In 2020, the Federal Criminal Police Office (BKA) registered around 108,000 cybercrime offenses in the narrower sense – 7.9 percent more than in the previous year. How to protect yourself.
The number of cyber offenses known to the police has reached a new high. In 2019 the number rose from 87,106 (2018) to 100,514 criminal offenses. Cyber criminals used the pandemic to develop numerous new variants within a very short time that exploited people’s ignorance and worries. ARAG IT experts provide an overview and tips on how to protect yourself.
New: Juice Jacking
The variant of “Juice Jacking” is fairly new. In this variant of the cyber-attack, the mobile device is attacked directly. And through its power supply. If you close z. If, for example, you connect your mobile phone to a charging station, the connection to the USB port is used. Not only is the battery charged via this interface, but hackers can also access the cell phone’s data. The ARAG IT experts therefore advise: Be careful when charging your cell phone or laptop at public charging stations. It can never be ruled out that unauthorized third parties gain access to the mobile device, view sensitive data, exchange it, save it elsewhere or transfer malware.
Fake websites and fake shops
In order to get the subsidies for the Corona emergency aid, cyber criminals programmed fake pages to apply for funding. The public prosecutor in Cologne alone received more than 1,200 online criminal complaints for North Rhine-Westphalia (NRW) from April to September 2020. Other federal states recorded similar numbers of cases. The State Criminal Police Office of North Rhine-Westphalia (LKA NRW) was able to identify and block some domains, but due to the large number, the payouts had to be stopped briefly in some federal states. The online advertisements against unknowns were mostly refunded for fake websites that misled people through search engines. For example, anyone who entered the term “emergency aid NRW” came to a page which looked like that of the state of North Rhine-Westphalia – with a deceptively real form for applying for funding. The criminals wanted to get company data that they could then misuse themselves to apply for funds.
The ARAG IT experts point out that the number of fraudulent fake shops with counterfeit Corona goods has also increased. Before buying, they always recommend checking the seller by doing an Internet research and referring to the prevention tips of the police.
Home office situation
Many companies have experienced digitization in rapid succession due to COVID-19. Within a very short time, workplaces were relocated home and work was switched to “remote work” (mobile work) or “hybrid work” (combination of work in the office and mobile or semi-mobile work). Cyber criminals reacted immediately to this development and focused their attacks on the target group of companies and their employees. The introduction of new tools for uncomplicated work from home in particular offered hackers an enormous surface area to attack, as the employees were not yet sufficiently familiar with how they were used. Current figures from the Global Security Insights Report 2021 show that nine out of ten cyber-attacks took place on companies during the Corona period. This is how emails were sent that refer to new hygiene rules or behavior for the office and must be strictly followed or that informed about global instructions or changes to the Corona measures. Regardless of which hook was used, the employees were almost always asked to act quickly. B. in the form of clicking on a fake link. Crimes related to video conferencing applications have also been recorded. Criminals obtained login data by automatically stealing user-password combinations (credential stuffing), which they later offered for sale on the Darknet. Employees were almost always asked to act quickly; B. in the form of clicking on a fake link. Crimes related to video conferencing applications have also been recorded. Criminals obtained login data by automatically stealing user-password combinations (credential stuffing), which they later offered for sale on the Darknet. Employees were almost always asked to act quickly, e. B. in the form of clicking on a fake link. Crimes related to video conferencing applications have also been recorded. Criminals obtained login data by automatically stealing user-password combinations (credential stuffing), which they later offered for sale on the Darknet.
The ARAG IT experts therefore recommend a healthy amount of attention even when working in the home office. If a mail cannot be clearly assigned, the attachment is better left unopened. In the case of links, it helps if you don’t follow them blindly, but go to the website of the company or bank in question yourself. You should make sure that a secure connection is established. It can be recognized by the prefix “https: //”. Regardless of whether you are a private or business user: Choosing secure passwords is still a good protection. Very important: Even if it is tedious, a separate password should be used for each account, which is also changed regularly. Password managers can help here.
Phishing is not new and has been around offline since the early 1900s – under the name of “The Spanish Prisoner”. A scammer tells his victim that he has been in contact with a rich man who is imprisoned in camouflage in Spain. The prisoner cannot reveal his true identity, otherwise he is putting himself in danger. He now urgently needs money to buy himself out of captivity. Those who support him will be richly rewarded afterwards. Once the first payment has been made, there are unfortunately always new problems, which in turn require money to be solved. The game goes on until the victim has none left. The principle of “modern” phishing has remained the same, only the channels have changed.
Since the beginning of the pandemic, numerous phishing emails have been sent that strongly address people’s need for protection and security and encourage quick action. For example, under the guise of investment banks or development banks, fraudsters sent phishing emails to possible recipients of subsidies. In order to suggest credibility, well-known sender names such as “[email protected]” were used and when the links in the email were clicked they were taken directly to the website of the respective development bank. Using pretended authenticity, psychological tactics and threatening formulations such as “reclaim from the tax office”, the crooks gained access to sensitive company data. In some cases, they had the alleged recoveries transferred to an account they had named.