The Anatomy of a Cyber Crime: 10 Things to Know

No so many years ago, computer viruses and malware were the primary threats to our digital lives, crippling systems worldwide. Today, we face an even greater danger of being victimizesed by cybercriminals, often attributed to state-sponsored hackers from countries like China, Russia, and North Korea. These hackers are not only targeting governments but also businesses and individuals, launching ransomware attacks and other forms of cyber warfare. Most recently, municipalities, hospitals, universities are common targets – but so are utilities and government ministries that have fallen victims of cybercrimes – usually involving serious data security breaches. The reality is, however, that there is a rising number of small hacker groups, individuals, using their computer talents to perpetrate dastardly cybercrimes against unprepared companies and individuals for profit. Despite the frequent warnings from banks and authorities to protect our sensitive information, many of us feel defenceless. These criminals have been among us all along. Cybercriminals are not much different than the thieves of the past. Pick pockets and bank robbers, some petty criminals, some perhaps brilliant masterminds – only their contexts have changed. Cybercriminals may be faceless to their victims, but they are nevertheless criminals who have no qualms against taking the last penny in your account. In our extensive investigations and forensic analyses of cybercrimes, one thing comes across clearly: most incidents could have been prevented. A basic understanding of how scams operate could have stopped many Cyber Crime attacks in their tracks. But how exactly?

1. The Lure of Easy Money

Many cyber scams exploit simple greed. Fraudsters prey on individuals looking for extraordinary returns from too-good-to-be-true investments, especially in the cryptocurrency marketspace. Shockingly, investigations have found that unsuspecting victims have frequently given up their passwords, passed control of their computers and bank accounts through remote desktop platforms like “Any Desk” or “TeamViewer”, and, in some cases, bank pins and confirmation codes so that fraudsters posing as legitimate financial advisors could help those anticipating massive gains complete the transactions. Victims find themselves squeezed for more money with promises of unlocking the stuck commissions or returning invested capital that, of course, never materializes.

2. Passwords, Payment Frauds and Social Engineering

Other types of fraud involve criminals gaining access to company or personal email accounts. These hackers often spend months researching their targets on social media and other platforms, gathering enough information to deceive victims into handing over their login credentials. Weak or reused passwords make it easy for cybercriminals to breach accounts, especially if those passwords have been leaked from other sites. Using a simple password like “cherry21” or a birthdate and pets name can be cracked in a few minutes. Statistics gathered by researchers show that as many as 70% of people reuse passwords across sites. Strong, unique passwords are crucial, as is avoiding phishing attempts that trick you into revealing them. And more important is not using the same passwords on multiple platforms – a concept which many people find overwhelming. And considering that some people do, and others do not ‘get it’ are sometimes in the same company or collaborating on projects, the weakest link might be one of your colleagues who lets the cybercriminals into a system you believe to be very secure. Just to put it into context, according to Cisco, 86% of companies have at least user that has tried to connect to a phishing site.

3. Malware and Phishing Emails

Access isn’t always gained through passwords. Sometimes, it comes from malware delivered via phishing emails. These emails often mimic legitimate messages from trusted sources, tricking victims into entering their login details. Once inside, cybercriminals access files, emails, and other sensitive information, setting the stage for more elaborate scams or ransomware attacks. It is also not uncommon to see cyber criminals delete all evidence of them having been in the system.

4. Corporate Vulnerabilities Exploited: Cyber crime or Fraud?

Companies, like individuals, often lack even basic security features. They do not enforce strong passwords or two-factor authentication, for example. Some rely entirely on IT service providers who may not prioritize security or are paid only a minimum fee to respond to day-to-day problems. This negligence spreads vulnerabilities that savvy hackers love to exploit. Cybercriminals that detect these vulnerabilities might do any number of things to exploit the vulnerability. In many cases the weakness detected is a way in and it is sold on to those that willingly manipulate access to devise a fraud. Cyber criminals study a company’s business behaviour, its internal communications and business processes, its data protection levels, and security environment to devise a way to fool you into believing a scam.

The cyberattack is only the first step – but it isn’t usually even detected until a real fraud unfolds. Fraudulent transactions occur most often at critical moments, such as when a company is about to make a large payment or when a new relationship is created. Vulnerabilities in how information is shared, how payments are made, how authorizations and double checks are embedded in a company’s functions that are utilised. Recent examples of this are mind-blowing. Several companies have recently come to us after having detected attempts to divert wage payments or annual bonuses to employees – with hackers inserting fake communications to the finance or human resources departments of companies requesting that bank account numbers be updated or changed. With so many workers now situated in countries around the world, unsuspecting payroll assistants willingly make the changes only to find a few days or weeks later that the employee never received the payment. In other cases, the would-be thieves pose as a subcontractor requesting a bank account change or as a company manager instructing a special payment to be made or a confidential purpose. Weak payment procedures and the lack of fail-safes are the reason these frauds are successful – not because the cybercriminals were so capable. The realization of being scammed usually comes much too late, often when a payment discrepancy is noticed days later, but had the processes been in place, the scam would have been detected.

5. Responding to a Cyber crime and Dealing with Fraud.

When a scam is detected, time is of the essence. Victims must immediately inform their banks and the authorities. However, delays often occur as victims struggle to accept their fate, giving hackers more time to move stolen funds beyond recovery. They sometimes deploy complicated methods to ensure they don’t lose access to systems by embedding themselves in networks where they can remain undetected.
Experts need to be called in to secure data and secure access to the systems. Data will help make sense of what happened exactly and will be useful in trying to find a means to recover your losses as well as limiting further damage.

6. The Fate of Stolen Funds

Hackers often lack the expertise to directly access stolen funds, relying on intermediaries to launder money through complex networks of deliberately established fake companies and bank accounts. Cyber criminals take on these services just as you would employ the services of a lawyer or accountant. As ridiculous as it may seem, business services for crime syndicates are essential to establishing networks involved in setting up company accounts in foreign countries and moving funds rapidly away from the source. Facilitators and even corrupt banking employees are sometimes a part of these schemes – each taking a commission for their role in moving the money along.

7. Can Police Help?

In most cases, law enforcement can help and thus they should be made aware of the matter. But there are limits to what police can effectively do as their actions are often slower than one would like, and resources are limited and sometimes near overwhelmed. In countries like the US and UK, the police have set up external organizations that are there to record complaints – but in many situations, you won’t get more than an acknowledgement of your complaint. The other challenge is posed by the complications of law. So individuals or companies may be duped into sending money to crooks off their own systems, but the fraud is often involving multiple countries and thus are going to involve multiple policing agencies. One agency might look at the specifics of what happened on your computer, whilst others will be interested in understanding the laundering of the funds. As these funds rapidly cross multiple borders in most cases (many of the funds ultimately ending up as far away as Hong Kong or some offshore jurisdiction), a policing agency is limited in what it can effectively do – and more interested in toppling the ring of criminals than they can be in getting your funds back.

8. What Can You Do?

If you’ve been scammed, quick action is crucial. Notify your bank immediately; they may be able to freeze the funds if you act quickly enough. Law enforcement might also be able to act if alerted promptly. For companies, a thorough forensic investigation can reveal what went wrong. Digital logs and email analyses can uncover how the breach occurred and identify negligence or policy failures. In some cases, there may be companies and people that may be held accountable for security lapses that lead to successful cyber crimes being carried out at a firm.

Assigning Responsibility?

Rather than just consider your IT system as the main line of defence, consider how other aspects of your operations can be resilient against the risks I have described here. For example, have you thought through whether your payment process is really capable of thwarting a scam? If Judith in accounting receives a fake email from you instructing her to make a payment urgently, will she question it? If Tom in service receives a new invoice from a subcontractor to approve, will he know how to check the payment details? Should your IT provider be expected to have detected a cybersecurity breach before if comes to other procedures catching the fraud?

Beyond this companies should ensure that their data and systems are being managed professionally. What are the responsibilities of your IT provider, for example, and is that adequate for the level of risk they manage? Are they insured? Are you insured? Would your cybersecurity insurance be invalidated by any of the functions within the company? Do you carry directors’ and officers’ insurance? Some of the latter come with riders that extend to cyberattacks.

Have you considered if you are using the most recent versions of software for your phones or computers? Are your employees who are using their own computers or phones?

9. Can you get your money back?

In some cases, there are methods available for getting your money back – these change from country to country. Rapid response is critical if the funds are to be arrested in flight – but sometimes there are other means. Cryptocurrencies can be traced, and, in some jurisdictions, we have seen success in using courts to freeze coins in the exchanges they are traced to. In other forms of fraud, we have had success working with law enforcement who have caught funds and returned them to their rightful owners whilst in other matters we have been able to assign responsibility for the cyber-attack to service providers or other subcontractors that have acted with negligence.

10. How do our professionals help in Cyber Crime cases?

While cyber crime is increasingly sophisticated, understanding the anatomy of cyber crime can help us better defend against them. By staying informed, using strong passwords, and implementing robust security measures, both individuals and companies can significantly reduce their risk of falling victim to these pervasive threats. It’s also critical to think through who holds responsibility for securing a company system – are your contracts up to the task? Does your company consider risks to your business regularly? Do you require your management members to participate in actively considering how effectively your policies or procedures are able to thwart a fraud? Are you or your service providers insured adequately? Adequate consideration of risk allows companies and individuals to consider and plan for possible attack scenarios – which also provides a wider scope for acting to indemnify against the costs such a threat poses.

Ask experienced advisors to speak to your team or to assess your digital hygiene – get a stronger view or where your vulnerabilities are and how to address them. If you’ve been defrauded, don’t waste any time. Get help immediately. Secure your data as quickly as possible.

Investigators – sometimes judicial experts (igazsagugyi szakerto) – are essential in establishing the facts of the matter. The smallest details are sometimes critical in establishing the truth and thus assigning responsibility – forensic experts.

Author: Nicholas Sarvari
Managing Director, CNS Risk Ltd.