-users. Discover how secure your human firewall is, and what you can do to improve it.