A report from Armour Intel — a global security network of over 15,000 professionals offering private intelligence, deep due diligence, protection, reputation management, response to fraud, cybercrime and asset recovery.
When Jürgen Stock, the Secretary-General of INTERPOL says “Cybercriminals are developing and boosting their attacks at an alarming pace,” he is referring to the rapid global metamorphosis in the sophistication, scale, and organization of cybercrime, accelerated by Covid and the online work culture. Cybercrime is now estimated to be a $6 trillion+ business, with businesses falling victim to ransomware every 11 seconds.
The image of the nerdish hacker working alone on his laptop is a thing of the past. These days, criminals use automated servers to download stolen data and manage their malware. Cybercrime is conducted by sophisticated and ruthless criminal networks advertising and conducting multi-million-dollar businesses with impunity, from the anonymity of the dark web.
Any kind of expertise or access is available at a price. ‘Initial access brokers’, or IABs penetrate networks and sell access to the highest bidder. Other criminal organizations reflect conventional business practices, bringing in new recruits on an “affiliate” basis. In this world, SaaS (Software as a Service) becomes Raas (Ransomware as a Service), complete with everything from tech support to a range of payment options. This accessibility only serves to proliferate the problem to a new generation of bad actors.
Your computers, your phone, your car, your bank and credit card purchases, even your smart home devices and alarm systems (IoT) are all vulnerable to hacking. Anyone who uses online services, whether to make investments, conduct company business, cruise dating sites, monitor visitors with their ‘smart doorbell’, or just chat to friends on Facebook needs to be aware of the nature of online risk and to take robust measures to protect themselves.
In this report, Armour Intel looks at some of the most common dangers, discusses the actions you can take if the worst happens, and offers advice on how to prevent it from happening in the first place.
INVESTMENT FRAUD
It is in an investor's nature to be always on the lookout for tips on forex, CFDs, binary options, stocks, cryptocurrencies, etc. Have you ever been cold-called — or messaged — out of the blue by a high-pressure salesman pitching a great deal? If so, you may have been targeted by a ‘Boiler Room’ scam — one of the most common types of investment fraud.
Boiler room scammers (so-called due to the busy call centers from which they traditionally operated) often present themselves as trusted influencer or representatives of an established company. There may even be a real verifiable deal to be had — but rest assured, if you fall victim to this scam, your funds will be diverted elsewhere. As soon as you and your investment have parted company, the salesman will cease contact.
Armour Intel advice -
- Never be rushed into a decision
- Check the legitimacy of the company, trading platform, or exchange, and the caller
- Be wary of any types of cold calls
- ‘Systems’ such as signal sellers or robot trading — are often scams. Be especially careful of system sellers offering programs at exorbitant prices justified by a guarantee of phenomenal results.
CRYPTOCURRENCY
Cryptocurrencies are a particularly high-priority target for criminals — whether hacking your personal wallet or the exchange itself. When the Japanese cryptocurrency exchange, Liquid, was hit this year, its digital currency wallets were compromised enabling the hackers to transfer $97 million worth of digital coins belonging to customers. In the same week, $600 million digital tokens were stolen from Poly Network, a decentralized finance firm.
How can you stay secure when investing in crypto?
Armour Intel advice -
- Set up a completely new email address (with a complex password) to be used only for your cryptocurrency account.
- Enable two-factor authentication (using an authenticator app rather than the SMS option)
- Spread investments across more than one exchange and consider storing cryptocurrency offline in “cold wallets” (more secure as they are unconnected to the internet).
- Regularly scan your devices for malware
- Don’t talk publicly about your crypto or online investments on social media
COMPANY SECURITY AND EMPLOYEE PASSWORD PROTOCOLS
(a chain is only as secure as its weakest link!)
Human error and poor awareness are the most common causes of company security breaches.
90% of Americans use their personal computer for work. Any time one of those employees connects their personal computer to unsecured public wifi, company information is put at risk. Many people also use the same passwords for work and personal purposes. Database breaches on popular sites such Facebook, Equifax, Yahoo, and Pornhub have exposed millions of users to malware and compromised information and passwords — which are shared and sold on ‘onion sites’ on the dark web.
The financial cost of knock-on GDBA breaches of customer information when company security is then penetrated has reached an all-time global high — $8.64 million in 2020 in the United States alone, according to the Ponemon Institute. Companies need to get much better at protecting and destroying personal customer data (names, addresses, opinions, credit card information). Cyber security should be seen as the responsibility of all employees (including senior management and executives) not just the IT department. In fact, senior executives are arguably more likely to travel and access insecure networks more frequently.
Armour Intel advice -
- Educate everyone in your organization and update them regularly on the dangers of cybercrime.
- Use unique and complex passwords for company accounts and change them regularly
- Security software measures (firewalls, anti-virus, anti-spyware and anti-spam filters) are .no longer enough. Keep employee and customer data safe by adding a Cloud VPN — enabling employees to safely access your business network via an encrypted connection at all times, wherever they are in the world.
- Teach your employees what to look out for online. For example -
- Phishing Emails — require the victim to log in - revealing passwords, or exposing the system to malware.
- Fake URL giveaways = a small typo or unusual symbol in a URL can indicate that it is a bogus site aimed at obtaining personal information.
- Use DNS filtering to block access to websites known to be dangerous. Prevention is better than cure!
WHAT TO DO IF THE WORST HAPPENS
Whether you are a large conglomerate hit by malware, the victim of a boiler room fraud, or an individual investor whose crypto wallet has been hacked — one piece of advice holds true: if the worst happens, you need to act fast!
Armour Intel advice -
- Change your passwords immediately
- Scan your devices for malware
- Call your bank and the authorities to make them aware
If it’s a cryptocurrency issue, contact your service provider about the fraudulent transactions. They may have information about the transaction that could come in useful in an investigation - Get specialist help from a company such as Armour Intel to follow the money!
One of the problems faced by victims of this kind of fraud is that the perpetrators are often based in far-off countries. Police in the victim’s own country are powerless to act globally and official channels in the country of the criminal can be disinterested in foreign victims or near impossible to access.
Armour Intel is the intelligence arm of an already well-established global security entity. Our point of difference is that we leverage an existing network of over 17000 security and cyber intelligence professionals in 100+ countries. Our agents have served at elite levels of the military, police, and intelligence sectors, giving us a uniquely powerful network of resources.
DAMAGE CONTROL AND REPUTATION MANAGEMENT
If the worst has happened, and company and/or personal reputations are fatally compromised, there are still measures that can be taken. Electronic trading website Enron vanished in the wake of a public relations backlash. However other giants like BP, Wells Fargo, and United Airlines have survived public relations catastrophes, albeit with costs.
While you cannot control what the public thinks, you can control what they see online. The emergence of online communication platforms has made reputation more delicate. Bad reviews, gossip, and bad press, now reach thousands, even millions of people in the blink of an eye, and entities like Google, Yelp, and Youtube are the new arbiters of public reputation.
Whether you are an international conglomerate or a high-profile individual, reputation management — clearing the way for positive messages to take effect — is an essential element for success.
Armour Intel advice -
- Companies can contain negative feedback from customers to some extent via techniques such as offering a forum, within which complaints can be vented, responding constructively to reviews, etc.
- While negative stories on third-party platforms — cannot usually be removed entirely, you can push down harmful content, with new positive content, thus mitigating the impact of negative or outdated search results.
- If you are serious about reputation management, hire experts such as Armour Intel. The top-ranking search result on average gets about 31% of traffic, the second gets 16%, and the third gets 10%. By the time you get down to the eighth slot, you’re talking about 1.7% of traffic. However, to get content to outrank negative stories is a lengthy process, requiring specialist SEO expertise.
FINAL WORD
Never underestimate the vulnerability of your online reputation, or your information and assets. If you have been a victim of cybercrime, need to trace stolen funds, or require preventative advice about cybersecurity or private intelligence services, contact Armour Intel.