Experts warn of increased scams using technological advances | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Listen to this article

As cybersecurity experts and government agencies work to battle fraud in the digital age, one of the best doses, it turns out, could just be a healthy dose of skepticism.

On Feb. 19, industry leaders in cybersecurity gathered at the Boise Centre to discuss the advancements in technology, the criminal activities that take advantage of the latest inventions, and what’s being done to combat the ever-increasing threat of fraud.

Though the conference, titled Protecting Consumers in the Digital Age and presented by the Idaho Financial Innovation Labs, focused on several different aspects of digital security measures, the legal and financial aspects of threats, and what consumers can do to stay safe, the real battle takes place on a daily basis beyond the four walls of a venue.

The rise of technology use

According to John Yaros, bureau chief for the Securities division of Idaho Department of Finance, nine in 10 Americans are using some form of financial technology such as Netflix or Amazon. That’s about 88% of the population.

“Obviously, COVID acted as a catalyst for this because, prior to that, it was about six in 10 Americans using financial technology,” Yaros said during opening remarks at the conference. “So, we’ve seen a big jump.”

He went on to say there is about a 95% participation rate with technology from Generation Z, “but we’ve really seen the growth in baby boomers recently.” Seventy-nine percent of baby boomers are currently using some form of financial technology or “FinTech.”

Yaros pointed out that 94% of financial executives believe fintech will improve customer experience and improve revenues. That being the case, more financial institutions are hiring FinTech staff and 85% of financial services companies are currently using some form of artificial intelligence in their operations, products and services.

The downside of technology

As with any invention that has its useful benefits, someone will find a way to exploit it and use it for nefarious means. After all, Alfred Nobel, the inventor of the Nobel Peace Prize, invented dynamite, a tool for helping people build and mine.

Among the various crimes people can fall victim to by bad actors using technology, identity theft and fraud were the highest. According to a report issued by the Insurance Information Institute, the FBI’s 2022 Internet Crime Report stated there were 800,944 complaints of cyber-crime reported to the agency that year. That number was down 5% from 2021, however total potential loss, the reported state, increased to $10.2 billion in 2022 compared to $6.9 billion in 2021.

In 2022, the Federal Trade Commission received 5.1 million complaints, 46% of which were for fraud and 21% were for identity theft. The FTC reported that credit card theft accounted for 43.7% of identity thefts and 28.1% were miscellaneous identity theft “which includes online shopping and payment account fraud, email and social media fraud and other identity theft.”

Idaho ranked 38th out of the 50 states, Washington D.C. and Puerto Rico of reports of identity theft, according to the FTC, with 2,225 cases being called in.

In 2023, the number of complaints the FTC received rose to 5.4 million. In Idaho, $40.6 million was lost to fraud through 9,829 reports made to the FTC. Millenials and Gen Zers had the highest number of complaints at 44%, according to Richard Szuch, an attorney specializing in finance law and the former New Jersey Bureau of Securities Enforcement chief.

“The age group 20 to 29 was responsible for 44% of the complaints submitted to the FTC, age group 70 to 79 was responsible for 24% of the complaints, about half,” Szuch said. “So, our millennial kids and even younger, Gen Z, they lack financial literacy, they aren’t as suspecting as they should be, they are going to inherit a … ton of money over the next few decades, and that’s a real problem for everybody.”

Those generations are an easier target, he pointed out, because younger generations are more absorbed in phones and other technology, doing everything quickly and not focused on potential threats.

Crime organizations are using technology to steal people’s money by way of romance scams, tax refund scams and in the extreme cases, impersonation ― using AI tools to use the voices of their loved ones, making them believe, for instance, a son or daughter are in dire straits and need money immediately to get out of a jam.

Two Texas firms were recently shut down by authorities after they used AI to clone President Joe Biden’s voice and spread misinformation through robocalls.

In Britain, law-enforcement agencies have infiltrated and disrupted LockBit, arresting two people involved with the prolific ransomware syndicate that has extracted $120 million from thousands of victims around the world, British, American and European officials said Feb. 20.

Britain’s National Crime Agency said it led an international operation targeting LockBit, which provides ransomware as a service to so-called affiliates who infect victim networks with the computer-crippling malware and negotiate ransoms.

The operation resulted in the arrests of two people in Poland and Ukraine, officials said at a joint press conference. The U.S. Justice Department, meanwhile, unsealed indictments against two more people, both Russian nationals. Authorities said they gained “comprehensive access” to LockBit’s systems by taking control of the gang’s infrastructure and seizing their source code.

“We know AI is going to be key for cybersecurity as we move forward in terms of identifying threats as they come through, but the bad actors are also going to be using it, right?” Yaros said. “They’re going to use it to identify threats and new vulnerabilities throughout, so we could see an increase in hacks and breaches as a result of it.”

Identifying threats

Justin Feffer, a private practice attorney based in Idaho and California, specializing in cybersecurity, privacy and compliance, said the No. 1 recorded loss is from investment schemes. More than $3 billion in losses are reported on average. He added that investment crimes are vastly unreported due to the fact that, in most cases, it’s senior citizens who are being duped. They don’t report the crimes for fear of having loved ones take control of their finances.

Ed Vasko, director of the Institute for Pervasive Cybersecurity Research and Economic Development at Boise State University, moderates a panel discussion at the conference entitled “Cybersecurity Expectations vs. Reality: Balancing Protecting & Serving Consumers.” (PHOTO: Marc Lutz, IBR)
Ed Vasko, director of the Institute for Pervasive Cybersecurity Research and Economic Development at Boise State University, moderates a panel discussion at the conference entitled “Cybersecurity Expectations vs. Reality: Balancing Protecting & Serving Consumers.” (PHOTO: Marc Lutz, IBR)

Another scheme, compromised business emails, accounts for an annual loss of $2.7 billion, Feffer said. It’s a technique whereby suspects “insert themselves into a financial transaction through the use of a compromised email account, typically, and then they impersonate the person giving the wire instructions for funding of the transaction, and they substitute in the account information for an account that they control.”

And yet another scheme that most people might not consider is one of tech support, leading to a loss of around $800 million annually. It’s a scheme Feffer witnessed first-hand.

Feffer was on a call with a friend who happens to be a retired Los Angeles Police Department detective. The friend said he couldn’t talk with him because he had a call on the other line with someone reporting to be from Microsoft, telling him there was a problem with his computer, and they were calling to help him fix it.

“I’m like, ‘Richard, that’s not tech support. Hang up on them and I’ll help you deal with this,’” Feffer said. “He said, ‘No, no.’ He’s insisting he knows what to do. At the time, I was the commanding officer of the L.A. County District Attorney’s office cybercrimes investigations section. And I’m telling him, ‘Richard, this is a fraud. Microsoft is not calling you to give you help on your computer.’ And he wouldn’t believe me. He hung up on me. … This is what we’re up against.”

In Idaho in 2023, imposter scams accounted for the largest number of reported incidents at 20% or 3,354 reports. Identity theft came in second at 13% or 2,223 reports. Other scams reported were online shopping, prizes, sweepstakes, lotteries and a litany of others.

Solving the problem

As technologies emerge, one of the biggest challenges is keeping up with the crimes that emerge with them.

“Government is always going to be a step behind,” Yaros said. “The goal is not to be significantly behind but less than that. Because, if we investigate something ― we may even identify something we think could be a vulnerability ― but it’s pretty much a false positive at that point until [a crime] actual happens.”

Policymakers can’t introduce legislation, he pointed out, until they know what they’re trying to legislate, and advancing tech sometimes makes it hard to predict what threats will be even five years from now.

Funding also becomes an issue. Yaros said for the resources, like a tracing transaction analysis tool, to investigate the crimes, the Department of Finance would need about $50,000.

Ed Vasko, director of the Institute for Pervasive Cybersecurity Research and Economic Development at Boise State University, pointed out that the technology is neutral but is being used as a tool by businesses and people with good intentions and by people looking to do harm and doing so outside the reach of the law.

“[Technology] when put into the hands of somebody who wants to be a bad actor, [is] purposely going to be used for bad uses,” Vasko said. “The best example would be cyber-criminal organizations that are outside of extradition zones. Now we’re in a gray space from a legal standpoint, but they’re able to use the proliferation of the internet and the ubiquitousness of the internet to their advantage.”

One of the issues is a shortage of experienced workforce in the tech sector, he said. And though there are a lot of people getting an education and entering the tech sector workforce, it may not be enough.

“Seventy-three percent of financial institutions say they don’t have the digital technology talent that they need,” Yaros added. “By 2030, they’re expecting it to be about a 6-million-person shortage of the workforce and lead to $8.5 trillion in lost value and increased crime because you can’t cover it.”

The not-so common solution

Attendees at the Protecting Consumers in the Digital Age conference listen to a panel discussion during the event. (PHOTO: Marc Lutz, IBR)
Attendees at the Protecting Consumers in the Digital Age conference listen to a panel discussion during the event. (PHOTO: Marc Lutz, IBR)

Since many criminals act on urgency, trying to panic their victims into handing over their money, the best defense oftentimes can be using plain old common sense, Yaros said.

“A lot of it is thinking through: Does this make sense?” he said. “A lot of these campaigns aren’t even that sophisticated … phishing is still the No. 1 way of getting somebody, but at the end of the day, it comes down to clicking links and thinking twice.”

Though experts advise using methods such as updating passwords and using two-factor authentication among others, sometimes doubt can be the best tool in the moment.

In the case of vocal impersonation scams, people need to look at the phone number they’re being called from. Does it match the supposed person’s number in their contact list? They may want to call that person’s actual number to confirm the call is coming from them before making any decisions.

Kim Jones, a 37-year veteran of the cybersecurity sector and director of Performance Acceleration with Intuit, spends what he calls his third career educating the next generation of cybersecurity workforce. His opinion is that a lot of harm could be avoided if people stayed alert.

“If you look at the actions being taken, a lot of it is just that clicking on the link, the phishing,” Jones said. “A lot of it boils down to, I would say, healthy skepticism. If you think that you are exhibiting healthy skepticism, you’re probably not. Be more skeptical.”

The Associated Press contributed to this report.


Click Here For The Original Source.

National Cyber Security