Recently, Arkose Lab’s Vanita Pandey had the opportunity to sit down with Neil to discuss a variety of topics related to cybersecurity, keeping children safe online, and what fighting online fraud in the COVID-19 era means to businesses and consumers.
Neil will be a featured speaker at Arkose Labs’ Bankrupting Fraud Virtual Summit on November 10, 2020. For more details visit: https://www.arkoselabs.com/virtual-summit/
Q: What are the most basic, essential best practices parents should be adhering to in order to keep their children safe online?
A: Now more than ever, the dangers of the online world are just as prevalent -- if not more so -- than those encountered in the real world. COVID-19 has had a massive impact on the digital ecosystem, with much of what was previously done face-to-face (e.g. school, playdates, music lessons, etc.) now being conducted in the virtual realm. It’s imperative that children have a baseline understanding of cybercrime and online fraud, and parents can help by taking these 4 steps:
- Have an open, trusting conversation with your kids about the realities and dangers of the online world. Stress how nothing is private on the internet.
- Make sure your children understand and can recognize the threats they face online. Explain that even something seemingly innocuous, like sharing a photo, can have uncomfortable, even dangerous, consequences down the line since online activities are permanent and can never be erased.
- Teach your kids how to actively manage their risks. For example, emphasize that they shouldn’t purchase anything online without your presence and discourage them from opening any emails that seem suspicious.
- Keep all of your tech’s software up to date at all times.
Q: Activities like buying goods, sending money, or sharing photos are some of the more obvious risks for kids online these days. What are some examples of less obvious risks?
A: With so much more schooling taking place online, cybercriminals have started exploiting a new attack vector: eBooks. They’ll lace eBooks with malware and circulate them online for free download. When kids, or teachers, download these eBooks, the malware will either lock their device or steal their data from the device.
Also, most kids know that sharing personal information (especially information related to payments and social security numbers) is highly risky. However recent research from Arkose Labs shows that there is less awareness about the dangers of sharing log-in credentials and other personal information, such as addresses. This seemingly harmless activity creates yet another easy opening for cybercriminals to prey on children online.
Q: What else can be done to keep kids safer online, especially given that more and more of both their personal and school lives are taking place there?
A: Data indicates that COVID-19 had led to a 50% increase in screen time for kids. In terms of their presence and participation, children have become an audience no digital service provider can ignore, so these businesses need to step up. Gaming streaming services should all offer parental controls that restrict what children can play or view, or even how much time they can spend on the platform. Video-sharing services should continue to create content and user interfaces that are kid-friendly, and offer dedicated controls to prevent kids from straying into adult content. Cybersecurity companies must also keep pace with cybercriminals by regularly releasing software and tools that proactively fight the latest cyber threats. They should also continue to release patches and updates to plug-in vulnerabilities and automatically keep their software up to date.
Recommended eBook: How to Get Kids Cyber-Savvy and Make a Safer Internet For All
Topic: What the COVID-19 Era Means for Keeping Fraud at Bay
Q: A lot has happened over the past six months, but is there one overarching trend that can help paint a picture of what COVID-19 has done to impact online fraud?
A: Even with all the changes and uncertainty right now, a key rule of thumb is this: The amount of time and effort a cybercriminal is willing to expend on an attack is driven by the monetization potential. Since human-led efforts require greater investment from fraudsters, it’s revealing to monitor the proportion of human-driven attacks versus automated bot attacks. Case in point: In the first six months of 2020, research shows that the highest human-driven attack rate occurred in the retail industry. At the other end of the spectrum, human resources were expended very sparingly in the travel industry, which makes sense given the major drop in customer activity there due to lockdowns and travel restrictions.
Q: In addition to retail, are there certain industries that pose a greater risk than others during COVID-19?
A: Social media sites are definitely an area to keep a close eye on, as there was a spike in bot-driven activity in April and May. Cybercriminals are using bots across a variety of social media platforms to scrape information, launch scams, or disseminate malicious content. Bots are also often deployed in attempts to influence political and social discourse by spreading information en masse and carrying out hashtag hijacking and trend-jacking. I expect bots within social media will come under even greater scrutiny this fall, as debates over COVID-19 safety measures and the presidential election increasingly dominate public discussion.
Online gaming is another sector to watch. With adults and children spending more time at home, gaming traffic has risen, with the gaming industry seeing 65 attacks per second. The most attacked touchpoint is currently logins, which saw a sharp uptick in the volume of attacks. The First half of 2020 was dominated by automated attacks, as fraudsters leveraged tools to spin up attacks at speed as an immediate response to COVID-19. However, Q2 of 2020 saw a shift to human-driven attacks, which accounted for 41% of gaming attacks.
Q: What can the COVID-19 era teach us about successfully combating online fraud long-term?
A: What’s interesting is that pre-COVID, the driving factor behind online fraud was the prevalence of high-profile data breaches on major companies. In 2020 though, these very high profile breaches have been less prevalent. Instead, cybersecurity headlines are dominated by COVID-19 related scams, for example, phishing attacks or attempts to hijack government relief checks in the US.
More people have become comfortable transacting online, and remote communication and digital education platforms are continuing to boom. This change in digital behavior is a double-edged sword for businesses: On the one hand, it brings more people into digital channels. On the other hand, it also provides greater opportunities for fraudsters to attack and blend in with normal online traffic. These are irrevocable trends, and businesses need to be prepared to handle the onslaught of fraud that comes with increased digital adoption. Those that do will gain a clear competitive edge going forward.
Topic: New Dangers Online
Q: We’ve grown accustomed to living with a certain amount of online fraud for some time now, although COVID-19 has certainly changed the fraud landscape considerably. What’s a new danger or risk factor we should all be aware of in 2020?
A: Interestingly, when comparing attack levels with legitimate traffic patterns in the first half of 2020, it’s clear that the morning is the most dangerous time of day. Businesses are facing cross-border attacks from fraudsters operating across time zones and they’re using automated scripts that can run throughout the night. This explains why attacks don’t always tie in with the peak hours of legitimate consumers. In fact, 5 AM is the time of the day that has the highest attack rate across all traffic, with attacks 10% higher than in the afternoon.
Q: Is COVID-19 related fraud impacting the global community equally, or is it hitting certain regions harder than others?
A: No region is immune to cybercrime, however in 2020 Europe appears to be bearing the brunt of it. Data shows that 47% of global attacks targeted Europe. That represents a 62% rise in attacks and the region also experienced 48% of all online gaming attacks. North America experienced 32% of global attacks, which marks a 37% rise in attacks. North America accounts for 32% of online gaming attacks and 46% of media attacks.
Recommended Event: Bankrupting Fraud Virtual Summit
Topic: Lost-cost, high-gain, Automated Attacks and Emerging Source Markets for Attacks
Q: In the world of cybercrime, what is low-cost, high-gain?” What’s the difference between human and automated attacks, and which type of attack is more prevalent right now?
A: Large groups of low-paid workers who are hired to carry out attacks or make malicious transactions on fraudsters’ behalf cost comparatively little to the illicit financial profit made from an attack. Automated attacks are not human-driven attacks, i.e. they’re largely carried out by bots.
The first half of 2020 saw a barrage of bot attacks, which represented 74% of all attacks. However, the most recent quarter saw the highest proportion of human-driven fraud recorded over the last twelve months, with 41% of attacks originating from sweatshops and other malicious humans. Additionally, the proportion of human-driven fraud versus bots rose in Q2 of 2020 with 41% of attacks originating from sweatshops, compared to 59% for bots and automated attacks. This is a significant increase from Q1 when humans accounted for 26% of all attacks.
Share The Blog
