Did you know that 97% of internet users are unable to recognize cybercrime? With cybercrime on the rise, it’s time that employees begin to raise the red flags and recognize the threats. Otherwise, more companies will end up like Shields Health Care Group, experiencing a leak of over 2 million patients’ details after their cybercrime incident last year.
Learn how to safeguard against cybercrime and block the financial effects of cyber fraud by using Trustpair – a platform that controls payments and prevents transactions to unknown third parties. Contact an expert to learn more!
What is cybercrime?
The definition of cybercrime is the illegal use of communication devices to commit an illegal act. Broadly speaking, this puts cybercrimes into one of two categories:
- Crimes targeting a communication device (for example: a ransomware attack designed to encrypt files and halt operations at an organization)
- Using a communication device to commit other crimes (for example: using a computer to commit money laundering)
Cybercrime perpetrators work by exploiting vulnerabilities in computer systems, workflows, and human nature. They could use technical hacking skills, or manipulate the humans on the other end by using social engineering techniques.
In each case though, the perpetrators commit cybercrimes because the conditions of the fraud triangle have been met.
The fraud triangle lists three separate motivations to commit fraud:
- Incentive: this could be external pressure, such as rent payments going up
- Opportunity: the perpetrator can spot a vulnerability in the system to exploit
- Rationalization: there is a good reason to commit the crime, for example, an ex-employee who was fired from their job might rationalize a cybercrime on their previous employer because they ‘deserve’ the money
What are the main types of cybercrime?
While the term cybercrime really describes any illegal act committed over the internet or using an electronic device, there are some common types:
- Identity theft
- Social media fraud
There are other types of cybercrimes like cyber-bullying that we won’t cover in this piece.
Phishing is easily the most common type of cybercrime – just think back on all of the scam emails sitting in your spam folder. Falling victim to phishing cost the average US company $4.35 million in 2022.
Phishing happens through the impersonation of someone trustworthy. In a business setting, scammers typically send emails pretending to be a vendor or third party like an external IT support team.
But in some cases, they do enough specific research on a company to figure out who is approved to make payments, through spear phishing. Then, the Ponzi schemers impersonate the CEO or another senior executive, asking for an urgent invoice payment. This is known as CEO fraud.
Ransomware attacks are much more technical than phishing, because they rely on computer hacking skills. Indeed, the cybercriminals hack into a device or its network and encrypt the essential files. When daily operations are hampered due to the inaccessibility of the locked files, the fraudsters request a payment to unlock them.
Ransomware attacks most often target large corporate businesses, because the inconvenience factor costs their revenue. That’s the reason why this type of cybercrime is so successful – because without key files, products and services also go down.
On average, a ransomware attack costs $4.5 million for companies that fall victim in America.
For businesses that collaborate with external partners, ransomware attacks can be particularly damaging too. Indeed, if partners rely on your services to enable their own, malware attacks can compromise multiple different companies at once.
Identity theft, or third-party fraud as it is sometimes known, is another typical cybercrime. In this case, the fraudsters attempt to bypass online security measures to access the accounts of a victim, either for the purpose of data collection or access to money.
Although identity theft is widely known for targeting individuals, the perpetrators can also target company employees. This is a particular risk for companies that publish freely accessible information about their employees online because the fraudsters might use the information they find on social media to target victims.
Once cybercriminals gain access to the credentials they need, they might use the details to transfer themselves money or access sensitive information that could later be sold on the dark web.
Social Media Fraud
Social media fraud is definitely a newer form of cybercrime, but it should not be underestimated.
Cybercriminals commit social media fraud by first creating fake profiles, which they fill with photos and posts to make them look legitimate. Then, they’ll target a victim by befriending them and sending messages. The messages will contain links to malicious websites, spoofed to look like the real deal.
If the victim believes the ruse, they’ll end up giving their log-in and password information to the fraudster, which might then be used for:
- Logging into other accounts of the victim to access confidential data (especially if the password is re-used)
- Transferring money to themself
- Holding the account to ransom for payment
- Being sold on the dark web
Learn all there is to know about payment fraud in the B2B sphere by downloading our latest fraud study!
Real-life examples of cybercrime
Here are two key examples of cybercrime:
- Marriott data breach
- Twitter credentials verification
Marriott data breach
In one of the largest data breaches ever reported, the Marriott hotel brand became the victim, alongside over 300 million of its customers. What’s worse, is that although the breach happened in 2014, it wasn’t actually discovered until 2018.
The legacy booking system that Marriott continued to use was incredibly vulnerable as it is, but cybercriminals doubled down with phishing emails. They spoofed known third parties, and the emails contained malicious links. Once clicked on, spyware was downloaded onto the network which meant that the perpetrators had access to the system.
From there, they could access the credentials of over 300 million global customers, including credit card numbers and driving license numbers, names, and addresses. The Marriott Group was fined $23.8 million by regulators for failing to comply with standards.
But it caused more than a negative financial outcome. In fact, Marriott also suffered from huge reputational damage after the hack and was viewed as untrustworthy data storers. There is no doubt that this had an effect on their later customer numbers, revenue, and share price.
Twitter credentials verification
In 2020, Twitter’s share price dropped by more than 4% after their data breach was announced. Here’s how it happened:
- As the pandemic grew in March 2020, Twitter employees were told to work from home
- Without established work-from-home policies, employees received an email from a spoofed address. It asked the employees to ‘reconfirm’ their credentials for remote access to their work accounts
- This was a scam, using the social engineering technique of pretexting to look legitimate, but a handful of employees fell for it
- Once their credentials were input, the cybercriminals accessed the employee accounts and reached the central dashboard of Twitter
- The scammers accessed high-profile celebrity accounts (such as Bill Gates and Barack Obama), and sent out scam tweets collecting donations to a fake bitcoin scheme
The cybercrime hack generated approximately $110,000 for the perpetrators and led to Twitter establishing better internal controls for account verification.
How to detect cybercrime
Cybercrime detection is all about knowing normal levels and being alert when things change. For example, if a supplier requests an urgent transfer to a new bank account at the last minute, it might signify an attempt at vendor fraud.
Here are some of the best ways to detect cybercrime:
- Fraud awareness training: educate employees to spot the signs of cybercrimes and show them how to report their suspicions
- Multi-factor authentication: use remote verification methods to include passwords, biometrics, and one-time codes
- Use anti-virus software: not only should this protect your systems, but it will also flag when intruders are detected
How to prevent cybercrime
Cybercrime prevention can be achieved with the right cybersecurity measures, starting with due diligence and the fraud triangle.
Due diligence means you’re completing a thorough background check on anyone coming into contact with the business. This way, you’ll quickly figure out whether they are associated with a previous fraudulent history, and put you at higher risk of cybercrime.
SOX Law enables publicly traded companies in the US to report their Ultimate Beneficial Owners, and requires regulated companies to register their address and financial history. Alternatively, customer verification is also possible to prevent chargeback fraud – known as KYC.
Reducing the opportunities for fraudsters is also key. Do this by performing regular risk assessments to evaluate the vulnerabilities of a system. When organizations plug the chinks in their armor, they become much stronger against fraudsters.
It’s also important for businesses to add another layer of defense, with a platform like Trustpair to ensure that even if cybercrime happens, the financial effects will be blocked.
Trustpair allows companies to continuously monitor third parties, keep track of vendor data, and validate payments in real-time. Any requests for payments to suspicious or unknown third parties are blocked automatically, preventing fraudsters from accessing your finances.
Cybercrime is an umbrella term covering all internet-based illegal activities, from spyware and viruses to card fraud and a denial of service attack. The most common cybercrimes are phishing, ransomware, social media fraud, identity theft, and money laundering. Detect and prevent cybercrime with cybersecurity measures and an extra layer of defense like Trustpair.