As we become more tethered to smartphones, computers and other devices, those connections are putting us more at risk for being the victim of a cybercrime.
That’s according to Michael Horn, a U.S. Secret Service senior special agent assigned to the Tampa Bay Electronic Crimes Task Force, where he specializes in cybercrimes and network intrusion investigations.
Horn was a guest speaker at a recent luncheon presented by North Tampa Chamber of Commerce, at Atria Lutz.
His hour-long presentation covered current trends and techniques used by cyber criminals to compromise identity or personal information online. He also discussed some of the most commonly used scams and electronic crimes, and he offered tips on how to protect and minimize the risk of becoming a victim of these scams.
Much of the discussion centered on phishing scams.
The speaker said it’s “by far” the most common scam, whereby criminals pose as legitimate entities — such as banks and corporations — to defraud users and obtain sensitive financial information, such as usernames, passwords and account numbers.
While typically an email scam, phishing can also occur via U.S. mail or telephone correspondence.
Horn explained social media is a large reason why phishing, ransomware, business email compromises and other scams have become increasingly prevalent.
“It happens all the time, unfortunately,” he said.
That’s because users, more often than ever, are sharing gobs of information about their personal lives on Facebook, Twitter, Instagram, Snapchat and other popular applications. In other words, “we put all our business on the Internet,” Horn said.
Horn said posting details about where we work, shop, travel and bank has made it easy for hackers to obtain credit card information, because they can pose as one of those places in a personalized email.
“The bad guys are using social media to cater their fraud to be more effective towards you,” he said.
The speaker suggests posting something even as simple as ‘We’re going to Disney for a week’ on social media can greaten the risk for being the victim of phishing or another cyber-based crime.
Said Horn, “It’s like if I put a sign on the lawn, ‘I’m going grocery shopping for three hours. By the way, the back door’s open.’ That’s what we’re doing electronically whenever we’re either being careless with how we manage ourselves on the Internet, or, the information we’re providing.”
He added: “There’s a 100 different ways they could target you, but we’re giving them information to make their scams seem more legitimate.”
One phishing example the speaker gave was a hacker purporting to be Chase Bank, requesting users to verify their account information through email.
Horn recommends what he calls the “sniff” test to vet out such dubious messages.
Carefully inspecting such emails for spelling, grammatical and punctuation errors are dead giveaways it’s a targeted scam, he said.
The speaker also advises conducting independent verification before providing financial or log-in information online — such as calling the bank or the legitimate entity supposedly sending the email request.
As a general rule, Horn said, he just always assumes anyone sending him anything financial-related is a possible scam.
Another rule of thumb: Do not click links or open attachments from unknown sources or questionable emails.
“This is what gets everybody in trouble,” Horn said of mindlessly clicking through emails. “Malware, business email compromises and phishing scams largely are activated through people irresponsibly using their email.”
Those aren’t the only ways to lessen the risk for being a victim, the speaker noted.
Some other “best practices” for cyber security include:
- Using data backups (thumb drive, hard drives) to save valuable information
- Automatically updating anti-virus and anti-malware software
- Using strong, random passwords of 10 or more characters (“Not your kid’s birthday, not your dog’s name…”).
The speaker revealed that arresting and prosecuting cyber criminals and hackers proves difficult for U.S. law enforcement agencies, as the sources frequently comes from overseas, selling to other criminals on the dark web.
“Very rarely do we catch anybody,” Horn said. “Our victories are, No. 1, did we get you your money back? Number two is, if we help you remediate (future cyber crimes) by saying, ‘Hey, this is something that I can teach you about being safe going forward.’”
As for recovering money and compromised information, Horn said, “it’s all about timing.” “If they don’t catch it within the first 24 or 48 hours, it’s gone,” he said.
Published August 1, 2018