Watching the Watchers: $12 Trillion in CyberCrime This Year Alone

New FBI Warning Highlights Latest Ways Cyber Thieves Steal Your Identity and Money – and How You Can Stop Them

​The FBI is issuing a new warning that cybercriminals are now focusing on impersonating employee self-service websites – such as payroll services, unemployment programs, and health savings accounts – with the goal of stealing your money through fraudulent wire payments or redirecting payments.
 
You might notice your service’s website on an ad, or find it in an email or a link, without noticing the slight difference in the URL that marks it as a digital clone. Such a scam site will ask you for your credentials to gain access. A self-described representative from a bank or some other service may call you to “confirm” your one-time passcode.
 
Don’t fall for it. The FBI recommends that you take the following precautions:
 

• Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious URL may be similar to the legitimate URL, but with minor, hard-to-spot typos. Such a malicious ad may redirect you to a phony, phishing website that appears identical to the legitimate site.

 

• Instead, try typing a business's URL directly into an internet browser address bar to access the official website instead of searching for it in a search engine.

 

• Or try using “Bookmarks” or “Favorites” for navigating to login websites rather than clicking on Internet search results or advertisements. Multi-factor authentication will not protect you if you land on a fraudulent login page.

 

• Make good use of an ad blocking extension from your browser when performing internet searches. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking ads from others.

 

• If your account requires multi-factor authorization, be aware that cybercriminals may use social engineering techniques to obtain access to accounts, including calling you and pretending to be a bank employee or technical support to obtain a one-time passcode.

 
Skip Sanzeri, a strategic advisor at iValt, surveys in Forbes all the reasons that you are probably insufficiently paranoid about being cleaned out by a cyber thief.
 
“Thanks to ever-increasing online access and connectivity, AI, and quantum computing, it is increasingly difficult for legitimate businesses and sites to know the true identity of users accessing their systems. Think in terms of deepfakes, where video and audio can be created to mimic the real user. And since our daily activities, thoughts and preferences are tracked and stored, data is available everywhere on all of us. Any person or system from anywhere in the world can access nearly any information on government or corporate systems due to our pervasive use of the Internet, leading to predictions from groups like Forrester that cybercrime could cost up to $12 trillion this year alone.”
 
Sanzeri concludes that the current system, which relies on passwords, logins, two-factor identification and even tokens, is not enough. He suggests a deeper reliance on biometrics, machine ID (mobile phones and other devices for authentication), geofencing your location, and “time-bounding,” in which you limit your access to, say, a payroll or brokerage account to a specific time, every time.
 
All of these practices add one more data point for cybercriminals to have to know in order to be a convincing impersonator. Of course, biometrics and geofencing come at a cost to your privacy. And with advances in computing, it won’t be long before cybercriminals learn to use those as well.
 
The dispiriting reality is that there is no way to seal off all possibility of fraud. This is a never-ending footrace between consumers and cybercriminals. But if you take every precaution, the odds are you will not be the next mark.

DONATE & HELP US PROTECT YOUR PRIVACY RIGHTS