Search

 

How fraudsters commit cyber crimes?

Economou & Economou Law Office > Blog  > Technology Law  > How fraudsters commit cyber crimes?

How fraudsters commit cyber crimes?

We answer to your most frequent questions regarding electronic – banking frauds

In which way the scammers manage to empty your bank accounts?

You must first have the depositor’s login codes in order to access their electronic banking account. Moreover, the fraudster requires the one-time password in order to move the depositor’s funds from his account to an account owned by a third party. The criminals use social engineering and phishing as their two main techniques to obtain all the information mentioned above. The perpetrators typically obtain the login codes by sending us false emails or texts pretending to be the bank we do business with, requesting that we click on a link that will take us to a website that looks and feels like the bank. We unknowingly provide our passwords to the offenders because we believe, mistakenly, that we have accessed our bank’s online banking system. Regarding the one-time password, if the criminals have our passwords and have used them to access our e-banking account in the way mentioned above, they enter it and substitute their phone number for the mobile number we gave them to get the password. This allows the thieves to get the one-time code on their own phone and finish the transaction without being noticed. They employ social engineering techniques, such as manipulation, in various situations.

Do the banks provide us safety?

Regretfully, it seems that banks added the option of e-banking to their traditional services at the start of the second millennium without considering the risks and challenges that were lurking. This was likely done primarily for reasons of long-term profitability (fewer transactions at the cash desk, fewer branches, and fewer employees), but also for reasons of transitioning to the electronic age and harmonising with it. Since the advent of digital technology, criminals have been better prepared, more knowledgeable, and more adept at spotting holes in banking systems. As a result, they have successfully taken advantage of e-banking structures, which, in terms of cybersecurity, are stuck in the year 2000. However, we also cannot deny that banking institutions are intricate, maze-like establishments with hundreds of intricate procedures. Making snap decisions and carrying them out thus appears to be an extremely challenging task. Because of this, we must prioritize our own safety and eradicating our lack of digital literacy by staying informed. We act and use applications, programs, and platforms that we are not fully aware of with caution, and we treat our electronic wallet with the same seriousness as we would our physical wallet.

I got a call from Microsoft and was told that my computer is infected and is causing problems for other users. They urgently ask me to give them access to my computer, via a remote help program, to fix the problem. What should I do?

Urgency is a crucial manipulation tactic used by those who would harm us to convince us to do what they recommend. The goal of persecutors is to put us in a stressful situation where we are unable to think clearly and make the wrong decisions. They do this by threatening us with immediate danger (in our case, an infection on our computer that will spread to other users and we must fix it immediately). There is one thing we know for sure: if we value the integrity and privacy of our personal information, we should never, ever allow unauthorized users access to our computer system. If someone has the right tools, they could access our computer system and use them to either obtain our personal information without our knowledge or install malware (keyloggers) without our knowledge, which records everything we type and gives the criminal access to all of our personal data.

What are the first steps to follow after someone hacked one of my devices?

If we realize that one of the above devices has been compromised, first of all we must disable it, then disconnect it from any network or other device that may be connected and finally contact qualified technicians.

How can i protect my home network

Creating a wired network and connecting our computer system to it is the most secure way to protect our home network. That is to say, a wire, or cable, should be used to connect our computer system to the provider’s router. The reason is that wired networks are advised because most people lack the necessary skills to set up a secure wireless network (wi-fi). If not, we can contact licensed technicians who are highly skilled in setting up secure wireless networks.

Can I fall victim to a social media (Facebook, Instagram, Tik Tok) scam?

We can always fall victim to online fraud from any website or social media. We must always be on our guard, take our activity in the digital world very seriously and never act carelessly, hastily or with automated movements.

Are there breaches that can be done in smart homes eg system hacking and lead to losses? What should I do to protect myself?

An electronic device instantly becomes a potential target for cybercriminals the moment it is connected to the internet (the “Internet of things”). Should a skilled criminal succeed in breaching our home network’s router, they will be able to take over all connected electronic devices and utilize their unique characteristics to their benefit. He could, for instance, activate the camera and microphone on our “smart” TV and record every conversation if he manages to take control of it. Because of this, we seek the assistance of certified technicians, establish a safe home network, and gather comprehensive knowledge about the features and functionalities of every gadget we wish to link to the Internet.

I work in the accounting department of a large corporation. What should I watch out for?

Whether we work in the accounting department of a company or in any other position or department, from the moment we exchange confidential company information with other colleagues through e-mails, we must be able to distinguish a fake message or post. Of course, especially for people who work in accounting and come into contact with electronic payment systems, they should be constantly informed about new sophisticated phishing techniques used by cyber criminals.

I clicked on a phishing link but did not provide any personal information. Is it possible for my information to be stolen just by opening the link?

It’s almost impossible to get your personal data stolen if you don’t give it out yourself, just because you opened a link. Even for the possible installation of some malicious software, you will be required to download a file that will be indicated to you. Never click on links sent via viber, whatsapp, messanger, sms or any other messaging app from unknown accounts or contacts.

They took money from my bank account. I immediately informed my bank but the money was lost and the bank denies any responsibility. What can I do?

When this happens, victims typically dispute transactions and file a complaint with the Cybercrime Unit. Meanwhile, the bank almost never takes responsibility for any errors or faults, this is either because it needs time to look into and evaluate its potential liability or because it cannot afford to fully compensate all of its customers who are routinely the victims of fraud of this kind. In order to avoid acting alone without sufficient legal support, you should speak with a cybercrime lawyer who is experienced in handling cases of this nature and who can advise you on how to pursue compensation from the banks.

Do I really have to have e-banking? From what I can see, most of the fraud is done through the online banking and card system.

We are currently experiencing the so-called digital revolution, the transition from engineering to digital technology. Our world is not going backwards and therefore continuous progress and development in the field of digital technology is a given. Therefore, denying this change will lead us nowhere but to marginalisation. The solution is to come to terms with reality and start keeping up to date with technological developments on a daily basis. The more knowledge we gain about technology, the less fear we will have about using it.

Why should I contact a lawyer, even a specialized one, since I can go straight to the Cybercrime Prosecution and file a complaint?

This service is undeniably producing great work and is a major tool in the fight against cybercrime. However, approaching the agency in question and making incomplete complaints on our own will lead our case mathematically to the wastebasket and the pointless employment of its human resources. Of course, we will have the same result if we turn to a lawyer who is not specialized in cybercrime and has no substantial experience with the subject.

How do I know that I have found a qualified lawyer in such a new field?

Regretfully, there’s no reliable way to find out. There are some colleagues who are trying to enter this market knowing that they lack the necessary knowledge to successfully defend their clients’ interests and meet the challenges of this particular subject matter. On the one hand, there are young colleagues who, despite having specialized in the field, lack the necessary friction and practical knowledge about the management of such cases. A lawyer and client have a relationship based on confidence and trust. You will select the lawyer who will handle your case, just as you will select the physician who will perform surgery on you.

How to protect your bank account from fraudsters?

Greek consumers of digital services appear to favor exceedingly simple passwords, which makes it simpler for “malicious” users to access the information and services they use.

This is at least according to NordPass’s annual study. NordPass is a service that manages and stores passwords. In particular, the survey found that “admin” was the most widely used password in the nation in 2023. This password is commonly used on corporate networks, which is obviously not the best course of action for a company that wants to safeguard its data and prevent malicious attacks. The password is an acronym for the English word administrator. However, according to NordPass, the cause is probably because using predefined passwords—like “admin”—is becoming more and more popular worldwide.

Aside from admin, the majority of the 20 most popular passwords are simple words like user and password, as well as numerical sequences like 0123456689, 12345, 12345678, 1234, 000000, 111111, 1234567, 11223344, and 1234567890. A1B2C3D4E5 and 1234qwer were two of the most “difficult” passwords on this list, perhaps. It should be noted, though, that numerical sequences are widely used worldwide, and it’s not just Greeks who don’t use slightly more complicated passwords to make things a little harder for hackers to crack. Similar numerical sequences make up nearly a third (31%) of the most widely used passwords worldwide.

It’s a little surprising that katerina, giorgos7, kalamata, and nikos12345 are among the most popular passwords in Greece, as one would assume maria would be just as well-liked. Naturally, the use of one’s name as a password is widespread throughout the world. “Carl0s” is used in Spain, and “vytautas” is commonly used in Lithuania.

When using less robust codes?

According to the survey, people who use streaming service accounts have the weakest passwords. Financial accounts, on the other hand, require the strongest passwords.

Researchers at Nord Pass examined a 6.6 TB password database taken from a variety of malicious stealing software programs, which experts believe pose a serious threat to cybersecurity, in order to discover the passwords that users of various platforms use.

Because malware attacks leave a lot of personal information about their victims in their logs, they are especially dangerous. Malware, for instance, can obtain cookies from websites and autocomplete data, as well as information stored in your browsers such as passwords and other credentials. It can also take files and system data, like the IP address or operating system version, from the victim’s computer.

Tips

As for what we should do as users, according to NordPass, first of all we should create long and complex passwords. A password that is easy to guess is equivalent to an unlocked door to a house, so it is recommended to use passwords with at least 20 random characters containing upper and lower case letters, symbols and numbers.

NordPass also suggests that you avoid storing your secret passwords in your browser and use a password manager. As malware theft attacks target credentials in browsers, third-party password manager software is considered the safest option for storing credentials.

Still, one suggestion is to start using password keys. An increasing number of websites now offer the option of accessing accounts with passwords instead of passwords. While passkeys will not yet fully replace passwords, they are certainly the future in the authentication process, according to NordPass.

The most important thing, however, is to stay vigilant. To protect yourself from malicious theft software, pay special attention to anything you download to your computer. A malware is often distributed through phishing messages and other similar “fake” messages.

For more information or if you have a question not mentioned here, please contact us at econlaw@live.com or at (+30) 210 3603824 to assist you.

No Comments

Leave a Comment