However, this century-old scam, far from disappearing, has only gained strength with the advance of technology and, over time, has spawned many variants which eventually migrated to email. Scams that offer something for nothing, but turn out to require some form of advance payment \u2013 in return for empty promises of a reward \u2013 are often referred to as Advance Fee Fraud.<\/p>\n
![\"\"](\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/03\/shutterstock_202818121.jpg\")
<\/p>\n
Still, after so many years, we still see messages on social networks and websites with the same type of ploy: \u201cYou are visitor number 1,000,000!\u201d; \u201cYou won the lottery!\u201d; \u201cYou have been selected for a dream holiday trip!\u201d, etc. These are just a few examples of the fraudulent rewards wafted under people\u2019s noses.<\/p>\n
\u201cPeople still remain vulnerable to psychological manipulation and social engineering.\u201d<\/span><\/p>\n As computer threats have continuously evolved to reach the level of sophistication we see nowadays \u2013 targeted attacks, cyberwarfare and APTs \u2013 it\u2019s unclear why these types of scams have remained so successful. The simple answer is that people still remain vulnerable to psychological manipulation and social engineering.<\/p>\n The simple answer is that people still remain vulnerable to psychological manipulation and social engineering.<\/p>\n Just five years ago, in our Trends for 2012 report<\/a><\/u>, we talked about the growing trend of malware in mobile devices, spearheaded by threats such as botnets. In more recent years, these risks have continued to spread. We are seeing increases in cyber espionage, targeted attacks and privacy threats.<\/p>\n Previous concerns about the vulnerability of many poorly-secured IoT devices have been realized with them falling victim to attacks. Furthermore, we believe that throughout this year, the number of annual victims of ransomware will continue to rise.<\/p>\n All of these types of threats, which have developed over time, have one thing in common: the point of entry is often the user. Attackers continue to entice victims with deceptive emails and messages on social media, encouraging na\u00efve \u2013 and in many cases, irresponsible (albeit unknowingly) \u2013 behavior. These threats, including booby-trapped USB devices left in car parks, are all designed to trick victims into compromising the safety of their own systems.<\/p>\n Unfortunately, this reality is set to continue throughout the rest of 2017 and beyond, and attackers will continue to take advantage of it. Despite the potential vulnerabilities in hardware and software that could allow an attacker to take control of a system, the simplest way for cyberattackers to do this is by tricking users.<\/p>\n \u201cWe are seeing increases in cyberespionage, targeted attacks and privacy threats.\u201d<\/span><\/p>\n Why invest hours in exposing a flaw in a device when a simple email can provide the same type of access to such systems? Similarly, why would thieves make the effort to dig a tunnel to break into a house when they could just ring the doorbell?<\/p>\n It seems likely that for the remainder of 2o17, we will see different types of malicious code continue to emerge; that ransomware will continue its infamous reign as the fastest growing threat, and that more IoT devices will be targeted for a broader range of cybercriminal activity. Cybercriminals are becoming increasingly ruthless<\/a><\/u>, to the point that even industries such as healthcare are being attacked, and infrastructural components such as ATMs (cash dispensers) are continually targeted by attackers.<\/p>\n Furthermore, in 2016 it became clear that modern cybercriminals come armed not only with different types of malicious software and social engineering techniques, but also with \u201cbusiness plans\u201d<\/a><\/u> for extortion and extracting some sort of payment from their victims.<\/p>\n \u201cCybercriminals are becoming increasingly ruthless, to the point that even industries such as healthcare are being attacked.\u201d<\/span><\/p>\n We have reached the point at which we need to stop talking about security risks in generic terms. It is critical that users, whether corporate or individual, are aware of the types of attacks that can affect them. From email fraud to information theft, all threats must be taken seriously, and it is important to take the necessary measures both in terms of technology and raising awareness, in order to avoid them.<\/p>\n Two types of players inhabit the digital world and they can be described as \u201cdigital natives\u201d and \u201cdigital immigrants\u201d. The former have incorporated the use of technology into most aspects of their lives from an early age. The latter, on the other hand, use technology to carry out many of their daily activities despite having had to adapt and make adjustments in order to do so.<\/p>\n One would hope that the digital natives would be less susceptible to these types of scams. However, last year a study by the BBB Institute<\/a><\/u> showed that young people between age 25 and 34 are more susceptible to scams, whereas other studies show that it\u2019s the youngest users who exhibit the riskiest behavior when it comes to surfing the internet. They might connect to poorly secured Wi-Fi networks, plug in USB devices given to them by others without taking elementary precautions, and make little use of security solutions.<\/p>\n \u201cFrom email fraud to information theft, all threats must be taken seriously.\u201d<\/span><\/p>\n On the other hand, while digital immigrants can often be more cautious when it comes to using technology, we find that they too can often be the victims of attacks or engage in unsafe behavior. Generally, this is due to a lack of knowledge of the security characteristics of devices, or a lack of information regarding the scope of computer threats and the care that they should take to help avoid them.<\/p>\n In short, when it comes to protection, age does not matter. The need for all users to be aware of the many threats, the ways in which they operate, and the best options for protecting their devices, are all issues on which users should be focused in order to stay safe.<\/p>\n There is no doubt that today, almost four years after the Snowden revelations<\/a><\/u>, people continue to feel their personal data is increasingly at risk. The paradox is that in reality, there is more information about what is happening with their data than ever before.<\/p>\n \u201cA challenge we face is the need to educate ourselves about online protection.\u201d<\/span><\/p>\n The feeling of being monitored is a big concern for many users and recognition of the reality of global surveillance is one of the most important lessons<\/a><\/u> to be learned from the Snowden revelations. If someone is authorized to act covertly and is given a large enough budget, it cannot be assumed \u2013 regardless of their personality \u2013 that they will do so properly, ethically and without negative repercussions.<\/p>\n Having said that, neither should we give way to out-and-out paranoia or stop connecting to the internet altogether. An important challenge we face is the need to educate ourselves about online protection<\/a><\/u>, what types of information to publish, and which measures will ensure that information remains safe and private.<\/p>\n At ESET we firmly believe that security is not only a matter of technological solutions, but we also need to help each other when it comes to protection. While ongoing efforts to build awareness around computer security exist in many areas of our modern lives, many computer users still do not have sufficient training on this topic. In addition, while many recognize the threats to their computers, they do not have the same awareness when it comes to their mobile devices and even less with regard to their IoT devices.<\/p>\n In 2013, it was estimated that the ratio between the number of mobile devices with a security solution installed and the number of global connections from mobile devices <\/u><\/a>was 4.8%, and by 2018 it is estimated that this ratio could reach 15%. Although this represents a tripling in five years, it means fewer than one in six smartphones and tablets is running security software.<\/p>\n \u201cIt is vital to be aware of security at all times from personal devices with a Wi-Fi connection, to critical infrastructure.\u201d<\/span><\/p>\n In the coming years, we will see threats continue to spread to all types of devices that are connected to the internet, and which handle sensitive data. Therefore, it is vital to be aware of security at all times and in all contexts, from personal devices with a Wi-Fi connection to critical infrastructure that is connected and remotely controlled via the internet.<\/p>\n Technology\u2019s rapid advance equips cybercriminals with increasing number of tools they can use for cyberattacks, and this won\u2019t stop if users are not educated about them. We cannot allow its increasing sophistication to enable it to turn against us.<\/p>\n Going forward, means of protection must keep pace with the realities of cybercrime. This is why education is vital. If users come to recognize that using passwords as the sole means of online access presents a security risk to their personal data, then they can also recognize that using two-factor authentication<\/a><\/u>, which adds a significant extra layer of security, will tilt the odds back in their favor.<\/p>\n The challenge, in addition to enabling them to recognize the threats, is to arm them with security tools that help them keep their information safe and secure. In the absence of such tools, the continued growth of threats and attacks is all but guaranteed.<\/p>\n Likewise, the best way to guarantee the confidentiality of information is to make use of encryption<\/a><\/u> technologies for all forms of communication. As for ransomware, the best way to protect yourself from permanent loss of personal information is ensuring proper \u2013 including offline \u2013 backups<\/a><\/u> are in place for the most sensitive or important data.<\/p>\n However, the adoption of these technologies starts by acknowledging the threats, which can only happen if there is a base of users who are educated and able to determine what they should be protecting themselves from, and thus the best way to protect themselves.<\/p>\n For all of us working in the world of information security, no maxim has proven truer than that which says the weakest link in the chain is the end user<\/a>.<\/p>\n \u201cThe focus of the immediate future should be on building awareness among users of basic Internet security measures.\u201d<\/span><\/p>\n We have been warned since at least 2015 that there is an increasing volume of information available to defend ourselves, but the number of people who are skilled enough to perform the tasks necessary for that defense is dangerously low.<\/p>\n We must, therefore, see education as the fundamental factor that makes the difference. Given that training new professionals to work in information security will not happen immediately, the focus of the immediate future should be on building awareness* among users of basic internet security measures.<\/p>\n So, the big challenge for those of us who are responsible for security is to turn ourselves into the first line of defense of information.<\/p>\n Educating users about current threats and how they spread can make all the difference in reducing the impact of cybercrime in the future. We should not forget that security is the responsibility of everyone and not exclusive to those of us working in IT.<\/p>\n These days, information is equally critical whether handled by a reporter or by an executive; and even more sensitive for healthcare professionals and the medical records they handle on a daily basis. Active participation by governments and companies to protect this information is necessary.<\/p>\n We have reached a point where education on security issues must be handled in a formal manner, and companies should not simply relegate these issues to be covered as a one-off when inducting new employees. It must be a continuous and ongoing effort. End users must feel they are a part of the entire security chain and must understand firstly that these threats do exist, and secondly, that the necessary mechanisms to use technology securely also exist.<\/p>\n This article is an adapted version of the corresponding section from ESET\u2019s 2017 trends paper, <\/i>Security Held Ransom<\/i><\/a>.<\/i><\/p>\n *If you are interested in boosting your employees\u2019 skills and understanding, check out ESET\u2019s free Cybersecurity Awareness Training<\/a>, which covers everything you need to know.<\/em><\/p>\nCybercrime: Ruthless and efficient<\/strong><\/h2>\n
![\"\"](\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/03\/shutterstock_348158087.jpg\")
<\/p>\nGood education is not age-dependent<\/strong><\/h2>\n
The current paradox: The more we know, the less safe we feel<\/strong><\/h2>\n
Small changes can make a big difference<\/strong><\/h2>\n
![\"password\"](\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/03\/shutterstock_266043962.jpg\")
<\/p>\nEducation makes a big difference<\/strong><\/h2>\n
![\"\"](\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/03\/shutterstock_405274327.jpg\")
<\/p>\n