Following Footprints To Better Bait

If you have not heard of the term "Phishing", you have not been paying attention of late - web-wise. If you're reading this, it's likely your personal information is available to the public. And by "public" I mean everyone everywhere. I hear you screaming "what about internet privacy?" Sorry to disappoint you - there is no such thing. Some have gone to extreme lengths to delete themselves but to no avail. Wondering how deleting yourself from the internet can stop companies from getting hold of your info? Short answer: It can't.

You can never completely remove yourself from the internet, but there are ways to minimize your digital footprint, which would lower the chances of your personal data being out there. Be forewarned, that removing your information from the internet, could adversely affect your ability to communicate with others and a lot of AIPs' that make the internet work.

When you use the internet, you leave behind a trail of data, a set of digital footprints. These include your social media activities, web browsing behavior, health information, travel patterns, location maps, information about your mobile device use, photos, audio, and video. This data is collected, collated, stored, and analyzed by various organizations, from the big social media companies to app makers to data brokers. As you might imagine, your digital footprints put your privacy at risk, but they also affect cybersecurity.

There are cybersecurity researchers who track the threat posed by digital footprints. Hackers can use personal information gathered online to suss out answers to security challenge questions like “in what city did you meet your spouse?” or to hone phishing attacks by posing as a colleague or work associate. When phishing attacks are successful, they give the attackers access to networks and systems the victims are authorized to use.

Phishing attacks have doubled since early 2020 the pandemic notwithstanding. The success of phishing attacks depends on how authentic the contents of messages appear to the recipient. All phishing attacks require certain information about the targeted people, and this information more often than not comes from your digital footprints. Hackers can use freely available open-source intelligence gathering tools to discover the digital footprints of their targets. An attacker can mine a target’s digital footprints, which can include audio and video, to extract information such as contacts, relationships, profession, career, likes, dislikes, interests, hobbies, travel, and frequented locations.

Your online activities may seem fleeting, but they leave traces.

They can then use this information to craft phishing messages that appear more like legitimate messages coming from a trusted source. The attacker can deliver these personalized messages, spear-phishing emails, to the victim or compose as the victim and target the victim’s colleagues, friends, and family. Spear phishing attacks can fool even those who are trained to recognize phishing attacks.

One of the most successful forms of phishing attacks has been business email compromise attacks. In these attacks, the attackers pose as people with legitimate business relationships – colleagues, vendors, and customers – to initiate fraudulent financial transactions. This was the modus operandi of "Hush Puppi" a very famous Nigerian fraudster now languishing in an LA detention center awaiting a court appearance. Never heard of him. Enlighten yourself - do a Bing or google search.

He and his cohorts were in the main targeting targeted corporate entities. They sent emails, which looked like they were coming from top executives to employees. The email requested the employees to make wire transfers, resulting in fraudulent transfers in excess of $100 million over a noticeably short period. Access to the computer of a victim of a phishing attack can give the attacker access to networks and systems of the victim’s employer and clients. Target corps and a contactor providing HVAC (heating, ventilation, and air conditioning) were victims of this type of attack a couple of years ago. One of the employees at retailer Target’s HVAC vendor fell victim to a phishing attack. The attackers used his workstation to gain access to Target’s internal network, and then to their payment network. The attackers used the opportunity to infect point-of-sale systems used by Target and steal data on 70 million credit cards.

A big problem and what to do about it There is a general consensus amongst security companies that over 90% of attacks in which the attackers gained undetected access to networks and used that access overtime started with phishing messages. Given the significant role played by phishing in cyberattacks, it is important for organizations to educate their employees and members about managing their digital footprints. Knowing the extent of your digital footprints, how to browse securely and how to use social media responsibly. These are all important ingredients in mitigating this malaise. Eradication will never happen because of our very nature - social beings.

Addendum: The Crypto Effect

The rate of rip-offs has been skyrocketing says the "The Federal Trade Commissioner's Reports"(2022). The report stipulated the losses accrued during the last 15-month period were some 60 times higher than those reported in 2019. The upsurge is apparently so bad that about one in four dollars stolen via fraud is taken using crypto, according to the report.

In a departure from other cybercrime trends, the FTC notes that younger people — specifically, people in their thirties—are the most likely to fall for these kinds of scams. However, older victims have tended to lose more money per incident, with the average individual payout for people in their seventies hovering around $11,708, the report says. The top cryptocurrencies that victims said they used to pay their scammers were Bitcoin, Tether, and Ether.

“Crypto has several features that are attractive to scammers,” the FTC report notes. “There’s no bank or other centralized authority to flag suspicious transactions and attempt to stop fraud before it happens. Crypto transfers can’t be reversed – once the money’s gone, there’s no getting it back. And most people are still unfamiliar with how crypto works.”

The future of crypto: predictions for 2022
A little over half of the money lost—or $575 million—has gone to “investment scams,” where a supposed web3 entrepreneur reaches out to a target under the pretense of offering them a good deal on an emergent alt-coin or other phony “opportunity.” After bilking them for the fake offering, the scammer then proceeds to run off with the target’s investment cash. A majority of Americans who fell for these scams said that it started with an advertisement or solicitation posted to social media—usually Instagram or Facebook and then escalated into promises of “easy money.” Of course, the only easy money that ends up getting produced is the money sent from the victim to the scammer.

Another $185 million was reported lost last year to “romance” scams—schemes wherein a victim gets mixed up with a crypto swindler via online dating. Meanwhile, an additional $133 million was lost to “business and government impersonation” scams, wherein cybercriminals pretended to be authority figures and then made up bizarre justifications for why a victim needed to invest in cryptocurrency.

It should be noted that these are definitely not the only crypto-related ways to lose a ton of cash! Don’t forget that the occasional hacking episode directed at your DAO, exchange, or “beanstalk” can lead to hundreds of millions of dollars in losses. Also, sometimes (read: a lot of the time), digital currency just ends up being a lousy investment!