Just finished reading NetSafe’s third annual review of cyber incidents. It made for very concerning reading as New Zealand internet users report that more than NZ$ 4.4 million has been lost over the last 12 months to internet scams. Financial losses more than quadrupled year on year with 562 reports received where money was paid over to a scammer that was not recovered. More than 10 victims lost $100,000 or more; one person who handed over $1.1 million to a scammer.
How can I get scammed?
Several scams sounded like outright blackmail and extortion – one involved conning people to take part in naked chats which unbeknownst to them, were then videoed. Money was demanded otherwise the video would be distributed on the internet! Common sense aside (and how common is common sense any way?), the “virtual” nature of the internet makes it easy to fall into the trap of thinking that scams and scammers are not real. It’s not as though someone reached into your pocket and took your wallet or broke into your house and stole your TV is it? But the financial loss is far from virtual given that the $4.4 million loss reported in by NetSafe only takes into account the losses that they know about. It is entirely likely that people have been scammed and not reported it which makes the scale of the problem incredibly difficult to quantify.
What are some common scams?
We have all heard of the Nigerian scams where people email to ask for your help to launder/clear their funds in return for millions, there are the scams that tell you that your bank wants you to log in to a particular website and verify your password or PIN, then there are the scams where a real person calls you and tells you that they think that your computer has a virus so please go to their website to protect yourself and in doing so, you unwittingly allow them to hack your computer. There have been other ingenious scams that have proved very lucrative for cyber criminals.
Where can I get help if I have been scammed?
Outfits like The Orb and NetSafe are there to help the public with general information on how reduce your risk. However, to my mind, they are toothless tigers – what can they do other than record that you’ve been ripped off? They are simply not empowered by our legal system to actually do anything to help. Have you tried reporting cybercrime to the Police? I have. My experience served to reinforce my view that the law is woefully behind in matters of cyber crime. To get the Police to even take me seriously, I had to provide an analogy and what amounted to a tutorial on how having someone break into my online account was tantamount to someone breaking into my house. Even then, I was advised if the cybercriminal didn’t actually do anything with my account other than look at my personal information then, nothing could be done. Apparently, the cybercriminal had to do some damage before they could even investigate! The antiquated laws that currently apply are inadequate in this day and age. To my mind, there is little difference between someone breaking into your house and rifling through your personal items and someone hacking into your account and browsing through your data. Surely, the break in alone is enough to warrant some repercussion or negative consequence to the person who broke in?
Is the GCSB bill too big of an idea?
The government wants to revise the GCSB Bill. That’s great I say. Exactly what are they going to do with the information they collect? It is laudable that they want to focus on terrorism and treason but they have enough information already with which they do perceptively little with – I haven’t heard of any practical initiatives that may help recover the reported $4.4 million lost to internet scams.
The focus at the moment by government is at either end of the spectrum when a balanced happy medium is needed. On one end of the scale you have insipid advice telling you to “change your password” or “get antivirus software” which are not what I would consider to be practical initiatives worth any allocation of tax payer money. These handy yet passive tips anger me as much as the “lock it or lose it” messages I see in car parks. At least NetSafe is trying though and educating the general public has to be a part of the puzzle. Binary Limited also does the same thing but we do not profess to have this as the answer, it’s more like a back stop or a basic building block to a more robust system. I do understand that identifying the issues are important and potential part of the requirements gathering phase before possible solutions can be sought. Much like health and safety initiatives, a strong reporting culture grows a stronger overall vigilance and awareness of risk. Read more basic ways to reduce your risk (link to article here).
On the other end of the scale there is the spectre of terrorist attacks – any one reading the paper or watching television today would be forgiven for thinking we are in the midst of a Tom Clancy novel. While complacency in this regard is unacceptable, I fail to see how spying on citizens and gathering data on the off chance that some of it may provide a tip off seems to be an inefficient use of resources.
What I would like to see the government focus on is more action on catching and detering criminals. The message shouldn’t be “lock it or lose it” it should be “if you rip people off you will go to jail”. Giving the GCSB wide ranging powers to go through any and all information would be fine if we had some reassurance that they would use their powers for good. I don’t fear that they will take any of my information and hold it against me – I fear that they will take all our information and continue to passively and complacently allow cyber criminals to take advantage of us at will.
Our advice is to put in place the most secure system you can afford. On a day to day basis, your risk exposure to cyber criminals is far more likely than you think. The government and the legal system is woefully behind the times so you are best to protect your business proactively. Binary Limited works with our clients to implement appropriate solutions that are safe, secure and simple.
Don’t forget to report a scam : www.theorb.org.nz