Shore Up Your Cyber Defense

By now, most of us realize that a Nigerian prince is not actually contacting us out of a dire need for a deposit to free up a larger sum. Similarly, the notion that the IRS or Amazon is sending an email may be a laughable idea.

Of course, the scams were effective at one point, or their existence would not be common knowledge. Unfortunately, the reality is the scams have evolved alongside technology.

“Cybercrime is a significant concern in New Hanover County, just as the rest of the country,” says New Hanover County Sheriff Ed McMahon. “The sheriff’s office investigates cybercrime in the form of internet crimes against children, frauds, and cyber intrusions. These crimes are investigated swiftly and thoroughly by a team of highly trained personnel working in conjunction with state and federal partners. In addition to investigations, the New Hanover County Sheriff’s Office also has a skilled digital forensics team dedicated to locating and analyzing evidence on digital devices such as phones, computers, and even vehicles.”

The criminal activities falling under the umbrella of cybercrime take many forms. Identity theft, malware, phishing, ransomware, wire fraud, and data breaches are just a few examples.

Malware refers to malicious software designed to steal data, damage computers, or disrupt networks. A virus is a form of malware. It can destroy a website in minutes and/or gather personal information that results in identity theft.

In the past, phishing mostly referred to the use of email claiming to be from a reputable source with the intent of stealing passwords, personal or financial information. It has evolved to include the use of text and Facebook messages, which, in a new twist, may appear to be from a boss or trusted colleague asking the recipient to purchase gift cards on their behalf.

“Scammers often pose as government officials, bank representatives, charity organizations, phone companies — even family members,” says Angela Doughty, an attorney with Ward and Smith and a certified information privacy professional.

In a common new scam blending online data gathering with old-school tactics including the use of a landline, grandparents may receive a tearful phone call from a “grandchild” in jail, asking them to wire bail money. Foiling the criminal in a case such as this may be as simple as going inside to speak to a bank employee before pulling funds out of the ATM.

“Be skeptical and ask questions,” Doughty advises. “When in doubt, silence is golden — bad actors will move on if you don’t engage.”

Doing so may be easier said than done in the heat of the moment. Scammers are very adept in using emotional manipulation tactics or creating a high-pressure situation.

“Take the time to independently verify any and all requests,” Doughty says. “In an effort to urge an immediate decision or receive a payment, a scammer may even threaten criminal liability for refusing to perform a requested action.”

Safeguarding personal information can feel like a full-time job. Many PC users purchase antivirus software; Apple and Chromebook users may have chosen their computers based on the idea that those systems are less vulnerable to software attacks.

Google Chrome has a password checkup feature that can show whether stored passwords are weak or compromised as a result of a data breach. Reviewing it might produce anxiety, but considering the costs that can spiral from the theft of a credit card number, taking the time to guard information is worth the effort.

Avoiding unsolicited contact is paramount.

“An unexpected request for information from a ‘bank representative’ or ‘government official’ should ring alarm bells,” Doughty says. “Similarly, unexpected emails with links and attachments should not be opened.”

The adage that if something sounds too good to be true it should be avoided still holds merit.

“Stay cautious and gather more information before making a decision. Trust your instincts and seek counsel from loved ones and/or professionals,” Doughty says.

Creating a fake website is relatively easy and the sophistication of these sites can make them difficult to spot. The way it works is criminals develop an online destination that appears to be credible, tricking customers into purchasing goods that are never delivered.

Before making a purchase, reviewing a little information about the Uniform Resource Locater (URL) is a good idea. A URL is basically the online address of a business. Look for the “https:” designation instead of “http:”. The s refers to an additional layer of security encryption protocols.

Many antivirus software programs will flag these shady locales. And as the saying goes, an ounce of prevention is worth a pound of cure.

“There are a lot of resources available to educate the public on common cybercriminal tactics and scams. The Federal Trade Commission, FBI, Government Accountability Office and the AARP all have a wealth of information on their websites,” says Doughty, whose practice is mainly focused on business-related cybercrime prevention, corporate data privacy, and security.

Increasingly, cybercriminals are turning their attention from individuals to companies. Corporate data breaches have become pervasive. There is a lot more money to be had from pilfering the data and proprietary information of a major organization, which often includes the personal information of many individuals.

Businesses are also targeted by ransomware, a form of malicious software designed to infiltrate computer systems and steal valuable information. The data is then ransomed back to the owner, who in most cases has no other option except to pay.

The average ransom for business data starts around $10,000 and can spiral into the millions. That, along with reputational damage, has made cyber insurance a necessary purchase for many organizations.

The intersection of individual and business concerns is prevalent in real estate. Many real estate agents, contractors, mortgage brokers and associated professions are sole proprietors without a large IT department.

Wire fraud as it pertains to real estate essentially refers to a malicious actor sending a fake email or text purporting to be from a closing attorney, administrative professional, or anyone who might be involved in a real estate transaction. The goal is to trick the victim into wiring payment funds or closing costs.

There can be a sense of urgency with real estate transactions. Criminals use this to their advantage, asking for last-minute changes and cautioning that failing to follow their instructions could derail the transaction.

A 2021 FBI report indicated that this type of crime represented over $350 million in costs.

The application of a little old-fashioned common sense is always advisable. Accepting cookies from a stranger on the street probably sounds like a terrible idea. The same caution should be applied when visiting unfamiliar websites. Refusing to accept cookies may be wise for web surfing.

Looking for the lock symbol on the address bar, reviewing online passwords, running scans for viruses and other network issues, using a virtual private network (VPN), and allowing updates when available are all effective strategies to safeguard information.

If identity theft occurs, filling out a report on IdentityTheft.gov would also be worthwhile.

Resources to educate the public on common cybercriminal tactics and scams include:

• The Federal Trade Commission
• FBI
• Government Accountability Office
• AARP