How Do Cybercriminals Make Money?
Since most of what we do is now online, from shopping for food to paying bills, the global economy is taking a digital shift. It’s only natural for criminals to follow suit. As criminals consider the economics of what they do, they recognize cybercrime as one of the quickest ways for them to make money. For a hacker, extortion is an easy way to monetize stolen information and provides the shortest path from cybercrime to cash. In addition to extortion, criminals can make money off of fake auctions, stealing someone’s identity, and by selling stolen information such as credit card numbers, social security numbers, even various account credentials.
In order to turn a profit, cybercriminals can use a variety of tactics. Let’s take a look at a few of the most common methods:
Ransomware and Crypto-ransomware
Ransomware is a form of malware that will lock files on a computer using encryption. Encryption converts files into another format, like a secret code and can only be decoded by a specific decryption key. Ransomware can present itself in two ways- regular ransomware, which will encrypt the whole hard drive of the computer, permanently locking the user out. Crypto-ransomware will only encrypt specific, seemingly important files on a computer such as word documents, PDFs and image files.
Once the ransomware installs itself, it will display a fake warning message, appearing to come from a government agency, notifying the user that illegal content has been found and that the computer is now locked. The user is given a specific amount to pay as a “fine” and a timeframe in which to pay. The hacker then requests that the payment be made with cryptocurrencies such as Bitcoin or MoneyPak, due to the anonymity of these payment systems. If the user does not pay, the cybercriminal will destroy the decryption key and the users’ data will be locked forever.
Social engineering is a method of attack that relies heavily on human-to-human interaction. Social engineering is a component of many types of exploits that are seen on the Internet landscape today. Cybercriminals use social engineering tactics to convince people into downloading email attachments that contain malware, or to try and trick people into divulging sensitive information via phishing, email hacking, vishing and more. Because social engineering is based on the psychology of human nature and emotional reactions, a cybercriminal essentially runs a "con game," to try to gain the confidence of an individual in order to get them to disclose information. Once the cybercriminal has received the information, they can then use it to perform identity theft, credit card fraud, or they can sell that information to other cybercriminals.
So what do you do if you become a victim of cybercrime?
- First and foremost, do not pay anyone money. While it may seem like the easiest way to deal with threats such as digital extortion, you must remember that these are criminals, and just because you pay them does not mean they will remediate the situation.
- Report it! You can file a complaint with the Internet Crime Complaint Center (IC3), which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
- Educate yourself. Knowledge is power- become familiar with the various threats on the Internet landscape. Learn about the red flags to be on the lookout for when it comes to scammers and phishing. Remember to never click on links or download attachments from unknown senders.
Before cybercriminals attempt to strike, it’s important to be vigilant about protecting yourself against malware and security breaches. For the best possible protection, you should add another layer of security to your devices by using a comprehensive Internet security program such as Norton Security.
If you want to learn more about these tactics and meet some of the masterminds behind them, be sure to check out our documentary: "In Search Of The Most Dangerous Town On The Internet"