Blog & Tools

Cybercriminals alter tactics to exploit email opportunities

Cybercrime Market

Here’s an interesting economic tidbit: Cybercrime has been so successful in recent years that the laws of supply and demand have depressed the market for stolen data.

The inventory of stolen information, such as credit card numbers and healthcare records, has increased so much in recent years that prices on the Dark Web are dropping, according to a report by Osterman Research Inc. of Washington. Osterman wrote the white paper for SonicWall, a California company that specializes in network security and internet appliances.

Facebook login credentials can be purchased on the Dark Web for as little as $5.20, for example. Costco account information goes for about $5 and Uber credentials sell for about $7, according to the report, which was published in April under the name “Best Practices for Protection Against Phishing, Ransomware and Email Fraud.”

The dropping value of stolen data is probably of little comfort to individuals and businesses whose sensitive information has been stolen and misused. However, the phenomenon might explain why some cybercriminals are changing their strategies.

“To more efficiently generate revenue, cybercriminals turned to ransomware and activities like CEO Fraud/BEC that enable them to steal directly from victims rather than stealing something of value that then has to be sold to someone else,” according to the study.

BEC is short for Business Email Compromise, a category of scam communications that, as the name suggests, are directed at company employees.

Phishing, as most people who use a computer have come to understand, is a form of social engineering that criminals use to trick people out of sensitive and potentially valuable information.

Ransomware is a malware that is downloaded onto a computer or into a company’s network ­– typically by deceptive means ­– to encrypt files and make them unreadable. Then for the files to be released, hackers demand payment in untraceable online currency such as Bitcoin.

Related Blog: Be cautious to avoid getting hooked in a phishing scheme

Related Blog: What to do before and after a ransomware attack

As SonicWall notes online in introducing the Osterman’s interesting white paper, email is the primary tool used in business communications, and it’s widely trusted. It’s also the No. 1 attack method for cybercriminals.

So it’s not surprising that thieves have stepped up their use of phishing and other email fraud.

One of the reasons cybercriminals are achieving success is because many organizations are not exercising adequate due diligence in addressing problems such as phishing, ransomware and other forms of email fraud, according to the Osterman report.

The report suggests that businesses take commonsense steps such as thoroughly assessing risks, deploying multi-layer defense strategies, and training every employee in the organization about risks.

Cybersecurity experts at Sioux Falls-based SDN Communications, a leading regional provider of broadband connectivity and cybersecurity services to businesses, have offered similar recommendations to businesses.

Here are some additional tips that SDN has offered endpoint users to avoid getting hooked by a phishing email.

  • Always be careful when using email.
  • Phishing emails often contain strange phrasing and poor grammar. Look for errors in the message.
  • Attacks often include threatening language and urgent calls for action.
  • Double-check the legitimacy of a link by hovering over it to see the actual URL.
  • Look closely at the “from” line of the address. It might resemble a legitimate address but contain slightly different characters.
  • View any email requests for personal or company information with suspicion.

Online help in recognizing and combating email fraud is available from several government sources, too, including the Federal Trade Commission, U.S. Securities and Exchange Commission, and the FBI. An online search of information available from such agencies will lead to a lot of recommendations.