Cyber Security
Exploiting trust â the billiondollar criminal industry
I By Elliot Dellys
t has been almost two years since your last message to each other when an old friend emails you out of the blue. They are stuck in an airport on the other side of the world with no cash, no reception, and no-one else is responding. If you could send through $50 to cover an immigration fee, they will tell you all about it when they are back home. Despite some initial scepticism, you know they have been overseas from the endless stream of holiday snaps, so you decide to help them out and wire them the cash. The only problem is that instead of helping a friend in need, you have just put $50 into the pocket of a cybercriminal. It may sound absurdly simple, but social engineering scams just like this cost Australians $489 million in 2018 while globally, losses from scams exceeded an eye-watering US$2.7 billion in 2018 . The number and types of scams doing the rounds at any given time to steal money or sensitive data are sobering. Some are highly sophisticated; others are less
44 | Australian Cyber Security Magazine
advanced. Some are mass-market scams. Others, like our stranded friend example, rely on knowing a little about whom we are, picking an opportune moment, and exploiting our trust. The first part is easy. By leveraging information that people post publicly about themselves online (think Facebook, Instagram, LinkedIn, and Twitter), cybercriminals can put together a convincing story in no time. Take ACME Corporationsâ CFO, Jane Doe, who is about to go on leave and posts on LinkedIn: âOff to Thailand next week, looking forward to some relaxation!â A cybercriminal takes note. Finding the opportune moment more closely resembles a magicianâs sleight of hand than a technological attack. Since Ms Doeâs post, our cybercriminal has done their homework. They have set up an email address that looks very similar to Ms Doeâs and have kept track of the tone and content of her social media feeds. When Ms Doe posts âTime to board!â, our attacker springs into action.
