FBI’s Christopher Wray lays out elevated threats facing US

FBI’s Christopher Wray lays out elevated threats facing US

The pandemic’s increase in remote work and time spent online, along with the uncertainty and fear about the global health crisis, likely resulted in increased attack opportunities for cybercriminals to exploit.

“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” Jürgen Stock, INTERPOL secretary-general, said in a statement in late 2020, alerting the public to increased danger during the pandemic. “The increased online dependency for people around the world is also creating new opportunities, with many businesses and individuals not ensuring their cyber defenses are up to date.”

At the same time, phishing schemes and other cybercrimes are becoming increasingly convincing and high-tech.

Phishing

Phishing campaigns can use fake social media profiles and often closely research their victims to send them job offers, invitations to fake events, or links to websites tailored to their interests. There have even been cases where hackers establish Zoom calls with victims and post phishing links directly in the chat. Hackers are also making use of assistive artificial intelligence chat tools to send more legitimate-looking messages, free of typographical errors, long seen as a bellwether of fraud.

Forrester Research analysts note phishers are increasingly combining voicemail and text to attack victims. The cybercriminal leaves the victim a voicemail about the text or email they’ve sent, increasing both the perceived legitimacy and urgency of the fraudulent request. These cybercrimes, more specifically called vishing and smishing respectively, are increasingly more common.

The danger of phishing in general is significant. In spring 2022, an employee at Allegheny Health Network received a malicious phishing email link and had their email account compromised. Before being shut down, the attacker was able to access confidential files for over 8,000 patients, including names, birthdates, addresses, treatment and diagnosis information, and even financial account data and Social Security numbers in some cases.

Phishing victims by far outpaced all other kinds of complaints in the IC3 report, with nearly 300,500 complaints lodged in 2022. The next closest were personal data breaches, at just shy of 60,000.

Cryptocurrency-related fraud

Reported losses from crypto-investment schemes also skyrocketed, going from about $100,000 in 2020 to over $2.5 billion in 2022, significantly driving up the overall loss value.

Many of these victims were enticed into joining an online crypto-liquidity-mining scheme where participants were told they would earn money in exchange for lending online exchanges their cryptocurrency. But once the victims linked their wallets to the exchange, the scammers drained their holdings instead, prompting an FBI Public Service Announcement.

One victim of such a scheme was induced to part with $22,000 after being initially drawn into a flirtatious chat through the MeetMe online dating app, according to Sean Gallagher, principal threat researcher at security firm Sophos. After a bit of light conversation, the attacker offered to “teach” the victim how to make money through the mining scheme and steered them to a series of apps and online wallets, ultimately leading to their being defrauded. The scammers even used generative AI to craft text messages to send to the target.

The FBI recommends businesses and individuals take several steps to protect themselves against cybercrimes: Update operating systems and software, train users about phishing threats, and keep offline backups of data. Users should also check email headers to ensure emails are from who they appear to be and never click on links in emails or text messages. Instead, users should open a browser window and type in the legitimate address of any website that they’re told needs attention.

The true number of cybercrime victims is much higher, and many crimes go unreported, the FBI estimates. Observers theorize that a combination of embarrassment and the perception that law enforcement won’t act is keeping the number of reports down.

Story editing by Jeff Inglis. Copy editing by Paris Close. Photo selection by Michael Flocker.

This story originally appeared on Drata and was produced and distributed in partnership with Stacker Studio.

Originally Appeared Here