3 Common Cybercrimes and How to Safeguard Against Them

Cybercrime has been a recurring theme in the media, gripping all but everyone – from governments, to banks, to schools. The World Economic Forum estimates that two billion data records were compromised in 2017, and more than 4.5 billion records were breached in the first half of 2018 alone. At NTUC LearningHub’s ‘Get Ready for Industry 4.0 Now!’ seminar in August 2019, we had Roy Zur, CEO of Cybint, speak about the cybercrime and cybersecurity industry. Cybint is an international Cyber Education leader, founded as a collaboration of military-trained cybersecurity and intelligence experts, industry professionals and well-seasoned educators. They provide training, certifications and learning solutions across the cyber-security and intelligence spectrum. At the seminar, Roy shared that cybercrime is expected to cost the global economy a whopping 1 trillion dollars in 2020. While there is no single solution that can fix the array of cybercrimes out there, here are three common types of cybercrimes and simple tips on protecting yourself:

Common Types of Cybercrimes

1. Phishing

Let’s start with the most common and successful cybercrime – Phishing. It involves tricking users into providing their usernames, passwords, and other personal information. Most phishing campaigns are performed by sending spam emails with links to malicious websites. The catch is that these websites look identical to authentic ones, leading to users keying in sensitive information that the hackers now possess and can use. Phishing emails will likely have a sense of urgency, asking you to click here or act right away – the offer is time limited. One of the biggest phishing scams of 2018, leveraged the World Cup in Russia and sent emails promising free World Cup tickets. The scam was so rampant in the US that the Federal Trade Commission even had to send an advisory to the public!

2. Ransomware

Next, we introduce Ransomware – a cybercrime that is much more threatening to your organisation than phishing. Unlike phishing, where you can avoid being hacked by not clicking on the email, a ransomware attack is more hostile. In a ransomware attack, hackers typically encrypt data, making them inaccessible. They threaten to publish confidential data they have seized or perpetually block access to it, unless a ransom is paid. Most ransomware spreads hidden within Word documents, PDFs and other files normally sent via email. Its threat is amplified by the fact that it could spread from an infected computer to other computers in the same network. In May 2017, a massive ransomware attack recorded 45,000 attacks in a staggering 99 countries. The NHS in UK was particularly crippled, incurring costs over $S150m. The attack was infamously known as Wannacry – named after the malicious software that exploits a vulnerability in Windows. The ransomware attacks don’t seem to be diminishing – this summer, more than 40 US cities were being held hostage for ransom, affecting libraries, public health systems and basic services like water and power.

3. Man-in-the-Middle (MITM) Attacks

The third most common type of cybercrime is something that every individual is vulnerable to – especially if you’ve ever connected to an unsecure Wi-Fi network. In man-in-the-middle attacks, a hacker secretly intercepts an individuals’ online communications. These attacks are like modern eavesdropping – they collect confidential information with a dangerous twist of modifying the information or transaction as well. Simple regular activities like connecting to unknown networks or downloading mobile apps to get access to free Wi-Fi is much riskier than you’d expect. Connecting to unsecure networks could allow hackers to view every password you enter or email you send and downloading applications could provide access to your location, camera and photos. All these could happen in the background, unbeknownst to you.

While we have introduced the common cybercrimes, these are but a drop in the ocean. Cybercriminals are constantly innovating, and it is difficult to predict what the next attack could look like. However, there are certainly steps that individuals and companies can take to protect themselves better. Especially since IBM estimates that 95% of cybercrimes involve human error! Here, we provide quick suggestions on how to avoid being victim to cybercrime:

1. Keep your software updated

The NHS was particularly afflicted during Wannacry because of its old software and systems. In fact, many companies could have avoided the wrath of the ransomware attack – Microsoft had released a patch for the Wannacry vulnerability in Windows 8 weeks before the attack but not everyone had updated their systems.

2. Be cautious of emails from unknown senders

It is best to activate your email’s anti-spam blocking feature and avoid opening any attachments you were not expecting. Report potential phishing emails so that others in the organisation can be alerted as well.

3. Enable two-factor authentication (2FA) for all accounts and online services

2FA uses two types of information to confirm your identity in order to grant you access to your online account. The first factor tends to be a password while the second factor tends to be a one-time password (OTP) from your mobile device or a token. The second layer of security ensures that even if a hacker obtains your password, he is unlikely to access your second factor of authentication that is time-based and one-time only, thereby protecting your account. 2FA also enhances security against MITM attacks as it becomes harder for attackers to intercept traffic or break encryption.

Roy warns of complacency and says, “Including Singapore, no company or country is immune to cyberwarfare,” – so like it or not, cybersecurity should now be at the top of the agenda for all of us. Roy also emphasises that there is a global skills gap in cybersecurity, and Bitglass’ research has shown that even Fortune 500 companies are insufficiently equipped for cybersecurity.

If you would like to find out more about how you can mitigate human error and safeguard yourself and your company, NTUC LearningHub, in partnership with Cybint, offers the Cybint Cyber Security Protection (CSPC) Program – a leading cyber security programme in the cyber education industry. NTUC LearningHub’s programmes are constantly updating to reflect the latest threats and trends to equip workers with the relevant skills for the dynamic cybercrime industry. Take the step to educate yourself and stand up against cyber threats now!

This year, NTUC LearningHub celebrates 15 years of transforming people through accessible and affordable education. Since 2004, we have fulfilled over 2.4 million training places and transformed over 21,000 organisations.

Regardless of collar, age or nationality, we are here to help you upgrade your skills to keep up with a rapidly changing workforce. For more information on how we can help, talk to our friendly Course Consultants at NTUC Trade Union House, Devan Nair Institute for Employment and Employability, LHUB@Tampines Mall or any of our roadshows islandwide.