We are all aware that computer security and the protection of personal data have become issues since the day the Internet was invented. From the beginning, people have tried to get around the laws and do harm to others. In 1903, when John Ambrose Fleming was trying to demonstrate a secure method of distance communication, Nevil Maskelyne, a magician-inventor, found a way to disrupt the public demonstration by projecting insults in Morse code onto the screen. Since then, as soon as new technology comes out, groups of people devote their time to looking for flaws to exploit.
With the arrival of the Internet, these occurrences have increased at an exponential rate, and even more so since the emergence of e-commerce. These new trends have allowed pirating to become more frequent and focus on only one goal: making money.
These days, a number of people keep their credit card information on their computers. Therefore, if someone accessed their system, the person would be able to obtain all of this information easily. Alternatively, if these malicious people find a flaw on a transactional site, they would be able to collect the credit card information of all of its visitors who have made transactions. I remember this happening in 1999, with a list of 5000 credit cards and all of the information required for fraudsters to treat themselves! It must be said that at that time, computer security was nowhere near what it is today.
Surprisingly, the vast majority of the population remains oblivious to the phishing problem. For ill-intentioned computer experts, it is now easy to impersonate a bank or even a family member or friend to convince you to send them your banking information, so they can withdraw money. Even if you are vigilant when you browse, hackers still manage to adapt and find new ways to commit fraud. Here are three techniques that are currently used by fraudsters:
PHISHING
According to the Office québécois de la langue française, this term refers to a “scamming attempt based on identity theft, consisting in sending out a mass email, seemingly issued by a financial institution or commercial enterprise, aimed at obtaining confidential information” [our translation]. This tactic is most commonly used in two situations: fraudulent emails from banking institutions and CEO fraud. The latter consists in the theft of the electronic signature of an employee of a company to then modify it to that of the CEO, asking for an urgent bank transfer for a given reason. It’s a clever enough technique because it seems to work more often than you’d think!
RANSOMWARE
Ransomware is “malicious software that unlocks a computer or encrypts data, with the goal of extorting money from the user” [our translation] (Office québécois de la langue française, 2018). In simple terms, hackers find ways to access your computer and encrypt your files using an indecipherable encryption key that only they have. In most cases, this type of fraud is directed at companies that often end up paying the amount in order to once again have access to their systems. This type of attack could have serious repercussions for companies, which is why it is important to have cyber-risk insurance. Unfortunately, it is possible that you may still not be able to recover your files once the ransom is paid. To avoid trouble, think about maintaining an external backup of all of your data and keeping your cyber-protection up to date for your entire network.
MALWARE/SPYWARE
Even though these terms have different definitions, these two lesser-known types of fraud ultimately have the same goal: “to collect and transmit to third parties, unbeknownst to the user, data about the user or information about the system being used” [our translation] (Office québécois de la langue française, 2007). It is not uncommon for these two types of software to never be found, as they can remain on your computer for several years. They can infiltrate your system through attractive Web advertisements, Facebook invitations, or suspicious emails that tell you that you have a package to pick up when you haven’t ordered anything. As such, you click on a link that does not seem to cause immediate damage, but your computer becomes infected by software that blends in with your system. You can use the following link to determine whether your system has been infected: https://www.malwarebytes.com/.
Now that you know a little bit more about the criminal practices that some people are involved in on the Web, we encourage you to become even more vigilant when you browse on your computer. Don’t hesitate to protect yourself with antivirus software or to call your Lareau broker to learn more about cyber-risk coverage.