Europol Warning: 15 Ways To Become A Cybercrime Victim

From ransomware through to crypto-currency scams, Europol says it wants to stop criminals from making you a victim.
 
Europol has warned of 15 ways in which people can fall prey to cyber criminals as it launched a report on the dangers of the web. The report, the fifth annual Internet Organised Crime Threat Assessment (IOCTA), was presented at the Interpol cybercrime conference in Singapore last week. 
 
Europol described the report as offering "a unique law enforcement view of the emerging threats and key developments in the field of cyber-crime over the last year".
 
It added that the assessment "describes anticipated future threats" and "only has one goal in mind - to stop cybercriminals from making you their next victim."
 
1  .  Ransomware
Ransomware - malicious software that encrypts your computer and demands a ransom to make the files accessible - has become a standard attack tool for cyber criminals.
Europol is warning that criminals are moving from random ransomware attacks, such as the WannaCry attack which hit the NHS, to specifically targeting companies and individuals who might be able to pay larger ransoms.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
2  .  Mobile malware
Europol warns that malware for mobile phones is likely to grow as people shift from online to mobile banking.
How to protect yourself?
  • Check apps are legitimate before installing them
  • Use a reputable mobile anti-virus program
3  .   Stealthy malware
Europol warns that cyber-attacks have become increasingly stealthy and harder to detect.
Attacks using so-called "fileless" malware are increasingly common. This malware doesn't write itself onto the victim computer's hard-drive, but only exists in parts of the computer memory, such as the RAM.
How to protect yourself?
  • Keep your computer software updated.
  • Be wary of using macros in office programs.
4  .  Extortion
The EU's new General Data Protection Regulation (GDPR) introduces severe financial sanctions, up to 4% of global turnover, for companies that fail to protect users' privacy.
GDPR requires that data breaches are reported within 72 hours, and Europol warns that criminals may try to extort organisations because of this.
"While this is not new, it is possible that hacked companies will prefer to pay a smaller ransom to a hacker for non-disclosure than the steep fine that might be imposed by the authorities."
How to protect yourself?
  • Never pay extortion attempts without contacting the authorities first
5  .  Data for data's sake
Europol warns that the motive behind a lot of network intrusions is the illegal acquisition of data.
This data could be used for a variety of purposes, from developing leads for phishing or payment fraud, through to commercial or industrial espionage.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
6  .    DDoS
Distributed Denial of Service (DDoS) attacks are very unsophisticated and involve sending so many requests to a network resource that it is overloaded and can't respond to any of them. There are tools widely available allowing unskilled individuals to launch these attacks, and there are limited ways to protect against them because of the way the Internet is engineered.
Fortunately, DDoS attacks can't steal data or cause any damage beyond making a website or Internet resource unavailable.
 
7  .   Social engineering
Social engineering describes a form of attack in which someone exploits human traits, such as kindness or compassion, as part of a cyber-attack. The famous Nigerian prince scams are a form of social engineering fraud.
Europol warns that West African fraudsters are likely to have a more significant role within the EU in the future, as Africa continues to have the fastest growing internet usage globally.
How to protect yourself?
  • Always remember that if it seems too good to be true, it probably is.
8   .   Crypto-Criminality
There are a range of cryptocurrency crimes taking place, according to Europol, and cyber-attacks which historically targeted financial instruments are now targeting cryptocurrency users and businesses. 
Crypto-mining has been exploited by financially motivated cyber criminals, who for instance hack legitimate websites to crypto-jack users visiting those sites - hijacking their CPU power to mine more of the currency.
How to protect yourself?
  • Use a legitimate browser plug-in to avoid running java-script on unfamiliar web pages.
 
9  .  Privacy-oriented Crypto-Currencies
Europol states that it expects "a more pronounced shift towards more privacy-oriented currencies" and said "an increase in extortion demands and ransomware in these currencies will exemplify this shift".
How to protect yourself?
  • Report all extortion attempts to the authorities
  • Keep your software updated to avoid ransomware
10  .   Volume of child abuse material
The volume of child sexual abuse is growing to levels "that were unimaginable ten years ago" according to Europol, "partly because of the growing number of young children with access to internet-enabled devices and social media".
How to react? 
  • Seeing images and videos of child sexual abuse can be upsetting, but the right thing to do is report it to the Internet Watch Foundation here. Your report could lead to the rescue of a young victim from further abuse.
11.  Self-generated material
A large amount of child sexual exploitation material is self-generated. These images are often initially produced and shared voluntarily by young people, but end up in the hands of online child sex offenders. Offenders have also obtained images through sexual extortion.
How to protect yourself and others?
  • Educate children about the risks of sharing nude images online and encourage them to report any harassment or extortion attempts to a responsible adult.
12  .   The "Darknet"
Europol says that offenders are continuously seeking new ways to avoid detection from law enforcement, including by using anonymisation and encryption tools - and in some cases even the Bitcoin blockchain.
Almost all of this material is available on the open internet, but very extreme material can be found on hidden services that can only be accessed on the "Darknet" according to Europol.
How will they catch these criminals?
 
  • The widespread use of encryption on the web today has repeatedly been described as an issue for law enforcement, security, and intelligence agencies.
  • According to a report by Parliament's Security and Intelligence Committee, in 2016 GCHQ was engaged in a major ongoing project called FOXTROT, which was designed "to increase GCHQ's ability to operate in an environment of ubiquitous encryption".
13  . Live streaming
Live streaming of child sexual abuse is a very difficult crime to investigate. Europol states: "It often leaves few forensic traces and the live streamed material does not need to be downloaded or locally stored."
It has been on the rise for some years as video streaming technology has improved.
This form of abuse "will most likely move to other parts of the world, where legislation and law enforcement are not always able to keep up with the rapid developments in this area," warns Europol.
How to tackle it?
  • Internet businesses currently use the Child Abuse Image Database, which contains 30 million cryptographic hashes (digital fingerprints that can be used to identify files) to automatically detect when someone attempts to upload a known indecent image to their platforms.
However, this form of filtering is unable to capture new indecent images that haven't been reported before - nor can it address child abuse material which is being streamed. Sajid Javid, the home secretary, has pledged £250,000 towards the development of technologies which can detect live-streamed abuse.
 
14  .  Skimming
Credit card skimming is still successful as magnetic stripes on cards continue to be used. The presence of cameras alongside chip and pin skimmers can also allow criminals to capture the PIN alongside their attempts to clone the chip.
How to protect yourself?
  • Check instant payments on your banking app to be aware of fraud attempts
  • Make sure you cover your PIN when at an ATM
15  .  Telecommunications fraud
Fraudsters on the phone is an old but growing trend in fraud involving non-cash payments. Fraudsters can pretend to be from financial institutions or banks when attempting to collect details from you.
How to protect yourself?
  • Never hand out financial information, including card details, over the phone
  • Always double-check that someone claiming to be a representative from your bank is a real person, and call them back on a publicly listed number
Europol's executive director Catherine De Bolle said: "Cyber-Crime cases are increasingly complex and sophisticated. 
 
"Law enforcement requires additional training, investigative and forensic resources in order to adequately deal with these challenges. 
"The policing opportunities arising from emerging technologies, such as big data analytics and machine learning, need to be seized. 
"Europol will continue its efforts to enhance co-operation with international law enforcement and government agencies, tech companies, academia and other relevant stakeholders. Only if we do this, can cyber-crime be combated effectively."
 
The European commissioner for the security union, Sir Julian King, concluded: "As the report shows, Europe is still faced with a range of security threats from terrorism and cyber.
 
"We will continue to take decisive action, with the support of Europol, to tackle these threats, through our proposals on terrorist content online, electronic evidence and on election security, and through our cyber security strategy."
 
Europol:       Sky
 
You Might Also Read: 
 
Cyber Criminals Are Outspending Business:
 
 
 
 
« Former MI5 Chief Wants Retaliatory Attacks On Russia
British Government Is Planning Internet Regulation »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Seagate Technology

Seagate Technology

Seagate data storage systems are purpose-built for enterprise and data centre performance, scalability, reliability and security.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Zamna

Zamna

Zamna (formerly VChain Technology) is an award-winning software company building GDPR compliant identity platforms for the aviation industry.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.