Cyber crime is getting worse

Cyber crime is getting worse: a reader asks…

Can you give me some advice? I’ve been telling people about how they should use stronger passwords on their computers and online accounts, but most people just ignore it. How can I get them to listen?

Hmm, sometimes the only way someone learns is by suffering the consequences of their (in)action. I’ve been shouting the same thing for over a decade, and I still find that most people (heck, nearly all), use crappy passwords. Check out my recent article on this subject: Is your password …? Here’s some sad facts:

• Intel recently acquired McAfee.com and issued a report on cyber crime. Most chillingly, the report says that cyber crime has grown up and gotten a lot more sophisticated, organized, and is on a fast growth path. Cyber crime is now operated just like a Fortune 500 company, complete with  suppliers, market segmentation, service providers, financing, and trading systems.
• In the US, four out of five Microsoft Windows-based computers have some form of infection, be it spyware, malware, adware, or computer virus. This statistic hasn’t really changed over the last 15 years, although the sheer number of computers in use in the US has grown exponentially. This statistic is even threatening to extend to Apple Macs, as adware and spyware designed for the Macs is growing, and more people are using Macs with no more thought to security than anyone else.
• Per Consumer Reports, 34% of all US smartphone users don’t use any kind of security on their phones at all, not even a passcode. And only 36% of smartphone users have bothered to set at least a simple, 4-digit passcode. Plus, they get their web browser and apps to remember online account passwords for them, leaving everything open to a simple theft. So of course, smartphone theft is rising.
• Ransomware is on a steep rise, fed in part by consumers continuing to open email file attachments, blindly click on links in emails or on shady websites, and in general, surf the web dangerously. Criminals are finding ransomware to be a highly lucrative business venture (read, easy money), so expect this threat to continue to grow quickly.
• Businesses are just as bad as consumers at cyber security. Protecting data is expensive, and there’s nothing much to show for tons of money spent on cyber security. Worse, even spending money doesn’t guarantee protection, since the threats evolve and morph so rapidly. It’s hard to justify such spending to stock holders who only care about the stock price. And when a security breach happens, the company just fires the employees they hold responsible, no matter that they didn’t give them the funding they needed.
• Over the last year, one in six adults has fallen victim to cyber crime (research by Experian), and I expect the rate to get much higher very quickly.

I think one reason folks ignore security is they think that nobody’s interested in themselves, and that cyber crime is mostly directed at business and government. That fantasy has been dis-proven often, but never makes any impression on consumers. The biggest attraction your personal computer or smartphone has for a hacker is for them to add it to their stable of zombie computers. Hackers use a botnet to hide themselves and spread attacks as widely as possible. If the authorities trace an attack to a computer, it’s usually some hapless consumer who didn’t even know their computer was infected.

One of the best ways for humans to learn something without having to experience it themselves is to hear a gripping story about what happened to someone else. There are tons of these stories online, but they never seem to grab the public’s attention, certainly not in the face of the glut of information we see every day. We as a people are overloaded with information, so we have to choose to ignore most of what’s out there and only pay attention to the things that interest us. If you’re looking for some good stories to share, check out Norton’s Cybercrime Stories. They’re short enough to re-tell easily, and Norton thoughtfully has links that advise consumers to follow pretty much the same things I say in my Safe Computing Practices.

It all starts with good password/passcode habits. Most people who bother with passwords use easy-to-crack passwords (aka, crappy passwords), use the same password in multiple places (or everywhere) online, and never change them. This is a hacker’s dream. That’s why I’ve evolved my advice about passwords to recommending a password manager like LastPass or  1Password. There’s simply no way a human brain can manage the hundreds of different, complex passwords you should use in today’s digital life. A password manager can handle this for you, remembering those account login credentials (username and password) so you don’t have to. This is much safer than letting your web browser remember passwords, since you have more control over access to your password vault.

I hope you’ll keep swinging and telling everyone you know that they should develop and practice good password habits. Perhaps if you try story-telling it might be more effective. Choose one of the ones from Norton, any others you find online, or feel free to use this true story (places, names and relationships changed, we don’t want anyone called out!):

My friend Roger is pretty computer-savvy, but he got scammed. Just goes to show you that anyone can become a victim. Here’s his story: Roger has a personal computer that he uses for email and surfing the web. He does online banking and shopping. Roger does a decent job of being secure, he keeps an Excel spreadsheet with passwords on his computer, and uses one main password with variations depending on which website he visits. He also uses a good antivirus program.

Two weeks ago he got an email from his cousin in Kansas (at least that’s what he thought, looking at the From line). The email had a zipfile in it and the message said there were family reunion photos in it. Roger had missed the last family get-together…well actually he doesn’t like to go to any of these as he gets drilled on why he’s not married yet, who he’s seeing, and other uncomfortable questions. He doesn’t hear from his cousin Darryl all that often, but every once in a while Darryl will write to Roger.

So Roger unzipped the file and yes, there were photos in it, but as he opened each photo he didn’t see anyone he recognized. So Roger replied back to Darryl asking “What’s up with these photos?” and then forgot about it.

A few days later, Roger restarted his computer, and boy did that take a long time! Once the computer was finally up and running, he noticed that it was a little slower than it was just the other day, but not so much that it raised any alarms – Roger just thought that some big Windows update happened. That same day, Roger was in and out of the house all day, and he left his computer running so he wouldn’t have to restart it each time just to check email or whatever.

A week goes by and the computer seems to be running ok, just a little slower than before. But Roger starts getting all kinds of spam, and messages from people he knows – they say he’s sent them spam. Thinking his email account got hacked, Roger changes the password, but the flood of email keeps coming. As the days go by, things get worse, Roger’s bank calls and wants to verify some credit card purchases – Roger didn’t make them. So he has to get a new credit card. Roger’s Amazon.com account password got changed, but he didn’t do it, so he had to get that fixed. Roger changes his email password (again) and also online banking and shopping passwords, but strange things keep on happening.

The final straw was a visit from the police. Apparently, Roger’s home computer was tracked as the source of some malware attacks and the police confiscated his computer. He’s lucky they didn’t try to charge him with anything, but he did remember to tell them about Darryl’s weird email, and they nodded like they knew that already and left him with a receipt for his computer. Roger didn’t have the money for a new computer, but he was able to at least use mine to change all the passwords on every account he could think of.

Turns out that someone had hacked into Darryl’s computer, had gone through his contact list and sent a malware-laden bomb via email to everyone in the contact list. They also took over Darryl’s email account so that they could catch any replies (instead of Darryl). The malware-laden bomb was the zipfile Roger opened on his computer. Malware was embedded in the photos that Roger opened, and they bypassed his antivirus and turned his computer into a zombie, joining hundreds of other hapless computer owners who were supporting that hacker’s schemes. Had the police not confiscated Roger’s computer, he would have just continued supporting the hacker without knowing it, and probably even worse things could have happened to Roger’s digital identity. The hacker could have zero’d his bank account, taken out credit cards in Roger’s name, and more.

The story’s probably not over, but at this point, Roger is without a computer, stuck with lots of worries about identity theft, and has no idea when (or if!) the police will return his computer – or if he even wants it back.

---

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via (send to @PosiTek), (send to Support@PosiTek.net), using any credit card (no Paypal account required), using Zelle, Apple Pay or Google Pay, or by mailing a check or cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thank you!

Go to Top of Page