Cybercrime risks growing in 2023 – don’t expose yourself

The past year was ripe with cyberattacks, including the high-profile ransomware breach of Suffolk County’s public computer systems.

In fact, the number of cyber attacks targeting organizations in North America increased 47% in Q3 2022 compared to Q3 2021, according to Check Point Research, a cyber threat intelligence provider.

Looking ahead, experts expect the risk to continue to grow in 2023. Several key threat areas include the takeover of social media accounts, payment apps, and fraud targeting specific ethnic groups or immigrants with limited English skills.

“I think it’s going to continue to be a very active year for identity crimes and compromises,” said Eva Velasquez, president/CEO of the Identity Theft Resource Center (ITRC), a non-profit organization established to minimize the risk and reduce the impact of identity compromise .

Fraudsters exploit technological vulnerabilities less and human vulnerabilities more, she says.

This is one reason scams targeting those with limited English skills will increase along with relationship scams, with hackers gaining the trust of unsuspecting victims through avenues such as social media and dating sites, says Velasquez.
Social media account takeovers increased by more than 1,000% in 2022 as more people fell for phishing attacks and identity fraud, according to the ITRC.

Phishing involves fraudsters sending messages pretending to be a trustworthy person or organisation. It is often used to gain access to accounts or steal user data or even money.

Colette Lee Morales of Long Beach, an event planner, fitness trainer and hairstylist, was the victim of a social media account takeover in early 2022.

Her Instagram account, with more than 5,000 followers, was taken over with the scammer wanting her to pay $500 in bitcoin to get it back.

A scammer posing as one of her Instagram followers, who she didn’t realize had been hacked, sent her a link, and when Morales clicked on the link, she was immediately banned from her account. The hacker also changed her personal information so she couldn’t get back in.

Morales was able to contact him briefly through an Instagram video call and asked him to return it, but he refused. He pretended to be her and even scammed three of her followers out of money by sending them direct messages on Instagram.

“It was the worst thing they talked to him about and they thought they were talking to me,” she said.

She eventually managed to get her account back without paying a ransom through Instagram Selfie Verification, but she ended up losing over 100 followers who were scared off by the bitcoin ads he posted.

“It wasn’t about the number of followers for me, it was just that I really didn’t want to lose touch with people I’ve connected with all over the world,” she says.

Social media account takeovers and other phishing-related threats will definitely increase this year, said Adam Schwam, president of Farmingdale-based Sandwire Corp., a managed IT services company.

Phishing emails may look like they come from a reliable source, but when you click on a malicious link, you could be hacked.

When they get into your email account, the threat isn’t just to you, it’s to your network that they can now reach directly, he says.

He offers customers a service, BullPhish ID, that impersonates and sends out fake emails to employees. It tests them to see what they click on, then provides training to deter risky practices.

He also uses ID Agent, which monitors the company’s website domain names and email addresses on the dark web to see if any of them have been compromised, says Schwam.

And he also uses Passly, which is a password manager and enables multi-factor authentication, which requires the user to provide multiple forms of verification. It’s like when you get a text code from your bank to verify your account.

“Multi-factor authentication can help combat many of these threats,” says Matt Pomara, co-founder and vice president of Ark Technology Companies in Garden City, an information technology company.

It is available as an option to activate on many social media accounts, he says. But many don’t bother.

Morales, since she was hacked, has enabled this feature on her Instagram account.

Pomara also said people need to be more careful with their passwords and use different passwords for different accounts.

People who are reluctant to use password managers tend to repeat the same passwords across multiple accounts, he says.

Other areas of concern, says Pomara, are risks associated with the continued work-from-home trend with people using their own unprotected devices.

Companies need to make sure the devices employees use have up-to-date security protections, he said.

And the increased popularity of payment apps can prove to be breeding ground for fraudsters, says Velasquez. The Federal Trade Commission has warned consumers to avoid such scams on apps like Venmo and Cash App,

You can stop payment on a check or dispute charges on a credit card, she says, but there is limited protection on these payment apps, she says.