Recognize Digital Risks
Learning Objectives
After completing this unit, you’ll be able to:
- Identify key scenarios that attract cybercriminal activity.
- Learn the risks associated with key events.
- List actionable measures for cyberthreat protection.
A Fan’s Cautionary Tale
In the excitement of a major global sporting event, Emma, an avid sports enthusiast, learned a harsh lesson in cybersecurity. While searching online for event merchandise and tickets, she stumbled upon what appeared to be an official website. It was, in fact, a sophisticated fake, part of a larger scam targeting fans like her around the world.
This website was one of many set up by cybercriminals to exploit the high spirits and lowered guards of fans during such events. Emma, unaware of the risks, entered her personal and payment details, only to later discover she had been tricked. Less than 24 hours after entering her details, Emma faced a drained bank account, the threat of identity theft, and a barrage of phishing emails. The breach of her personal data left her grappling with financial loss and the daunting task of securing her compromised digital identity.
Emma’s experience was not unique. As reported by Kaspersky, a leading cybersecurity firm, numerous fake websites and mobile apps are designed to steal money and personal information. These scams extended to compromised accounts for event access, malware-laden fake job applications, and even phony prize surveys spread through social media and messaging apps.
Emma’s story is a stark reminder of the ever-present cyberthreats that accompany major gatherings, highlighting the importance of vigilance and caution. As high-profile occasions draw global attention, they also attract cybercriminals looking to capitalize on the excitement and volume of online activity. It’s a scenario that repeats with each major event, underscoring the need for constant awareness in our digital interactions.
Key Events
In the global digital economy, there are various periods throughout the year that trigger elevated cyberthreats due to behavioral changes among businesses, consumers, and cybercriminals–emphasizing the need for heightened vigilance and cybersecurity measures.
During these key events, businesses typically intensify online marketing, services, sales, and discounts while consumers often increase online engagement and transactions. Cybercriminals become more active in exploiting these behavioral changes, elevating the risk of targeted cyberattacks.
These key events include periods like tax season, elections, major sporting events, back-to-school periods, and emergency situations. These situations are particularly appealing to cybercriminals for several reasons:
- Tax season: With vast amounts of personal and financial data being exchanged, tax season is a goldmine for identity thieves and scammers specializing in phishing attacks. The urgency and complexity of tax filings creates an environment open to exploitation.
- Geopolitical Activity: Politically motivated hackers and state-sponsored groups often capitalize on election periods, international negotiations, diplomatic relations, economic sanctions and other situations involving global politics and international relations. Along with attacks on critical infrastructure, they use tactics like targeted social media campaigns to spread misinformation, disrupt political processes, or sway public opinion.
- Major sporting events: These events attract a mix of opportunistic scammers and organized criminal groups who exploit fans' desire to bet on their favorite teams, buy event-related merchandise and stream the game online. In response to fans’ enthusiasm, criminals set up fake betting sites, sell counterfeit merchandise, and fake apps that claim to offer live streaming of the event.
- Back-to-school online shopping: Ecommerce fraudsters increase their activity during this period, setting up fake retail websites and conducting credit card fraud to exploit the surge in online shopping.
- Emergency situations: In times of crisis such as natural disasters, public health emergencies, and humanitarian crises, emotional manipulation becomes a tool for cybercriminals, who often pose as charity organizations. This kind of environment, where people feel compassion and empathy, creates opportunities for scammers looking to launch fake donation drives or relief fund campaigns for their own financial gain.
- Technology launches and trade shows: Technology launches, and trade shows are hotspots for industrial espionage and data theft. They present opportunities for cybercriminals to access new, often unsecured, technologies, steal intellectual property, and gather personal data from attendees.
- Holiday season: The holiday season (for example, Black Friday, Cyber Monday) is a bustling time for shoppers and, consequently, a prime period for cybercriminals. The surge in online transactions and the quest for the best deals creates a perfect storm for credit card fraud and ecommerce scams. Cybercriminals exploit the high volume of shoppers by manipulating them into revealing sensitive information or making purchases on fraudulent sites.
- Business and Brand Failure: The collapse or failure of a large business or recognized brand, whether it’s a financial institution, retail giant, travel company, or a notable entity in another sector, presents an opportunity for cybercriminals. They exploit the increased engagement and online transactions that occur as customers, anxious about their personal savings, investments, or pending deliveries of goods/services seek information and solutions. In this heightened state of activity, anticipation, and concern, individuals become more susceptible to cyberthreats like phishing and fraudulent websites.
Each of these situations attracts a particular kind of cybercriminal, from solo opportunists to well-organized advanced persistent threats (APTs). Understanding the specific risks and types of adversaries associated with each event can empower individuals to better prepare and respond to these cyberthreats.
The following scenarios explore how individuals from different walks of life may encounter and respond to cyberthreats during these critical periods, painting a vivid picture of the vigilance required in our digital age. For each scenario there are also suggested cybersecurity technical defenses to help you navigate those situations.
Scenario
| Cyber Defenses
|
|---|---|
Tax Season: John’s Close Call with Phishing
John, an accountant, was very busy during tax season. One afternoon, an email popped up in his inbox, supposedly from the IRS, urgently requesting sensitive client information for an audit. John scrutinized the sender’s email and discovered it was a clever forgery. His vigilance prevented a potential compromise of his client’s data.
| Enable built-in phishing and malware protection in your operating system. Use an email security solution to identify and block phishing attempts. Implement DMARC on your email domain. |
Election Periods: Emily’s Brush with Misinformation
As her community buzzed with the excitement of the upcoming local elections, Emily, a politically active citizen, encountered a barrage of inflammatory social media posts about a candidate’s potential involvement in a scandal. Before commenting on the post or sharing the information, she investigated the information and found that the post was part of a larger misinformation campaign. This tactic is increasingly employed to sway public opinion. She neither commented on or shared the post in an effort to hinder the spread of this misinformation.
| Install browser extensions for fact-checking and misinformation detection. Use a news verification tool to vet the credibility of information sources. Protect your social media accounts with strong passwords and 2FA to prevent account takeover. |
Major Sporting Event: Alex’s Bet Gone Wrong
Alex, a sports enthusiast, eagerly anticipated the World Cup. Drawn by excitement, he ventured into online betting, an activity known for increased scam activity during big competitions. He chose to place bets on a site offering attractive odds. Unfortunately, his excitement turned to dismay when he discovered unauthorized charges on his card. It was a hard lesson about the prevalence of fraudulent betting sites and malicious streaming services during major sporting events.
| Ensure firewall settings are configured correctly to block untrusted connections. Use a VPN service with strong encryption for secure browsing. Use a DNS filtering service like to prevent access to known malicious websites. Check the likely legitimacy of a website before accessing it. |
Online Shopping: Samantha’s Misadventure
Samantha, a mother of two, embraced the convenience of online shopping for back-to-school clothing supplies. She stumbled upon a seemingly perfect store offering significant discounts. However, joy turned to frustration when she received counterfeit products while some items didn’t arrive at all. This experience was a wakeup call for Samantha about the risks of online shopping, especially during high-traffic seasons like back-to-school.
| Set up safe browsing measures, including secure search settings. Use online shopping protection tools that rate websites according to their safety. Check the legitimacy of a website before accessing it. |
Emergency Situations: Laura’s Discerning Eye
In the aftermath of a devastating hurricane, Laura received an email from a charity seeking contributions. She decided to donate, but rather than acting immediately, Laura’s careful research revealed the charity to be a scam. Her diligence in verifying the legitimacy of charities, particularly during emergencies prevented her from falling prey to such exploitation.
| Activate email filters to sort out potential spam and phishing emails. Use charity validation tools to verify nonprofits. Use a website checker to validate a site’s legitimacy. Use a DNS filtering service to prevent access to known malicious websites. |
Technology Launches: Anita’s Misstep
At a high-profile tech launch, Anita, an engineer at a tech firm, connected to what she thought was a secure Wi-Fi network. However, it was a rogue hotspot set up by cybercriminals. They intercepted her communications, gaining access to confidential product designs and her personal credentials. This incident underlined the importance of using secure, verified networks and being cautious of digital interactions during such times.
| Enable network discovery and file sharing only in trusted networks. Use a personal hotspot as a safer alternative to public Wi-Fi. Use a VPN to create a secure tunnel to the internet. |
Holiday Seasons: Linda’s Vigilance
During the holiday shopping season, Linda, a cautious and informed shopper, was enticed by an online advertisement for a heavily discounted smartphone. The website prompted her to enter her credit card details for the purchase. Instead of hastily entering her information, Linda took time to scrutinize the website and noticed subtle discrepancies in the website’s URL and layout. She researched the website’s legitimacy and read online reviews, which revealed it to be a scam. Her proactive approach averted potential financial loss and identity theft, showcasing the importance of vigilance especially during high-risk shopping periods like the holiday season.
| Enable your antivirus software and ensure it’s up to date. Use a safe browsing tool to help validate the legitimacy of websites. Use a DNS filtering service to prevent access to known malicious websites. Check the legitimacy of a website before accessing it. |
These stories are more than just individual experiences; they’re a collective lesson on the importance of cyber vigilance. These encounters across different scenarios illuminate the diverse array of cyberthreats that we encounter every day. But these occurrences increase during specific times of the year when there are high-traffic online activities taking place and social engineering by hackers is more common.
By learning from their experiences, we can arm ourselves with the knowledge and tools to ensure our digital lives remain secure and our information safe throughout the year.
Resources
- External Site: Fortinet: ’Tis the Season for Cybercrime: What to Watch for and How to Protect Yourself
- External Site: World Economic Forum: From deepfakes to social engineering, here's what to know about elections, cybersecurity and AI
- External Site: Forbes: Holiday Season Increased Cyber Risks
- External Site: CISA: Election Security
- External Site: IRS: Tax Time Guide: Minimize cyber footprints, protect personal information online
- External Site: Kaspersky: What Are Scam Websites and How to Avoid Scam Websites
- External Site: Global Cyber Alliance: Global Elections Security Report
- External Site: Recovering a hacked account
