Special Reports
A special report is content that is edited and produced by the special reports unit within The Irish Times Content Studio. It is supported by advertisers who may contribute to the report but do not have editorial control.

Think before you click

Cyber threats can come from a variety of sources, including individuals, criminal organisations and nation-state actors

At this stage, you’ve more than likely received multiple fake texts claiming to be from your bank telling you there’s a problem with your account, but it’s still possible to fall victim
At this stage, you’ve more than likely received multiple fake texts claiming to be from your bank telling you there’s a problem with your account, but it’s still possible to fall victim

With the ability to do just about everything online, from emails to banking to shopping or booking a haircut, it would seem that the increasing move to online transactions has very little downside. Unfortunately, while the makers of these technologies and apps work hard to make them as safe as possible, those who seek to access your funds illegally are often just a step or two behind.

Is the onus on the creators of tech to protect us from threats or is it something we can do ourselves?

What is a cyber threat?

Cyber threats can come from a variety of sources, including individuals, criminal organisations and nation-state actors, says Carol Lawton, AIB head of financial crime. “Some of the most common cyber threats include phishing – a type of social engineering attack that involves sending emails or text messages that appear to be from a legitimate source in order to trick the recipient into providing personal information or clicking on a malicious link.

READ SOME MORE

“Denial-of-service [DoS] attacks are designed to overwhelm a computer system or network with traffic, making it unavailable to legitimate users. Malware is malicious software that can be used to steal data, disrupt operations or gain control of a computer system, and ransomware is a type of malware that encrypts a victim’s data and demands a ransom payment in order to decrypt it.”

Other types of fraud include smishing, romance scams and CFO fraud, says Justin Moran, head of governance and security at Three Ireland. “Many of these items fall within what may be termed ‘social engineering’. This term refers to the method of gaining information from someone or getting them to perform some action for the fraudulent hacker or criminal. Smishing is a similar method to phishing except the delivery method is via SMS.

“Romance scams, CFO fraud, etc are simply alternate means used by fraudsters seeking to gain trust in individuals through dishonest means with a view to obtaining illegal financial gain. Similar to many fraudulent schemes, one of the key features is seeking to gain trust of the individual, for example, by way of an unexpected offer which seems too good to be true (it is by the way!) or unexpected communication presented as an urgent problem or opportunity to avail of.”

Lawton says the one thing they all have in common is to create an urgent/anxious situation where you have to act quickly before thinking it through.

Prevention is better than cure

Elizabeth Bowen, public affairs lead, Small Firms Association, says businesses can protect themselves by looking at where the risk is – usually invoice fraud, fake emails and people in companies clicking links. “The businesses can identify risk and put in processes to mitigate. While it can be costly, it’s an investment SMEs need to make. It’s vital to make sure employees are aware of how financial information is handled and processed.

“There are simple investments SMEs can make such as buying antivirus software, putting firewalls and encryptions on new devices and implementing 2FA – two-factor authentication.”

Many organisations, typically constrained by budgets, need to identify, prioritise and protect their key assets, says Moran. “When it comes to key assets, organisations need to focus on identity management, reduce the potential attack surface available to the hacker through strong system and network hardening, apply up-to-date patch management, minimise privileged access levels and ensure up-to-date backups are performed and stored offsite in the event of a significant system breach or compromise.

“Organisations should also invest in educating and training their people, who are, in many instances, the first line of defence. This should include education and supports on good password hygiene and regular phishing tests, where practicable.”

Individual protection

At this stage, you’ve more than likely received multiple fake texts claiming to be from your bank telling you there’s a problem with your account, but it’s still possible to fall victim. “Awareness about this issue is high and most people have received fraud prevention messages and warnings from their bank, on social media, in newspapers, on TV and on radio,” says Lawton. “When people are defrauded, the common link is often that they’re distracted when the email, text or call is received, they believe it is genuine and give all the details to the criminals.

“If people could keep the catchphrase ‘don’t click on the link’ in their minds and be sure to get a second opinion before reacting to a call or message, it would help protect them from these criminals.”

Global response

The response to this type of crime requires a joined-up approach across society, says Lawton. “Banks have a responsibility to ensure they have robust fraud prevention and detection controls as well as customer education programmes. Social media companies should ensure robust prevention models are in place to stop the fraudulent placement of ads on social media by criminals and to ensure that these fraudulent websites that act as traps for customers are not set up in the first place.

“The telecommunications industry should ensure it is doing all it can to prevent the distribution of texts and calls from online fraudulent sites. Businesses should ensure that all staff are aware of the current scams, what they look like and that no payments are made without a robust approval process involving a number of people.

“Customers should ensure that every unexpected or unusual request for payment is treated with extreme caution. This whole-of-society approach should be underpinned by the work of the Garda and the relevant State authorities to allow us all come together to tackle fraud and protect people.”