The Justice Department recently shut down hundreds of sites for defrauding customers with fake hand sanitizer and disinfectant sales. The sellers, based out of Vietnam, tricked tens of thousands of customers into making purchases that never arrived, and got away with it by using Paypal and fake UPS tracking numbers to conceal their crimes.
As awful as this story is, it’s just a drop in the bucket as cybercrime and fraud skyrockets across the web. Whether it’s websites selling phony COVID-19 cures or outright cyberattacks and data breaches, security researchers are meticulously working to document the scale of the threat we face. Tap or click here to see how to instantly spot these fraud sites.
Thanks to the hard work of these cybercrime sleuths, we now have a better understanding of how these cyberattacks are operating, where they’re coming from and what can be done to avoid them. Here are five new data points that shed some light on the biggest online crime wave in years.
Looking behind the hacks
According to Arkose Labs’ Fraud and Abuse Report, there have been “significant spikes in fraud attempts” during the first half of 2020 compared to the same time last year.
These attacks follow several key patterns that reveal a good amount of information about where attacks are coming from and why. Thanks to Arkose Labs’ research, we know the countries these cyberattacks are originating from, how they’re accomplished, and when people can expect them to occur.
1. Most of the world’s cyberattacks are coming from three countries
The report found that the top three originating countries for cyberattacks in 2020 were The Philippines, Russia and Ukraine in particular. Arkose rated these countries as having the highest “human-driven” attack volume, meaning that real people are actively working to make these attacks happen rather than bots.
2. Bots change their primary target to social media
Speaking of bots, April and May of 2020 saw an incredible spike in bot activity on platforms like Facebook and Twitter. These automated accounts appear less concerned with defrauding users than they do with spreading misinformation — political propaganda especially. Some of these bots may have even contributed to the rise in fake news about COVID-19.
3. Hackers are using literal sweatshop labor
Much of the human-driven activity behind cyberattacks on financial sites and banks appear to come from large-scale organized hacking efforts. These so-called hacker “sweatshops” employ dozens of paid workers who simultaneously engage and attack a target at once. This is similar to the idea behind troll farms, but with a much more malicious streak.
4. The gaming industry is a top target
Online gaming is experiencing unprecedented levels of activity during the COVID-19 pandemic, which means more targets for potential cyberattacks. And according to the Arkose report, websites, games and communities associated with online games experienced as many as 65 cyberattacks per second during the first half of 2020.
5. The witching hour for hackers has been revealed
Arkose determined that the highest levels of attacks from fraudsters and hackers occur during the wee morning hours of 5:00 a.m. This time applies to American time zones, and includes cyberattacks from malicious foreign actors working “across borders.”
Now that we know this information, how can we use it to protect ourselves?
Since we have a better understanding of what makes these hackers tick, we can take the following preventative measures to secure our computers and keep ourselves safer as we spend time online.
- Avoid links or domains that lead to websites ending in .ph, .ru, or .ua. These are the top-level domains for The Philippines, Russia and Ukraine, respectively, and indicate the websites or links are hosted in these countries.
- Exercise caution when playing online games, and make sure to stay skeptical about offers or promotions for free items, subscriptions or other perks that a game doesn’t normally offer. This is especially true in games where frequent financial transactions are involved.
- Shut your computer down overnight, and make sure it stays off during the 5:00 a.m. hour unless absolutely necessary.
- Be skeptical about what you read on social media, especially if it leans political or conspiratorial. Always ask yourself “what could be the intent behind this post?” Is it trying to make me angry? Hopeless? Confused? Is it trying to sell me something?
Follow these steps, and you might be surprised at how much easier your online experience is. In any case, you’ll be reducing your chances of running into phishing websites and other kinds of fraud.
At least with these kinds of attacks, they can only hurt you if you let them. Tap or click here to see the latest COVID-19 vaccine scams you need to avoid.