When the Going Gets Tough, the Tough Get Scammed: How Cybercriminals Capitalise on Human Vulnerabilities During Major Events
Since the world is becoming more and more interconnected through the internet, major events like the FIFA World Cup and general elections can also prove to be fertile ground for cybercrime. Cybercriminals use the hype and attention surrounding major occasions to conduct attacks on people and businesses that aren’t prepared for them. This article investigates the human factors contributing to the increase in cybercrime following significant events. Individuals and organisations can take preventative measures against these kinds of attacks by familiarising themselves with these characteristics.
Major Events, Major Risks
Human vulnerability is a big contributor to the increase in cybercrime that occurs around large events like the FIFA World Cup and general elections. As a result of all the excitement surrounding these occasions, some people may make risky choices when accessing the internet, such as connecting to unsecured networks or disclosing personal information. It’s not only that individuals are more likely to make hasty judgments that leave them open to cyber assaults when they feel pressured to keep up with the newest advancements and share information with others. The massive flood of people from all over the world at major events can also cause security systems to crash, making it simpler for hackers to take advantage of human vulnerabilities and launch attacks. Let’s proceed with some of the most mindboggling cyber assaults taking advantage of human vulnerabilities:
1. Winning Numbers, Losing Money
Scammers have been known to use the lottery as a vehicle for fraud for many years. Scammers tell their victims they’ve won a cash award, a pair of tickets to the game, or a hospitality package. The true goal is usually the same, however: To trick you into parting with money or personal information, or into unknowingly downloading software designed to steal sensitive data.
Researchers from ESET have uncovered a number of international phishing operations promising winners of a lottery prize if they just provide their personal information. It seems that all that is required to claim your “prizes” is to fill out a short online form with information about yourself, including your complete name, date of birth, and phone number. If you win anything, an announcement may include the name of a person you may get in touch with for assistance in claiming your prize. There may be a tax or charge that must be paid before any winnings can be claimed, and the agent will inform you of this. After the transaction is finalised, the fraudsters will have fulfilled their goals, which were to get your money and personal information for use in further fraudulent activity or to sell to other criminals.
2. Fake News, Real Threats
Election fraud and deepfakes are two forms of cybercrime that might compromise public trust in the electoral process and undermine democracy generally. Deepfakes are fabricated films or pictures produced with the help of AI and ML algorithms, and they may be used to convey misinformation or sway public opinion. However, election outcomes can be skewed by the use of fraud, which is defined as “the intentional deception of another person for one’s own benefit.” Voter faith in the voting process may be eroded by deepfakes and electoral fraud, both of which can cause widespread chaos and uncertainty. Effective security measures to prevent this kind of cybercrime should be implemented by governments and election authorities.
Another way cybercriminals might try to influence the election is through phishing attempts directed at political campaigns and electoral authorities. All of these strategies have the potential to damage confidence in our democratic system and tamper with the outcome of the election.
3.Covid-19: Falling Sick and Falling Victim
An uptick in social engineering assaults has been seen during the Covid-19 pandemic. Criminals in these types of attacks employ psychological techniques to persuade their targets into giving up private information or enabling them access to restricted locations. To trick their victims into giving up personal information, cybercriminals sometimes assume the identity of someone or something they know they can trust, such as a government official or a bank employee.
One popular approach employed by social engineers is to generate a feeling of urgency or anxiety in the victim, such as by suggesting that their account has been compromised or that they are at risk of losing access to key services unless they take urgent action. This may prove especially useful during the lockdown, when many people may be experiencing elevated levels of anxiety or uncertainty. It is crucial for individuals and organisations to be aware of these sorts of assaults and to take action to defend themselves against them.
What Do the Experts Say?
Chris Thomas, Senior Security Advisor, APJ, ExtraHop, advises that hackers are opportunistic and would take advantage of any scenario, including significant cultural events like the World Cup and key events like elections. But what really worries us is the wealth of personal information these thieves have amassed. As a result, everyone whose information has been stored online during the previous 5-10 years is likely to have been breached more than once, providing hackers access to information about individual preferences based on their online behaviour, mobile app usage, and subscriptions. From there, social engineers may launch highly targeted phishing or smishing campaigns based on the information they’ve gleaned. Individuals should be wary of suspicious telephone numbers, questionable links in emails, and suspicious requests to change their passwords. Organisations must monitor all network activity, including the addition of BYOD devices, in order to determine what constitutes regular operation and what constitutes suspicious activity.
Ilia Rozhnov, Head of Group-IB’s Digital Risk Protection team in the Asia Pacific has issued a warning that major holidays like Christmas and Black Friday present hackers with possibilities to capitalise on the heightened attention of their target audience. Since these celebrations are well-known and have been promoted on TV and social media for years, scammers may simply convince their victims to click on a branded false ad or open a malicious email. With so much advertising happening around major events, it might be difficult for an unknowing user to tell a real ad from a fake one. More than sixteen thousand scam domains and hundreds of phoney social media accounts, adverts, and mobile applications have been discovered by Group IB in preparation for the FIFA World Cup 2022. End-user fallout may be mitigated with the help of a brand protection plan that monitors for fraudulent activity from the outset. In addition, attack surface management systems should be used to keep tabs on, catalogue, and patch any and all digital assets developed in the run-up to these occasions.
Scott Jarkoff,Director of CrowdStrike’s Strategic Threat Advisory Group for APJ and EMEA has channelled his concerns that big regional and global events, such as the future political elections, present chances for cybercrime. To capitalise on people’s curiosity and need to be up-to-date, cybercriminals often target major news events and the media cycles that surround them. With the help of social engineering, cybercriminals trick their victims into visiting malicious websites or providing personal information (such as passwords) that may be used for financial gain. Users are lured into phishing sites by the promise of free streaming or live updates, only to be sent to fraudulent websites. If the link is clicked on from a work device, the entire company might be at risk of having sensitive information stolen or credentials harvested. Organisations can lessen vulnerability by instilling a security culture among their staff, especially before large-scale events or vacations. Secondly, they may take use of proactive intelligence to learn about the most recent threats and state-of-the-art security solutions, allowing them to see the potential vulnerabilities in their network and act swiftly to counter any phishing assaults.
According to BengHai Sim, Head of Technical Sales – APAC at ESET, important events such as the FIFA World Cup and general elections may draw a lot of attention, making them a perfect place for opportunistic hackers to scam people. Criminals have utilised various forms of social engineering such as lottery and ticket fraud, to defraud people via phoney phishing websites during the FIFA World Cup. Major events can often induce individuals to let their guard down, making them easier targets for social engineers who rely on human connection and manipulate others. It’s important for customers to be on the lookout for phishing attempts, which typically come in the form of unsolicited communications that ask for sensitive information. They need to be wary of whom they share their credentials with and implement two-factor authentication whenever possible. Since it is not always obvious that a website is fraudulent merely by glancing at it, it is a good idea to include anti-phishing features in your security software to prevent any interaction with potentially malicious links.
David Hope, Senior Vice President, Asia Pacific & Japan, ForgeRock warns that important world events are causing people to spend more time on the internet and using mobile apps, which leads to an increase in user accounts online. This creates more opportunities for cyber risk, making it easy for attackers to break into accounts from anywhere in the world. Cybercriminals know that during these times of important events, people are more likely to click on links without thinking and are therefore more susceptible to social engineering and phishing tactics. As a result, password-less authentication solutions should be considered in order to minimise the risk of fraud and protect against the use of stolen credentials. These solutions provide a much-needed upgrade to traditional security measures that are no longer sufficient in protecting against cybercrime.
Navigating the Online Landscape During Major World Events
To sum up, cybercriminals may find an ideal breeding ground in the fervour and attention surrounding significant events like the FIFA World Cup and general elections. Cybercriminals use heightened activity, media spotlight, and human frailties to conduct attacks against unsuspecting victims and institutions. To avoid being a victim of cybercrime during these times, people and businesses should take precautions by learning the causes of the increase in such activity. This involves taking precautions when accessing the internet, such as being wary about attachments and links in emails, sticking to trusted networks, and being selective about what personal information they disclose. Taking these measures can help individuals and businesses stay safe from cybercriminals on days of significant events.
