As our society has become more high tech and our daily lives have become more intertwined with the internet, in many ways traditional daily tasks have become effortless and more convenient. However, this has also benefited criminals as well, as the proliferation of online financial crime has grown. Cyber theft resulted in losses of more than $450 billion in 2016 around the world, with this number growing to a projected $6 trillion by 2021.[1]
In this particular article (part of a series), we explain some of the most common online Phishing scams in today’s (2018) world , taking into account findings by the Better Business Bureau (BBB), with a particular focus on Ransomware.[2] We will not only discuss these crimes themselves, but also ways you can protect mom and dad from such crimes. If you missed Part I, we discussed financial crimes not involving the internet. In Part III (next month), we will focus on more personalized scams.
What is Phishing?
The rise in phishing scams has outpaced any other type of financial scam in this country. In fact, phishing barely made the top 10 financial scams of 2016 by the BBB (#10); just one year later, it was #1, both nationally and even more locally in the Chicagoland area.[3]
So what is phishing? Phishing is a cybercrime in which a target or targets are contacted generally by email (but can be done by telephone or text message) by someone posing as a legitimate institution to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details, and passwords. The information is then used for a variety of nefarious purposes, accessing your accounts/information, or stealing your identity. The perpetrator could also lure the email recipient into opening a hyperlink (which resembles a genuine establishment) that contains a computer virus, many of which we will discuss below. Since we discussed many other types of phishing scams in part I (many of which were mail/phone “phishing” scams that work similarly via email), we are going to focus on one particular type of internet phishing scam that is becoming increasingly popular – Ransomware.
The Rise of RansomWare
With the rise of cryptocurrency (Bitcoin, Ethereum, etc.), the vast majority of phishing scams nowadays (93%)[4] have a goal of infecting your computer with a type of nasty malware (mainly viruses) known as Ransomware. You may have heard about some of the recent Ransomware threats – WannaCry, NotPetya, CryptoLocker – they have all hit the news. There are generally two types of ransomware (but more popping up each day) – Locker ransomware and Crypto ransomware, both of which are similar in nature, so for purposes of this discussion we will discuss them together. After infecting your computer, both types of ransomware allow the criminal to take over your computer (think of remote access), locking your computer completely/encrypting all of your files, and when you boot up your computer, you will only see a locked screen with instructions for how to get access back.
The perpetrator will demand payment through a cryptocurrency (typically Bitcoin) within a set period of time (given that cryptocurrency transactions are completely anonymous, this makes for a perfect currency for a hacker). If the payment is not made, you are told that your computer/files will be lost forever in an abyss, and you will never recover it/them.
As Cisco Systems has noted in its 2017 Annual Cybersecurity Report, the proliferation of ransomware has risen dramatically, with the growth of ransomware growing at a 350% clip each year. This development has led to a cost of $1 billion in 2017 alone, up from just $325 million in 2015 – this number is expected to grow to $6 trillion (not billion, trillion) by 2021, making it more profitable than all drug trade in the world combined.[5]
There are additional types of ransomware as well, some of which are even worse. For instance, one type of attack takes control of the camera on your computer, and tries to catch you in compromised situations, at which point the blackmail comes into play. One of the most lucrative forms involves businesses. In this form, companies get infected by a piece of ransomware, which provides the hacker with some form of sensitive data – this could be emails of the executives (emails that they would prefer were not public), private customer/client data, etc. Once the hacker has such information, they threaten to go public unless a large ransom demand is paid. It works very similar to other ransomware schemes, but the dollar amounts that can be extorted are bigger, which can attract more sophisticated attacks.
How Do I Protect Myself?
The good news is, there are some white knights on our side which work to counteract RansomWare/other phishing scams that try to infect your computer with viruses/worms – antivirus software companies and their software. These bastions of the cyber world have a few key pieces of advice for us laymen to follow (This is obviously not our area of expertise, but based on our research there is a basic level of protection that is universally called for by every IT security expert).
The first step is to make sure that you have reputable antivirus software in place on your computer to combat the bad actors in the online world. Not only do you need to maintain antivirus software, you need to keep it as up to date as possible, so do not wait to download updates as they come – there is a reason you receive so many of them!
Second, it is critical that you not only keep your antivirus systems up to date, but also your operating system, applications, programs, and most important of all – your third party plug-ins (Java, Flash, etc.). While updating the security on your operating system is a task you are probably used to (many operating systems force you to download security updates), we rarely think about updating our third party plug-ins, and the criminals know this. In fact, third party plug-ins are one of the biggest targets for imbedded ransomware.[1]
Third, you should back up your data, preferably on both a non-connected external hard drive and also the cloud. A locked/ransomed computer is a bit more of an empty threat when you have all of your data saved, as worst case you can just wipe your computer and move your backed-up data back to your “fresh” hard drive.
Fourth, put yourself in the perpetrators shoes – there is a reason they call it phishing. The primary method of infecting computers is to “spray ‘n’ pray” and hope that you open one of the million of infected spammed emails that you receive. However, it is not enough for you to open the email – you generally need to click on an attachment or URL to infect your computer, so avoiding any suspicious looking emails certainly helps. However, we know too well that many of these shady actors are cunning and do their best to trick you. This means you may receive an email that looks and feels like an email you would receive from a company that you trust, if only you took a closer look. Below is a faux-email from Facebook, but if you do a simple Google search of any company (fake Amazon email, fake Google email, etc.) you will see that there are literally thousands of examples of fraud phishing emails trying to get you to click through so your computer can be infected:
You will notice that the Email Display Name says Facebook, which lulls you into safety. If you take a closer look at the actual email address (Username/Local Name and Domain Name), it is absolutely not Facebook – this is how you can tell if the email is “real” or not. While your spam filters are good about grabbing the vast majority of these emails, they do not always catch everything, so always make sure to take a closer look at the email address before opening anything within the email.
They Got Me, Now What?
In many of the articles we read on “what to do if you have been infected by ransomware,” they would typically start out by stating that the “best form of protection against ransomware is to avoid it in the first place.” This is salt in the wound for those who have been infected. This will probably happen to all of us at some point in our lives – so what should you do when you get infected by ransomware?
First, if your corporate computer is infected, you should let IT know ASAP – do not wait until tomorrow or after lunch, do it NOW! While you are eating your salad from Panera, the hackers may be infiltrating every computer in the company. Letting the company know so that they can segregate your computer from the rest of the network will be really important. They should know what steps to take.
If instead, it is your personal computer, you may be able to determine by a simple Google search what type of ransomware has affected your computer – some strains of ransomware actually have decrypters/vaccinations (some of the simpler versions).
However, many of the more modern strains are pretty bulletproof by design. So here is the million dollar question – do I pay the ransom? This is a really difficult question, and there is a push and pull between the hypothetical and the practical.
The FBI/government is on the side of never paying the ransom. Why? If you pay the ransom, there is no guarantee that they will unlock your computer/decrypt your files (we are talking about criminals) – in fact, they may try to extort more money since they see an easy “mark” with enough resources to pay up. Also, you are perpetuating the business – the more people pay, the more lucrative the business is, leading to even more strains of ransomware and criminals extorting the innocent.
However, the above sounds nice when we are discussing a hypothetical. In the end, we live in the real world, and if you lose files critical to your business or all the pictures of your young children, it makes the decision much more difficult. Thus, you need to weigh the above against the loss of your files. We wish there was a better answer, but there is a reason that 97% of phishing schemes are ransomware – it simply works.
If you have any questions about the above, we have done a significant amount of research in this area, and while we are not experts, we can certainly provide some direction – feel free to reach out to either of us.
[1]https://www.cnbc.com/2017/07/25/stay-protected-from-the-uss-fastest-growing-crime-cyber-attacks.html
[2]https://www.bbb.org/scamtips
[3]http://abc7chicago.com/business/better-business-bureau-top-scams-of-2017/2856491/
[4]https://phishme.com/enterprise-phishing-susceptibility-report
[5]https://blogs.cisco.com/financialservices/ransomware-lessons-for-the-financial-services-industry
[6]https://www.wired.com/2016/05/4-ways-protect-ransomware-youre-target/
Karen DeRose and Anthony DeRose are registered representatives of Lincoln Financial Advisors.
Securities and advisory services offered through Lincoln Financial Advisors Corp., a broker/dealer (Member SIPC) and registered investment advisor. Insurance offered through Lincoln affiliates and other fine companies. DeRose Financial Planning Group is not an affiliate of Lincoln Financial Advisors.
CRN-2014068-020118