Reasons to be fearful 2020: Smishing, public Wi-Fi, deepfakes... and all the usual suspects
Too soon for New Year Resolutions?
Cybercriminals will continue to exploit tried-and-tested fraud methods but also adopt a couple of new takes and targets in the year ahead.
Predictions from fraud specialists at Experian suggest continued threats from careless use of public Wi-Fi networks. With ever more spots available, users need to be careful of what data they store on their phone and be wary when accessing public networks with unknown security.
Experian expects more use of "smishing" – phishing attacks via SMS. Folk are also more likely to fall for scams from an online community they're part of – whether that is a group connected to a political candidate, issue or other theme. The company recommended people take the same precautions with text messages from unknown mobile numbers as they would with emails from unknown sources.
Deepfake video and audio has mainly been used for political purposes so far, but Experian warned that as the technology moves downstream, it will be exploited by cybercriminals. The company said there have been three cases in the US where fake audio of executives has been used to defraud their companies. It also warned that there are few tools to spot deepfake audio and video content.
Certain types of company are more likely to face cyber attacks in 2020, Experian believes. It predicted that cannabis retailers and cryptocurrency exchanges will face more attacks and as immature businesses may not have made the security investment needed to protect their customers. Medical marijuana facilities may store medical records which would prove valuable if stolen. Cryptocurrency exchanges have already been hit by crooks who got away with $41m in Bitcoin in one case.
Finally, Experian warned that the increasing use of mobile payment systems – expected to hit $4.5 trillion by 2023 – will be an ever more tempting target for fraudsters. It noted that most NFC payment apps have decent security, but some handheld point-of-sale devices for swiping cards used at venues and retailers are less secure.
In a refreshing bout of honesty, Experian also rated the accuracy of the predictions it made last year.
Firstly was its forecast that biometric security would be targeted in 2019. The credit agency gave itself an A grade for this – pointing to the discovery of a million people's fingerprints on an accessible database.
But it only got a B grade for suggesting an enterprise-wide skimming attack could succeed in 2019.
It marked itself with another B grade for suggesting that a mobile network would see a simultaneous and successful attack on both Android and Apple phones.
But better marks for suggesting that a top cloud vendor would be breached. Capital One suffered a massive data loss and the hacker accused of the attack has been charged with targeting another 30 AWS-hosted companies.
And a mixed A grade for Experian's prediction that online gamers would fall victim to attacks from crooks posing as fellow, friendly gamers. 2019 did see data losses at Zynga and distributed denial-of-service (DDoS) attacks on gaming servers, but no active attacks from people posing as gamers.
The full report is available to download from here, if you're prepared to cough up an email and some other details. ®