The FBI says that complaints concerning online scams and investment fraud have now reached a record-breaking level. The FBI’s Internet Crime Complaint Center (IC3) received its 6 millionth complaint on May 15, 2021. While it took close to seven years for the IC3 to register its first one million reports, it took only 14 months to add the latest million to file. According to the US agency, annual complaint volumes increased by close to 70% between 2019 and 2020. The most common crimes reported were phishing scams, schemes relating to non-payment or non-delivery, and extortion attempts.
Commenting on this story is Hank Schless, Senior Manager of Security Solutions of Lookout: “Even as parts of the world emerge out of the pandemic and some employees start to return to the office, hybrid work is here to stay in some capacity for a long time. This means that employees will continue to use unmanaged or personal devices from outside the traditional corporate perimeter, which makes them very difficult to monitor for risk that might be introduced into the organisation. Employees expect to be able to access any resource from any location on any device. In the case of organisations that have a complex hybrid infrastructure, this creates a situation where they need to ensure the same level of secure access to everything. Cloud apps and infrastructure are built with integrations into modern identity and access tools, but lots of legacy on-premises solutions aren’t. Security teams need to be able to extend the security benefits of cloud-based infrastructure to on-premises resources. Attackers know that if they’re able to compromise an individual’s account or device through a personal channel, they could gain access to corporate data stored on the device or that the device is connected to through tools like VPN.
“The report notes that Business Email Compromise scams, romance and confidence schemes, and investment fraud were all leading financial loss attacks. Mobile devices make the perfect reconnaissance target for threat actors due to the unique data present. Malicious actors can harvest contact lists, credentials, private conversations, and social media content from mobile devices in order to plan subsequent attacks. These phishing attacks can even be launched from a co-worker or friend’s infected device, improving the chances of success.
“Organisations need to ensure that no unauthorised users can gain access to their infrastructure. Implementing Zero Trust policies that assume no user or device can be trusted until proven otherwise will help mitigate this risk. Zero Trust Network Access (ZTNA) enables organisations to implement access policies that look at the context under which the device and the user, respectively, are attempting to access the corporate network. This could uncover anomalous activity such as a different login location than usual or malware lurking on a device before it connects.”
Click below to share this article