Just in time for holiday shopping, experts are warning of an expected surge in cybercrime that is projected to increase for the next five years. Already, according to the FBI, losses from this type of crime have increased by more than $2 billion in 2021 over the previous year. That number is only going to climb as a result of the COVID pandemic, increasing access to the internet, new technology, and more at-home workers, according to experts.
Statista’s Cybersecurity Outlook estimates “the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027.” The report continued, its analysts explaining how the pandemic has made cyber-attacks easier: “The COVID-19 crisis led to many organizations facing more cyberattacks due to the security vulnerability of remote work as well as the shift to virtualized IT environments, such as the infrastructure, data, and network of cloud computing.”
TechGenix said that the newest dangers aren’t really new. “However, the opportunity for cybercriminals to find and exploit soft targets has increased with the switch to working online,” the tech media outlet explained. “Now, the industry must get up to speed and improve cybersecurity overall.” In March, Statista informed that the “costliest crime recorded by the FBI was business email compromise and personal email compromise,” which targets victims that use wire transfers. “In 2021, almost $2.4 billion were lost this way.”
Cybercrime Continues to Change
Simpler hacks seem to be the prevalent method. The most common types of cybercrime in 2022 follow three trends, according to TechGenix:
- Huge focus on crypto.
- More distributed attacks on smaller companies.
- Increased diversity in identity theft scams.
As technology evolves, so do cybercrooks and their crimes, but using old tricks and methods and revamping them for today’s world is still popular. Malware (viruses), phishing, and ransomware have been around for years, yet they are still favored by criminals. According to FinancesOnline, the leading organizations that were impersonated by phishers worldwide were:
- Microsoft: 13%
- Google: 11%
- Facebook: 10%
- Apple: 10%
- PayPal: 6%
What to Look Out for During the Holidays
This is the season for sharing and giving, but it is also a time for hacking and stealing. Crime rises during this time of year, and not just in cyberattacks – murder, domestic abuse, and burglary also increase. The FBI warns that holiday scams affect thousands of victims, and most of these include online shopping, identity theft, and auction fraud.
The agency’s Internet Crime Report 2021 showed that “non-payment or non-delivery scams cost people more than $337 million” and “Credit card fraud accounted for another $173 million in losses.” A non-delivery scam, as the name suggests, is where a buyer purchases something and it is never delivered. A non-payment crime works in reverse; goods or services are shipped, but the seller is never paid.
Another huge scam to be on the lookout for is gift-card fraud. Many victims fall prey to purchasing gifts using a pre-paid card only to find their money stolen from the card.
Scammers Getting Scammed
It’s nice to know that we aren’t the only targets of cybercrime – scammers get scammed, too. Call it karma, if you will, but it’s true. Not only are they getting hit with the same crimes they’re trying to commit, but these cybercriminals are also reporting what has happened, which, in many cases, has enabled authorities to unravel their unscrupulous operations.
(Photo by Lino Mirgeler/picture alliance via Getty Images)
“Cybercriminals using hacking forums to buy software exploits and stolen login details keep falling for cons and are getting ripped off thousands of dollars at a time,” Wired reported. “And what’s more, when the criminals complain that they are being scammed, they’re also leaving a trail of breadcrumbs of their own personal information that could reveal their real-world identities to police and investigators.”
Yes, there are black markets for hackers, too, and this is where a lot of this activity happens. In April, Matt Wixey, a researcher with Sophos X-Ops, looked at three of the most popular cybercrime forums: Exploit and XSS (Russian-language forums), and BreachForums from the US. These sites have “arbitration” rooms where scammers can complain they’ve been scammed.
Here are a couple of the complaints, that, while they may seem like justice served, are also rather alarming when one considers some of the crimes the “victims” were planning. On Exploit, a member complained they had provided someone with a Windows kernel exploit for $130,000. The buyer said they needed to test the software to make sure it worked first and then never paid. In BreachForum, an account claimed someone tried to sell them Facebook data that was already public.
Criminals, by nature, are usually cautious. This is especially true for cybercrooks who understand and take advantage of internet vulnerabilities. However, because they have to prove their claims, “they often share screenshots containing more personal information than they may have intended.” The company Sophos said this is a “treasure trove” of data that includes all sorts of personal data such as cryptocurrency and email addresses, victims’ names, transaction IDs, and more. “In one scamming complaint,” Wired reported, “a user shared a screenshot that showed someone’s Telegram usernames, email addresses, Jabber chat names, plus Skype and Discord usernames.” In some cases, Wixey said he saw “details of victims that the cybercriminals had targeted.”
With cybercrime expected to significantly increase in the coming years, this can be some good news. Most cybercriminals don’t use their real names, so it can be difficult, and sometimes impossible, to track them. “They typically employ pretty good operational security,” Wixey said, “but with scam reports, that’s not so much the case. So much of this stuff is just not available anywhere else on these marketplaces.”
