After more than a year of the pandemic, teleworking and carrying out paperwork and other activities remotely has become increasingly widespread. However, with this turn to virtuality also came an opportunity for criminals, who, taking advantage of the security gaps in many systems and the lack of user experience, have increased their actions.
Various law enforcement agencies estimate that electronic scams rose 300% during this pandemic and the largest number of them occur through emails and social media. Rather than software deficiencies, the scam is a cyber update on the “uncle’s tale.” The criminals, through psychological manipulation techniques, appeal to special situations that people live because of the confinement or because they are waiting or interested in certain things, such as the response to a claim, a subsidy, or now the issue of the vaccine. Scammers look for pretexts to get in touch and take advantage of these vulnerabilities to obtain personal or banking information.
One of the methods they use the most is through social networks since many write to banks through this means, and when the comment is made public the cybercriminal creates a false profile that has the appearance of being a page official bank and contact them.
Other channels used are false emails, a technique called “phishing” or telephone calls, which is why they warn that “you should never give sensitive data” in these ways, such as the Token code or the home banking key, which allow scammers access the accounts.
The increasing digitization of services has made us turn to the internet to do all kinds of procedures, purchases (supermarket, clothing, appliances) and even make greater use of banking platforms.
The covid-19 pandemic has only accelerated this phenomenon, at first with more doubts than certainties. But, after a year of practice, it does not seem that we have learned much about how to use technology to our advantage and not that of criminals. Data released by the Specialized Cybercrime Fiscal Unit indicate that between 2019 and 2020 the complaints associated with phishing and crimes of economic content grew by 3,000%. And, undoubtedly, bank phishing has been one of the most widespread, especially the modality via e-mail with replicas almost identical to those of banks. But neither did identity theft on social networks, fake promotions and any “gadget” tending to steal personal data (such as access credentials) were left behind.
Clearly, the attacks are still the same, what I call the “story of the uncle of the digital age”, and we as users remain vulnerable to falling into the networks of criminals.
Throughout 2020 we were able to see through different means awareness campaigns on the use of technology, be it from banks, businesses and all kinds of companies. So I wonder how much we have learned in all this time.
Perhaps it is enough to just be attentive to what we receive and look, for example, at the sender of the email to realize that it is a hoax. It must be remembered that no entity is going to request the access key to the platform, much less inform the random message (token). The scams are very well done and perfectly simulate official sites or channels, but that does not justify falling prey to them.
Many times it happens that we approach technology without being aware of the risks that irresponsible use entails, or the value of our personal information (what is confidential, what can be shared, etc.), and that is where we leave open the window for criminals to enter.
I always make an analogy in this sense: we do not give our wallets to just anyone, nor do we give our personal information. In the same way we must act on the internet, even more so when we use various platforms that require our personal data.
The attacks are still the same, what I call the “story of the guy of the digital age”, and we as users remain vulnerable to falling into the networks of criminals.
Therefore, if we doubt what comes to us, first we DO NOT TRUST the bombastic promotions, the ridiculous gifts, the requests for password changes, the request for personal data, etc. As I have already reiterated, if the bank with which we operate needs to contact us, it will do so through the usual channels; but it will not ask for this type of confidential information, such as a “user” or “password”, by mail, text message, chats of social networks or WhatsApp, etc. We can’t hold third parties accountable for our own mistakes or weaknesses. Therefore, if we are aware of the use we make and the platforms take every precaution to minimize attacks, we will be able to win the battle against cybercrime.
We must all implement the measures to combat it to the maximum. It’s not just about blaming social media, banks, or platforms for the attacks. Prevention must begin with each of us knowing that we should not hand over our access credentials. The only way to prevent it is to be aware and not be fooled.
Clearly, education in the use of the internet is still an outstanding debt, despite all the effort we have made to alert users and the awareness campaigns carried out.
While we have talked a lot about how to prevent phishing, we will continue to do so to make users increasingly responsible for our use of technology.