Dr. Francis Akogwu Alu is an Information Security Analyst
Cybercrimes and cyber-attacks in the guise of phishing and smishing have become a regular occurrence in various jurisdictions ranging from the first world to the third world and even the fourth world. The activities of these cybercriminals are on the increase even though corporate organizations and regulatory bodies are putting in place structures to checkmate the excesses of this underworld.
Stories are rife all over the globe on how these spates of cyber criminalities are on the increase and so many unsuspecting members of the public have fallen prey to these cyber predators who illegally breach cyber protocols to unleash their mayhem.
Only recently, an unsuspecting job seeker, Pamela Edema, 26, got an SMS message from a scammer offering her a mouthwatering job opportunity where she had the chance of making ends meet. She innocently fell for this prank after patting with a large sum of money.
This ugly incident left its trail a sour taste that made the young lady become wary of the several benefits that advances in Information and Communication Technology is making across the globe.
Ostensibly, Edema was pranked, and she ended up being disappointed as it turned out that the scammers were part of the fraud syndicates robbing several other hapless individuals online.
Most times, the targets of these unscrupulous elements are corporate firms and deep-pocketed individuals of which many had fallen victims.
For instance, penultimate week, the Telecommunications Industry Consumer Advisory Forum (ICAF) in Nigeria, asserted that fraud has escalated as digital adoption in economic activities has increased globally in recent times.
Several organizations have reported that they are being overwhelmed by the sheer volume of fraud attempts.
In the financial services sector all over the globe, customers are inundated with a lot of phishing and smishing attempts to defraud them of their resources. The banks are also raising the ante of cyber security within their domain and networks to combat these rising ugly trends.
And at the same time, fraud threat vectors have become significantly more sophisticated. They include nation-state actors, organized criminals, cyber terrorists, and insider threats, as well as local fraud rings.
Recently, the Executive Vice Chairman of the Nigeria Communications Commission (NCC) Prof. Umar Garba Danbatta drew the attention of the public to a fraudulent LinkedIn Account impersonating his person and office.
According to the Commission, the account was obviously created by some unscrupulous and criminal elements in the society with a view to defrauding unsuspecting members of the public and users of social media who may think that such an account belongs to the Executive Vice Chairman.
This is another variance of fraud activity that is gaining ground globally, known as phishing or smishing. There are different definitions of the term. According to Cambridge Dictionary, it is an attempt to trick someone into giving information over the internet or by email that would allow someone else to take money out of their bank account.
Also, Collins Dictionary defined Phishing as the practice of trying to trick people into giving secret information using fake emails or websites. The details are then used to steal people’s money.
Oxford Learner’s Dictionaries said that phishing amounts to the activity of tricking people by getting them to give their identity, bank account numbers, etc.
Phishing and smishing cybersecurity attacks are carried out over mobile text messaging, also known as SMS phishing. It could also come in the form of a voice note from the perpetrators of this unwholesome act.
Phishing and smishing victims are deceived into giving sensitive information such as their Personal Identifiable Information (PII) and Protected Health Information (PHI) to a disguised attacker. SMS phishing can be assisted by malware or fraudulent websites. It occurs on many mobile text messaging platforms, including non-SMS channels like data-based mobile messaging apps.
As more and more people use their personal smartphones for work, business, social events, and even religious worship, the nefarious activities of these scammers are gaining traction more. Some corporate bodies as part of measures to curb the prevalent nature of these social engineering gimmicks have introduced several measures that prevent their employees from downloading certain applications from the web in order not to interfere with their company data.
Companies now adopt Mobile Device Management (MDM) and mobile Application Management solutions (MAM) with strong encryption algorithm mechanisms to safeguard their data that are housed in employee mobile devices that are connected to their corporate networks. These cyber security measures have gone a long way in mitigating the incidences of data breaches in several blue-chip companies.
The truth of the matter is that ICT has brought in its trail a lot of solutions to communication in our contemporary society, but cybercriminals are also doing everything within cyberspace to reverse the gains of these innovative solutions.
Cybercrimes aimed at mobile devices are on the increase, just as mobile device usage among different people, strata, and races is equally surging. Aside from texting being the most common use of smartphones, a few other factors make this a particularly insidious security threat.
Phishing or smishing takes place when a scammer or hacker disguises as a trusted figure by tricking people into visiting malicious websites that will end up making such innocent visits to cost the visitor his/ her treasured information or resources. This explains why the Zero Trust philosophy is apt in every digital intercourse. For every digital interaction, users must ensure that they check and cross-check to authenticate the reliability of their sources so as overcome the pranks of phishers and smishers.
The targets of these phishing and smishing campaigns are selected in many ways but usually are based on their affiliation to an organization, region, or location. Employees or customers of a specific institution, mobile network subscribers, university students, and even residents of a given area can be targets. In a nutshell, so long as you engage in any form of digital interaction, you could be a target to phishers and smishers hence the need for you to always think twice before accepting that tempting email or text message.
Research has shown that perpetrators of such crimes are not limited to any region rather it is a burgeoning global trend that all relevant stakeholders must put their hands on deck to check. Most of the fraudsters are littered across global commercial hubs including, the USA, Canada, United Kingdom, China, Australia, Africa, India and Russia etc.
Information from the UK Cyber security breaches survey showed that as of 2022, the UK had the highest number of cybercrime victims per million internet users at 4,783 or 40% over what was obtained in 2020. The Cyber Security Breaches Survey is an influential research study for UK cyber resilience, aligning with the National Cyber Strategy.
According to the Security Breaches Survey, of the 39% of UK businesses that identified an attack, the most common threat vector was phishing attempts (83%). Of the 39%, around one in five (21%) identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack. Despite its low prevalence, organizations cited ransomware as a major threat, with 56% of businesses having a policy not to pay ransoms.
Also, the country with the next highest number of victims per million internet users in 2022 was the United States of America, with 1,494, however, that was a 13% decrease over the 2020 record.
In North America, one in every two internet users had their accounts breached in 2021. The Netherlands has also seen the greatest rise in victims, 50% in 2021 more than in 2020. In terms of the decrease in victims, Greece made the largest gain by reducing it to 75% in 2020.
Research also disclosed that in 2021, there were an average of 97 data breach victims every hour worldwide and the average of $787,671 was lost every hour due to data breaches.
The top country on the National Cyber Security Index (NCSI) in January 2023 is Greece, with a score of 96.10. The countries with the five highest scores on the NSCI are Greece (96.10), Lithuania (93.51), Belgium (93.51), Estonia (93.51), and the Czech Republic (92.21).
Between May 2020-2021, cybercrime in the Asia-Pacific region increased by 168%. Japan experienced a 40% increase in cyber-attacks in May 2021 compared to previous months that year. Between Q2 and Q3 of 2022, the countries that have suffered the largest increases in data breaches are: China (4852% amounting to 14,157,775 breached accounts), Japan (1423% amounting to 1,246,373 breached accounts) and South Korea (1007% amounting to 1,669,124 breached accounts.)
The countries with the largest decreases in data breaches between Q2 and Q3 2022 are: Sri Lanka (-99% amounting to 1,440,432 fewer breached accounts,) Myanmar (-82% amounting to 17,887 fewer breached accounts,) Iraq (-78% amounting to 16,113 fewer breached accounts).
There was a 70% increase in accounts breached in Q3 2022 compared to Q2. 108.9 million Accounts that were breached between July-September in 2022. This equates to 14 accounts being leaked every second.
The research by Security Breaches Survey also showed that 76% of respondents in a 2022 case study covering the US, Canada, UK, Australia, and New Zealand averred that their organizations have suffered at least one cyber-attack that year. That was a large increase over the 55% figure in 2020.
From the same study, only 30% have cyber insurance, with 69% fearful that a successful cyber-attack could put them out of business.
In 2021, Asian organizations suffered the most attacks worldwide. The percentage of attacks against organizations by continent in 2021 is as follows: Asia (26%) Europe (24%) North America (23%) Middle East and Africa (14%) Latin America (13%).
In 2021, there was some variance in the attack types used when breaching organizations: In Asia, the main attack type experienced was server access, with 20% of observed attacks. This was ahead of ransomware (11%) and data theft (10%).
In Europe, ransomware was the main attack type, accounting for 26% of attacks in the continent. Server access attacks (12%) and data theft (10%) were the next most common attack types.
In North America, the main attack type was also ransomware, with 30% of attacks. This was ahead of business email compromise (12%) and server access attacks (9%). In the Middle East and Africa, the main attack type observed was server access, making up 18% of attacks. Server access attacks were also seen in 18% of attacks, followed by misconfiguration (14).
In Latin America, the main attack type was ransomware, making up 29% of attacks. This was ahead of business email compromise and credential harvesting (both seen in 21% of attacks).
Potential losses to cybercrime by individuals in the US in 2022 totaled more than $10.2 billion. This is significantly higher than in 2021 when individuals lost an estimated $6.9 billion. Considering there were 5% fewer complaints in the US in 2022 compared to 2021, this suggests that cybercrime cost more per victim than the previous year.
eCommerce fraud is expected to cost the retail sector $48 billion globally in 2023. Online payment fraud is predicted to cost businesses $343 billion from 2023 – 2027.
The US IC3 department received reports from 24,299 victims of cybercrime. This amounted to more than $956 million lost to cyber criminals. 32% of the victims were over 60 years with the largest proportion of victims in 2021. 16% were aged from 50 to 59. Just 2% were under 20.
With the emergence of new technologies across the globe, there is every need for regulatory authorities and blue-chip companies to ensure that privacy, data integrity, and online trust across telecom networks are secured. Despite the challenges posed by the transformative potential of newer technologies, users of these new technologies have a pivotal role to play in safeguarding their data by making sure that they do not fall prey to phishers and smishers. They must maintain zero trust for all digital interactions which have become part and parcel of our daily lives.