Europol Warning: 15 Ways To Become A Cybercrime Victim

From ransomware through to crypto-currency scams, Europol says it wants to stop criminals from making you a victim.
 
Europol has warned of 15 ways in which people can fall prey to cyber criminals as it launched a report on the dangers of the web. The report, the fifth annual Internet Organised Crime Threat Assessment (IOCTA), was presented at the Interpol cybercrime conference in Singapore last week. 
 
Europol described the report as offering "a unique law enforcement view of the emerging threats and key developments in the field of cyber-crime over the last year".
 
It added that the assessment "describes anticipated future threats" and "only has one goal in mind - to stop cybercriminals from making you their next victim."
 
1  .  Ransomware
Ransomware - malicious software that encrypts your computer and demands a ransom to make the files accessible - has become a standard attack tool for cyber criminals.
Europol is warning that criminals are moving from random ransomware attacks, such as the WannaCry attack which hit the NHS, to specifically targeting companies and individuals who might be able to pay larger ransoms.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
2  .  Mobile malware
Europol warns that malware for mobile phones is likely to grow as people shift from online to mobile banking.
How to protect yourself?
  • Check apps are legitimate before installing them
  • Use a reputable mobile anti-virus program
3  .   Stealthy malware
Europol warns that cyber-attacks have become increasingly stealthy and harder to detect.
Attacks using so-called "fileless" malware are increasingly common. This malware doesn't write itself onto the victim computer's hard-drive, but only exists in parts of the computer memory, such as the RAM.
How to protect yourself?
  • Keep your computer software updated.
  • Be wary of using macros in office programs.
4  .  Extortion
The EU's new General Data Protection Regulation (GDPR) introduces severe financial sanctions, up to 4% of global turnover, for companies that fail to protect users' privacy.
GDPR requires that data breaches are reported within 72 hours, and Europol warns that criminals may try to extort organisations because of this.
"While this is not new, it is possible that hacked companies will prefer to pay a smaller ransom to a hacker for non-disclosure than the steep fine that might be imposed by the authorities."
How to protect yourself?
  • Never pay extortion attempts without contacting the authorities first
5  .  Data for data's sake
Europol warns that the motive behind a lot of network intrusions is the illegal acquisition of data.
This data could be used for a variety of purposes, from developing leads for phishing or payment fraud, through to commercial or industrial espionage.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
6  .    DDoS
Distributed Denial of Service (DDoS) attacks are very unsophisticated and involve sending so many requests to a network resource that it is overloaded and can't respond to any of them. There are tools widely available allowing unskilled individuals to launch these attacks, and there are limited ways to protect against them because of the way the Internet is engineered.
Fortunately, DDoS attacks can't steal data or cause any damage beyond making a website or Internet resource unavailable.
 
7  .   Social engineering
Social engineering describes a form of attack in which someone exploits human traits, such as kindness or compassion, as part of a cyber-attack. The famous Nigerian prince scams are a form of social engineering fraud.
Europol warns that West African fraudsters are likely to have a more significant role within the EU in the future, as Africa continues to have the fastest growing internet usage globally.
How to protect yourself?
  • Always remember that if it seems too good to be true, it probably is.
8   .   Crypto-Criminality
There are a range of cryptocurrency crimes taking place, according to Europol, and cyber-attacks which historically targeted financial instruments are now targeting cryptocurrency users and businesses. 
Crypto-mining has been exploited by financially motivated cyber criminals, who for instance hack legitimate websites to crypto-jack users visiting those sites - hijacking their CPU power to mine more of the currency.
How to protect yourself?
  • Use a legitimate browser plug-in to avoid running java-script on unfamiliar web pages.
 
9  .  Privacy-oriented Crypto-Currencies
Europol states that it expects "a more pronounced shift towards more privacy-oriented currencies" and said "an increase in extortion demands and ransomware in these currencies will exemplify this shift".
How to protect yourself?
  • Report all extortion attempts to the authorities
  • Keep your software updated to avoid ransomware
10  .   Volume of child abuse material
The volume of child sexual abuse is growing to levels "that were unimaginable ten years ago" according to Europol, "partly because of the growing number of young children with access to internet-enabled devices and social media".
How to react? 
  • Seeing images and videos of child sexual abuse can be upsetting, but the right thing to do is report it to the Internet Watch Foundation here. Your report could lead to the rescue of a young victim from further abuse.
11.  Self-generated material
A large amount of child sexual exploitation material is self-generated. These images are often initially produced and shared voluntarily by young people, but end up in the hands of online child sex offenders. Offenders have also obtained images through sexual extortion.
How to protect yourself and others?
  • Educate children about the risks of sharing nude images online and encourage them to report any harassment or extortion attempts to a responsible adult.
12  .   The "Darknet"
Europol says that offenders are continuously seeking new ways to avoid detection from law enforcement, including by using anonymisation and encryption tools - and in some cases even the Bitcoin blockchain.
Almost all of this material is available on the open internet, but very extreme material can be found on hidden services that can only be accessed on the "Darknet" according to Europol.
How will they catch these criminals?
 
  • The widespread use of encryption on the web today has repeatedly been described as an issue for law enforcement, security, and intelligence agencies.
  • According to a report by Parliament's Security and Intelligence Committee, in 2016 GCHQ was engaged in a major ongoing project called FOXTROT, which was designed "to increase GCHQ's ability to operate in an environment of ubiquitous encryption".
13  . Live streaming
Live streaming of child sexual abuse is a very difficult crime to investigate. Europol states: "It often leaves few forensic traces and the live streamed material does not need to be downloaded or locally stored."
It has been on the rise for some years as video streaming technology has improved.
This form of abuse "will most likely move to other parts of the world, where legislation and law enforcement are not always able to keep up with the rapid developments in this area," warns Europol.
How to tackle it?
  • Internet businesses currently use the Child Abuse Image Database, which contains 30 million cryptographic hashes (digital fingerprints that can be used to identify files) to automatically detect when someone attempts to upload a known indecent image to their platforms.
However, this form of filtering is unable to capture new indecent images that haven't been reported before - nor can it address child abuse material which is being streamed. Sajid Javid, the home secretary, has pledged £250,000 towards the development of technologies which can detect live-streamed abuse.
 
14  .  Skimming
Credit card skimming is still successful as magnetic stripes on cards continue to be used. The presence of cameras alongside chip and pin skimmers can also allow criminals to capture the PIN alongside their attempts to clone the chip.
How to protect yourself?
  • Check instant payments on your banking app to be aware of fraud attempts
  • Make sure you cover your PIN when at an ATM
15  .  Telecommunications fraud
Fraudsters on the phone is an old but growing trend in fraud involving non-cash payments. Fraudsters can pretend to be from financial institutions or banks when attempting to collect details from you.
How to protect yourself?
  • Never hand out financial information, including card details, over the phone
  • Always double-check that someone claiming to be a representative from your bank is a real person, and call them back on a publicly listed number
Europol's executive director Catherine De Bolle said: "Cyber-Crime cases are increasingly complex and sophisticated. 
 
"Law enforcement requires additional training, investigative and forensic resources in order to adequately deal with these challenges. 
"The policing opportunities arising from emerging technologies, such as big data analytics and machine learning, need to be seized. 
"Europol will continue its efforts to enhance co-operation with international law enforcement and government agencies, tech companies, academia and other relevant stakeholders. Only if we do this, can cyber-crime be combated effectively."
 
The European commissioner for the security union, Sir Julian King, concluded: "As the report shows, Europe is still faced with a range of security threats from terrorism and cyber.
 
"We will continue to take decisive action, with the support of Europol, to tackle these threats, through our proposals on terrorist content online, electronic evidence and on election security, and through our cyber security strategy."
 
Europol:       Sky
 
You Might Also Read: 
 
Cyber Criminals Are Outspending Business:
 
 
 
 
« Former MI5 Chief Wants Retaliatory Attacks On Russia
British Government Is Planning Internet Regulation »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Sophos

Sophos

Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats.

QA Systems

QA Systems

QA Systems provides software testing solutions for safety and business critical sectors and software safety and security standards.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

Ammune.ai

Ammune.ai

Ammune.ai (formerly L7 Defense) helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Robert Walters

Robert Walters

Robert Walters is one of the world's leading global specialist professional recruitment and recruitment process outsourcing consultancies.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Cygenta

Cygenta

Cygenta brings a new approach to cybersecurity. We understand that true security means having digital, human and physical security working in harmony.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

StrongBox.Academy

StrongBox.Academy

StrongBox.Academy provides cybersecurity training courses that are tailored to the specific needs and challenges of the industry.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.