Delving Into Cybercriminal Tactics
The FBI’s Internet Crime Complaint Center (IC3) provides the public with a reliable way to report information concerning suspected Internet-facilitated criminal activity. Since its inception in 2003, IC3 has logged nearly 5 million complaints, with an average of 340,000 per year.
Based on these complaints, they compile their annual Internet Crime Report to show citizens how cybercriminals operate and how the most common cybercrime threats can be mitigated. After all, cybersecurity is all about what you know – are you aware of the ways that cybercriminals attack unsuspecting users?
Every Type Of Cybercrime-Based Complaint Logged By The FBI In 2019
The better you understand the threats posed to you, the less likely you’ll be a victim:
- Overpayment: The target is sent a payment/commission and is told to hold on to a portion of the payment and send the remainder to another individual or business.
- Advanced Fee: The cybercriminal tells the target that they have qualified for a large financial loan or have won a large financial award. In order to access the funds, the target must first pay the cybercriminal taxes or fees. The target pays the fee and is never given any further info or access to funds.
- Business Email Compromise/Email Account Compromise: A social engineering technique used by cybercriminals in which they pose as a business or member of a business in order to execute fraudulent payments.
- Charity: Cybercriminals create fake charities, often in the wake of natural disasters or highly publicized events, and take money from victims intending to make donations and support relief efforts.
- Confidence/Romance Fraud: The cybercriminal forms a false relationship with a target, either posing as a family member, friend, or romantic interest. They use the inherent trust in this relationship to get the target to send money, personal and financial information, or items of value.
- Corporate Data Breach: Private business data is compromised, either by being copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
- Denial of Service: This type of attack overloads a network/system with so many requests that it slows down or interrupts the service.
- Employment: Targets are made to believe that they are legitimately employed, and in the process, lose money or are tricked into laundering money/items while employed.
- Extortion: The conventional crime of extracting money or valuable goods through intimidation or undue exercise of authority.
- Government Impersonation: A cybercriminal poses as a government official in order to steal money or valuables.
- Hacktivism: Computer hacking activity performed in order to promote a social or political cause.
- Health Care Related: The cybercriminal attempts to defraud private or government health care programs with spam email, Internet advertisements, links in forums or social media, and fraudulent websites.
- IPR/Copyright and Counterfeit: The cybercriminal steals and uses others’ ideas, inventions, and creative expressions.
- Identity Theft/Account Takeover: The cybercriminal steals a target’s personal identifying information in order to commit fraud. Account Takeover occurs when the cybercriminal perpetrates fraud on a target’s existing accounts.
- Lottery/Sweepstakes/Inheritance: Targets are made to believe they are recipients for a lottery prize, sweepstakes prize, or inheritance, in order to collect a tax or fee from them.
- Malware/Virus: Malware and viruses are software designed to damage or disable computers and computer systems.
- Personal Data Breach: Personal data is compromised, either by being copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
- Phishing: Phishing (and all social engineering techniques) is about the element of surprise. It’s a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
- Ransomware: In a ransomware attack, a hacker gains access to an organization’s computer systems. Typically, an unsuspecting user clicks on an emailed attachment that appears to be a bill or other official document. In actuality, the attachment installs a malicious software program (malware) onto the computer system. Once embedded, the malware allows a hacker to access critical systems, often giving complete remote-control data and access.
- Spoofing: Spoofing is a method in which the cybercriminal makes a phone call or email appear as though it was sent from somewhere it wasn’t, such as a client’s, vendor’s, or even superior’s point of origin. Spoofing may be used to trick someone into downloading a virus or revealing confidential information.
- Social Media: Any instance of a cybercriminal using social media as a method to commit fraud.
- Tech Support: By posing as tech support claiming to help users with a compromised e-mail or bank account, a virus on a computer, or a software license renewal, cybercriminals can gain access to private information.
- Virtual Currency: Any complaint stemming from the use of virtual cryptocurrency (Bitcoin, Litecoin, or Potcoin, etc.) in a crime.
How Can You Protect Your Business Against These Cybercrime Methods?
The fact is that you probably can’t manage a comprehensive cybersecurity defense all on your own. At least, not effectively. That’s why assistance from an expert IT company is so valuable – Kraft Technology Group will help.
Our team will help you implement a range of robust security measures, deploying devices like firewalls, intrusion and gateway protection, and implementing best practices for patching and updates, and more. With our help, you don’t have to be worried about cybercrime in the legal industry.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.