WASHINGTON – Hackers have become almost synonymous with large-scale data breaches like the one at Ashley Madison earlier this year, but Frank Grimmelmann said that doesn’t mean cyber criminals are above targeting personal devices.
“The reality is that you likely have been hacked, will be hacked, or are being hacked and are not aware of it,” said Grimmelmann, president and CEO of the Arizona Cyber Threat Response Alliance, a public-private group focused on “protecting the nation’s infrastructure through mutual information sharing.”
The FBI reported this summer that Americans submitted 246,620 reports of “suspected Internet-facilitated criminal activity” to the bureau’s Internet Crime Complaint Center last year, with associated financial losses of $672 million.
The “2014 Internet Crime Report” said Arizonans submitted 6,040 of those Internet crime complaints last year, reporting losses of nearly $25.4 million.
While the number of reported crimes from Arizona has fluctuated over the years, the reported losses have grown steadily at the state and national level. But cyber experts said they believe many cyber crimes go unreported, and that the number of successful cyber schemes was likely much higher than the report suggests.
See related stories:
And the report said that the “evolving nature of Internet crime” has “criminals achieving new levels of sophistication.”
But cyber crime still comes in two main flavors.
Hacking, in which thieves use technology to infiltrate devices and steal personal information, remains a prominent technique for cyber criminals. But a large portion of cyber crime ignores software deficiencies altogether and preys instead on the gullibility of the person using the device, experts said.
Internet crime victims lost more money to confidence fraud in the U.S. in the second half of 2014 than they did to any other type of cyber crime. Of the financial losses reported to the FBI from June to December last year, 16.7 percent, or more than $80 million, stemmed from confidence fraud schemes.
Confidence fraud includes bogus business offers and romance scams where scammers seek “companionship or romance online,” then solicit money from the victims – whom they have never actually met in person – by spinning tales of “family tragedies, severe life circumstances, and other hardships” that left them in dire financial shape.
“That puts citizens in the position of making a tough decision,” said Mike Lettman, Arizona’s chief information security officer. “The bad guys target our soft side because they know we’re gullible.”
But Lettman, who provides information security strategies to more than 130 public agencies, said Arizonans also need to be on the lookout for hackers “trying to steal your information and use it for profit.”
“If I steal your Social Security number and I have your name, I have your identity,” Lettman said. “Don’t give personal information out if you don’t have to.”
The reality is that you likely have been hacked, will be hacked, or are being hacked and are not aware of it.Frank Grimmelmann
The FBI report said Internet-facilitated identity theft was one of five costliest types of online crimes in the second half of last year, with combined financial losses of nearly $33 million reported in 8,900 cyber crime complaints.
Phoenix in particular is a hotbed for cyber-facilitated identity theft, due to the Valley’s large elderly population, said Gail-Joon Ahn, a computer science and engineering professor at Arizona State University.
“In terms of identity theft, we are one of the worst,” said Ahn, who teaches at the Ira A. Fulton Schools of Engineering. “We have a lot of retired people living here” who are not as familiar with cyber security.
But Lettman said Arizonans of all ages are at risk when cyber criminals utilize social media to “target our need-to-know side.”
The FBI report said social media sites offer “a quintessential goldmine of personal data” for cyber criminals, and that “12 percent of the complaints submitted in 2014 contained a social media aspect.”
Lettman said scammers use social media websites to circulate news stories that link to questionable websites.
“Be very careful about clicking on links on social media,” he said. When you click on a link “you’re essentially opening your computer to that website.”
Lettman said he understands that “people get enticed,” but he said Arizonans should “always try to determine if a link is legit or not” before selecting it.
Arizonans who use safe cyber security practices can decrease their risk of cyber attacks, Lettman said.
One expert said it’s high time people realized they can be at risk just like the big cyber targets.
“People just aren’t waking up to how serious this is,” said Owen Zorge, chief information officer and director of Information Technology and Assurance at the Arizona Department of Emergency and Military Affairs. “Everybody that has a device is a target.”