With the advent of the digital age, crime has steadily migrated from dark alleys to cyberspace, creating an entirely new type of criminal enterprise that thrives on technology. The adage that "crime doesn't pay" once seemed so absurd to me; now that it stands in stark contrast with the reality of cybercrime, which has evolved into a lucrative and relatively safe form of illegal activity that is also relatively risk-free.
While traditional crime attracts a greater degree of exposure and punishment, cybercriminals enjoy relative impunity. There is no question that they exploit the gaps in digital security to make huge profits while suffering only minimal repercussions as a result.
A study conducted by Bromium security firm indicates that there is a significant underground cyber economy, with elite hacker earnings reaching $2 million per year, middle-level cybercriminals earning $900,000 a year, and even entry-level hackers earning $42,000 a year.
As cybercrime has grown in size, it has developed into a booming global industry that attracts opportunists, who are looking for new opportunities to take advantage of hyperconnectedness.
Several deceptive tactics are currently proliferating online, but one of the most alarming is the false message "Hacker is tracking you".
Many deceptive tactics are being used online these days. Through the use of rogue websites, this false message attempts to create panic by claiming that a hacker has compromised the victim's device and is continuously monitoring the victim's computer activity.
There is an urgent warning placed on the victim's home page warning him or her to not close the page, as a countdown timer threatens to expose their identity, browsing history, and even the photos that they are alleged to have taken with the front camera to their entire contact list.
The website that sent the warning does not possess the capability to detect threats on a user’s device. In fact, the warning is entirely fabricated by the website. Users are often tricked into downloading or installing software that is marketed as protective and is often disguised as anti-virus software or performance enhancers, thereby resulting in the download of the malicious software.
The issue with downloading such files is, however, that these often turn out to be Potentially Unwanted Applications (PUAs), such as adware, browser hijackers, and other malicious software. It is often the case that these fraudulent websites are reached through mistyped web addresses, redirects from unreliable websites, or intrusive advertisements that lead to the page.
In addition to risking infections, users are also exposed to significant threats such as privacy invasions, financial losses, and even identity theft if they fall victim to these schemes.
Secondly, there is the growing value of personal data that is becoming increasingly valuable to cybercriminals, making it even more lucrative than financial theft in many cases.
It is widely known that details, browsing patterns, and personal identifiers are coveted commodities in the underground market, making them valuable commodities for a variety of criminal activities, many of which extend far beyond just monetary scams.
In a recent article published by the ethical hacker, he claimed that such information could often be extracted in only a few clicks, illustrating how easy it can be for an unsuspecting user to be compromised with such information.
Cybercriminals continue to devise inventive ways of evading safeguards and tricking individuals into revealing sensitive information in spite of significant advances in device security.
The phishing tactic known as “quishing” is one such technique that is gaining momentum. In this case, QR codes are used to lure victims into malicious traps.
It has even evolved into the practice of fraudsters attaching QR codes to unsolicited packages, preying upon curiosity or confusion to obtain a scan. However, experts believe that even simpler techniques are becoming more common, entangling a growing number of users who underestimate how sophisticated and persistent these scams can be.
Besides scams and phishing attempts, hackers and organisations alike have access to a wide range of tools that have the ability to track a person's movements with alarming precision. Malicious software, such as spyware or stalkerware, can penetrate mobile devices, transmit location data, and enable unauthorised access to microphones and cameras, while operating undetected, without revealing themselves.
The infections often hide deep within compromised apps, so it is usually necessary to take out robust antivirus solutions to remove them.
It is important to note that not all tracking takes place by malicious actors - there are legitimate applications, for example, Find My Device and Google Maps, which rely on location services for navigation and weather updates.
While most companies claim to not monetise user data, several have been sued for selling personal information to third parties.
As anyone with access to a device that can be used to share a location can activate this feature in places like Google Maps, which allows continuous tracking even when the phone is in aeroplane mode, the threat is compounded.
As a matter of fact, mobile carriers routinely track location via cellular signals, which is a practice officially justified as a necessity for improving services and responding to emergencies.
However, while carriers claim that they do not sell this data to the public, they acknowledge that they do share it with the authorities. Furthermore, Wi-Fi networks are another method of tracking, since businesses, such as shopping malls, use connected devices to monitor the behaviour of their consumers, thus resulting in targeted and intrusive advertising.
Cybersecurity experts continue to warn that hackers continue to take advantage of both sophisticated malware as well as social engineering tactics to swindle unsuspecting consumers.
An ethical hacker, Ryan Montgomery, recently demonstrated how scammers use text messages to trick victims into clicking on malicious links that lead them to fake websites, which harvest their personal information through the use of text messages.
To make such messages seem more credible, some social media profiles have been used to tailor them so they seem legitimate.
It is important to note that the threats do not end with phishing attempts alone. Another overlooked vulnerability is the poorly designed error messages in apps and websites. Error messages are crucial in the process of debugging and user guidance, but they can also be a security threat if they are crafted carelessly, as hackers can use them to gather sensitive information about users.
A database connection string, an individual's username, email address, or even a confirmation of the existence of an account can provide attackers with critical information which they can use to weaponise automated attacks. As a matter of fact, if you display the error message "Password is incorrect", this confirms that a username is valid, allowing hackers to make lists of real accounts that they can try to brute force on.
In order to reduce exposure and obscure details, security professionals recommend using generic phrases such as "Username or password is incorrect."
It is also recommended that developers avoid disclosing backend technology or software versions through error outputs, as these can reveal exploitable vulnerabilities.
It has been shown that even seemingly harmless notifications such as "This username does not exist" can help attackers narrow down the targets they target, demonstrating the importance of secure design to prevent users from being exploited.
There is a troubling imbalance between technological convenience and security in the digital world, as cybercrime continues to grow in importance.
The ingenuity of cybercriminals is also constantly evolving, ensuring that even as stronger defences are being erected, there will always be a risk associated with any system or device, regardless of how advanced the defences are.
It is the invisibility of this threat that makes it so insidious—users may not realise the compromise has happened until the damage has been done. This can be done by draining their bank accounts, stealing their identities, or quietly monitoring their personal lives.
Cybersecurity experts emphasise that it is not just important to be vigilant against obvious scams and suspicious links, but also to maintain an attitude of digital caution in their everyday interactions.
As well as updating devices, scrutinising app permissions, practising safer browsing habits, and using trusted antivirus tools, there are many other ways in which users can dramatically reduce their risk of being exposed to cybercrime.
In addition to personal responsibility, the importance of stronger privacy protections and transparent practices must also be emphasised among technology providers, app developers, and mobile carriers as a way to safeguard user data.
It is the complacency of all of us that allows cybercrime to flourish in the end. I believe that through combining informed users with secure design and responsible corporate behaviour, society will be able to begin to tilt the balance away from those who exploit the shadows of the online world to their advantage.
