As technology continues to evolve and Artificial Intelligence takes a more prominent role in many aspects of the modern world, cybercriminals and those trying to combat cybercrime have been raising their game. Cybercrime is becoming more sophisticated and emerging technologies are becoming ever more prevalent, paving the way for scammers to easily mask their malicious intent and target more victims. The lines between legitimate and malicious communication are becoming even more blurred, making it easier for criminals to stay ahead of the game and harder for victims to remain vigilant and protect themselves.
Phishing, deepfakes and social engineering
Until a few years ago, identifying a phishing email was easier than it is today. In the past, scam emails and SMSs contained numerous spelling and grammatical mistakes, salutations were rather generic, and fake URLs were easy to identify. Today AI is taking a more prominent role in cybercrime and the advent of deepfakes and social engineering is making malicious communication much harder to identify. Technology is bypassing spelling and grammatical mistakes and is making communication more personalised, with the receiver of the communication no longer greeted with generic and vague salutations. Letterheads, email templates, and websites are easier to copy, and scammers nowadays know their targets on a name and surname basis.
Vishing and smishing
Vishing (voice phishing) and smishing (SMS phishing) incidents are becoming increasingly popular. Spoofing technology is being used by scammers for messages to appear more legitimate. Scammers behind a vishing call or a smishing message, are using this technology so that victims will not be able to identify suspicious calls and smses. Until a few years ago, an unfamiliar number originating from a remote country would have immediately raised a red flag; potential victims used to think twice before answering the phone. Nowadays scammers have a deeper knowledge of the telephone numbers they are calling, whether these belong to a victim’s bank, postal agency, or government entity. Vishing calls are not limited to simple requests for bank details. Scammers now employ various tactics, from impersonating government officials to fabricating emergencies, all designed to elicit a sense of urgency and panic in their targets. Their ultimate goal is simple: theft – be it identity theft; monetary theft from bank accounts or credit cards; passwords; personal data and other valuable information.
Combating cybercriminals
Technology plays a crucial role on both sides of the spectrum. Just as cybercriminals are using technology in their favour, so are those who are constantly fighting cybercrime. Organisations nowadays are dialling up the security of information technology, with more robust infrastructures and systems being used to reduce the risks of data breaches and hacks. Laptops and smartphones have integrated firewalls and protection software, while network administrators can also restrict the usage of certain functionalities to further prevent end-users from accessing malicious websites and links.
However, prevention from scams does not rely solely on technology. Vigilance is key. Organisations need to continuously highlight the importance of adhering to cybersecurity procedures and raise awareness that cyber incidents are not to be taken lightly. Enabling strong passwords, multi-factor authentication, biometrics and other enhanced methods of protection can go a long way to prevent theft of data, identity, and millions in financial damages. Another form of protection is the so-called ‘online hygiene’ practice where companies and individuals alike, limit their online social interaction by removing personal information from websites. A simple self-search online might provide surprising insights into how much personal information is shared unwittingly. Regular reviews of social media and online accounts, deactivating accounts that are no longer in use, meticulous content sharing with trusted persons and separation of personal from professional accounts are all good practices of online hygiene.
From a consumer point of view, the same principles apply, and vigilance is again key to combating cybercrime. One should keep in mind some simple and basic tips to avoid being scammed:
■ When receiving a call or SMS always assume first that it might be malicious
■ Avoid giving out personal information to unverified third parties
■ If in doubt, call back the institution from your end using the genuine number obtained from official sources
■ Do not give details of passwords, account numbers, or credit card numbers
■ Do not click on unverified links
■ Do not fall for ‘urgent’ calls for action
■ Always check before taking any action
It is important to note that banks never ask their clients to make monetary transactions over the phone and neither do they ask for bank account numbers, passwords, PINs and any other sensitive information. Unsolicited requests to change a password, click on links or reply to emails with personal banking information should always be avoided when one is in doubt.
Cybercrime in the wider context of fraud
Cybercrime is only one form of modern-day illicit activity, forming part of a wider spectrum of fraudulent activity. Cybercrime leads to other forms of criminal activity, particularly in the financial sector such as money laundering, terrorism financing, bribery, and corruption. In the next part of this article, we shall be looking at fraud in this wider sense, analysing the flow of illicit funds generated through fraudulent activity.
Research and information by John Zammit, Information Security Specialist at BOV. Issued by Bank of Valletta p.l.c., 58, Triq San Zakkarija, Il-Belt Valletta VLT1130. Bank of Valletta p.l.c. is a public limited company regulated by the MFSA and is licensed to carry out the business of investment services in terms of the Investment Services Act (Cap. 370 of the Laws of Malta).