BLOOMINGTON, Ind. — Law enforcement officials around the world report cyber criminals have stepped up their game since COVID-19, taking advantage of so many people working and learning from home.
According to the FBI, the number of complaints about cyberattacks were up to as many as four thousand a day earlier this year. That’s a 400 percent increase from what they were seeing before the pandemic.
"This is a really target-rich environment for scammers,” said Scott Shackelford, a professor and chairman of the Cybersecurity Program at Indiana University.
Shackelford said it has become a main source of income for organized crime.
“And when you look at overall cybercrime … identity theft, intellectual property theft … that skyrockets pretty quickly to maybe north of a trillion (dollars) worldwide,” Shackelford said. “I’ve seen estimates pushing six trillion. If that’s true, that dwarfs the market in illegal drugs.”
Interpol, the international police organization made up of law enforcement agencies around the world, reported in August an "alarming rate of cyberattacks aimed at major corporations, governments and critical infrastructure."
In September, Carmel’s city website was hacked and taken offline as investigators looked into who was behind the attack.
NBC News recently reported the latest victim: a major hospital system with three locations in Indiana.
"It comes down to ‘let’s see who would click on this link and compromise systems that give us an opportunity to make money?’" said Matt Lourens, security engineering manager at Check Point Software.
Who are these cyber criminals?
Lourens said there are three primary culprits behind cyberattacks:
- People looking for monetary gain
- State-sponsored (foreign countries)
Security experts blame "ransomware" for a cyber crimes that has money as the target. Ransomware is software that takes over and freezes up a computer system and all of its files. Then the attackers demand a ransom to get them back.
"Most attacks start with a simple link, a fishing email,” Lourens said.
What you can do to protect you and your company
Lourens said companies should run campaigns and educate their employees about these dangers.
“Set expectations that, if you don’t know how to look for suspicious emails, then you lose access until you pass certain tests,” he said. “So there would be a higher bar in terms of training and expectations for internal employees.”
Here’s what else you can do:
- Don’t click on suspicious email links. Instead, investigate. For example, if your bank says there’s an issue with your account, call your bank or navigate to your bank using its actual web address.
- Change your password frequently. Experts suggest every thirty days.
- Use separate and different passwords for your accounts
- Be smart about WiFi. If you’re in an area you’re not familiar with, be cautious. Criminals can set up seemingly legitimate public Wifi, but could then see everything you’re doing online.
- Consider using cybersecurity software.