Ten years ago the biggest criminals were gangsters, bank robbers and white-collar crooks, but not anymore. Now the most successful criminals are cybercriminals, who steal your money and information from the comfort of their own homes, potentially making millions of dollars, with little chance of being caught.
In fact, cybercrime complaints in the U.S. alone rose by 22% from 2008 to 2009, with losses linked to online fraud totaling nearly $560 million1, according to the Internet Crime Complaint Center. And frankly, it’s no surprise that more computer users are falling victim to cybercrime, considering that in 2010 McAfee® detected an average of 60,000 new pieces of malware each day, including viruses, fake anti-virus software and phishing scams, all aimed at your computer, your identity and your wallet
So, what has propelled this surge in cybercrime? To start, the number of Internet users has exploded over the last decade, offering crooks more potential victims. Furthermore, online websites and applications have become more sophisticated, and now deal in valuable data, such as banking and identity details, which the cybercriminals can get their hands on through data breaches, phishing attempts and online scams.
Cybercrime began as an attempt at gaining bragging rights and notoriety through high-profile website attacks and viruses, but today’s threats are targeted, discrete, and all about
For example, millions of Internet users were infected in 2000 by the relatively simple “I love you” worm, which arrived via spam and tricked users into downloading the attached “love letter” file, which turned out to be a virus. While the insidious worm cost businesses and governments billions to eradicate, it didn’t make money for the cybercriminals. Compare that to today, where “scareware” scams frighten users into buying fake anti-virus software, generating in some cases hundreds of millions2 of dollars for the cybercriminals.
This evolution from relatively simple viruses, to clever money-making scams has been quick, and fascinating. By the mid-2000s cybercriminals had moved on from headline-grabbing attacks to profitable endeavors like distributing adware, or advertising software, which automatically displays popups or downloads ads to your computer with the aim of getting you to buy products or services. Attackers jumped at the opportunity to install different adware packages on millions of systems while collecting handsome checks along the way.
And, by the end of the decade, cybercriminals had become experts at social engineering, or manipulating users into performing actions or revealing information. They then set their sights on places where millions of users like to let down their guards—on social networks.
In fact, modern social networking scams have been some of the most successful because the crooks are able to trick users out of information and money, by getting them to click on dangerous links or respond to information requests that they believe are coming from friends. A good example of this is the “I’ve been robbed” scam which has been circulating on Facebook recently. In this scam, cybercriminals leverage the popularity of Facebook and gain access to users’ accounts and then send desperate messages to their friends, saying they’ve been robbed while abroad and need the friend to wire money to them to get them home. Since the message appears to come from a friend, recipients are more likely to fall for the scam.
And, as we look into the future, we expect cybercriminals to continue to evolve their attacks and rely on social engineering to get what they want. Here are just some of the emerging threats McAfee Labs™ revealed in its 2011 Threat Predictions report:
- Increased social networking scams—Cybercriminals will continue to target social networks with malicious links, phony friend requests and phishing attempts. Since we are storing more personal information and sending more messages on social networks, versus email, these platforms are becoming increasingly attractive to cybercriminals.
- Mobile threats—We’ve been hearing about mobile threats for some time, but this year is expected to be a turning point with attacks aimed at a variety of mobile platforms. This could be particularly dangerous to users since many of us are now storing personal information in our phones and using them for online shopping and banking.
- Apple attacks—Although the Apple platform has been considered less vulnerable to attack than PCs, the growing popularity of Apple products, such as iPhones and iPads, are expected to attract new, targeted threats.
- Dangerous applications—The growing use of mobile, tablet and social media applications (apps) will prove irresistible to cybercriminals, who will create dangerous apps and trick users into downloading them. For example, they may promote a desirable app, like a game, and instead deliver malware that is designed to steal your personal information.
- Botnet survival—Cybercriminals will continue to use botnets, or networks of infected PCs that can be controlled remotely, to distribute spam and launch attacks. McAfee Labs expects botnets to start targeting social networking sites and geo-location services as well.
Cybercrime has come a long way in a relatively short period of time, and will no doubt continue to evolve. To learn more about this lucrative industry, where it’s headed and what to watch out for, read our “A Good Decade for Cybercrime” report.