Cyber fraudsters ditch big money hauls for ‘silent stealing’
Written by James Orme Mon 22 Feb 2021
Hackers targeting remote workers, landing more but smaller hauls, according to the Royal United Services Institute
Cyber fraudsters are switching from big money scams to con people out of as little as £10 on a massive scale in a phenomenon dubbed “silent stealing”, a new report warns.
The Royal United Services Institute (RUSI) think tank paper said criminals are “going down market”, as they shift from defrauding large amounts from businesses to target those working from home.
Individual victims are less likely to report the loss of a small sum of money, while it is difficult for police and banks to know whether they are dealing with a single fraud or a big criminal operation worth millions of pounds, according to the research.
“There’s a working hypothesis that criminals are going down market,” the report published on Monday says.
“Yes, trying to steal £10 million from a bank is an option, but stealing £10 a hundred thousand times is going to give you a good return and probably go below the radar.
“Are you going to call Action Fraud or your bank in the case where you lose £10?”
Sneha Dawda, one of the authors, said silent stealing has become so popular because the high level of breached data available online makes it easy for criminals to buy people’s personal details and use them for fraud.
She warned people to be careful what they share online, with fraudsters employing social engineering techniques, which use that information to craft personal phishing emails to trick recipients into handing over their details.
“It’s probably down to a lot of awareness of the individual that they can identify a phishing email when they see one, that they double check before they click on links, that they don’t enter their login details when they’re even remotely suspicious that it’s not secure,” she said.
“It’s really about checking, checking and checking again before you do anything like giving out your details because cyber breaches are constantly happening, they expose a lot of information and simple things like a password manager and having unique secure passwords for each account that you have will minimise that risk of cyber criminals being able to take advantage of multiple accounts.”
RUSI last month warned fraud has reached “epidemic levels” and called for the crime to be prioritised as a national security issue with a greater role for the intelligence services.
Its latest report, entitled The UK’s Response To Cyber Fraud: A Strategic Vision, said cyber fraud in the UK “is rampant, costing millions of pounds and leaving victims in its wake”.
The authors said the Covid-19 pandemic and the shift to home working has exposed the country’s vulnerability to the crime.
In a survey of 180 people – including law enforcement representatives, financial services personnel, academic researchers, cyber security experts and intelligence analysts – some 70% said the increase in remote working has not been matched by increased efforts from businesses to improve their cyber security.
Ms Dawda said people are more reliant on household devices, which do not have the same level of security, while some people in the home may not be as rigorous with online safety measures.
“Because of the coronavirus pandemic we’re currently going through huge economic insecurity as a society. Cyber fraudsters, on the other hand, have cashed out,” she said.
“They rapidly pivot to the crisis or topic of the day, from toilet rolls to PPE to coronavirus cures.
“Cyber fraudsters have used the pandemic to prey on vulnerable people using their fear against them.”
The report calls for a more coordinated response to cyber fraud, with stronger Government leadership, and says fighting the crime is hampered by “inefficient” sharing of information between law enforcement agencies and the private sector.
“Government authorities, law enforcement agencies, financial institutions, private sector industry associations, and cyber security and technology companies all hold information relevant to the detection and investigation of cyber fraud, but have no effective way of pooling it together,” it says.
The authors make 11 recommendations, including a focus on arrests and prosecutions only when there is a realistic chance of securing convictions or recovering the proceeds of crime, and that the National Crime Agency should publish comprehensive guidance for private firms on how they can help law enforcement.
Written by James Orme Mon 22 Feb 2021