One day while browsing the internet a pop-up appears on your screen. The pop-up says to be from Microsoft and claims that a virus been found on your computer and that if immediate actions are not taken — if you do not call their toll free number, your information will be stolen. On closer inspection, you notice spelling mistakes and you begin to get suspicious. You Google the number included and see it has been reported as a tech support scam. This was an attempted cybercrime.
According to the 2017 Internet Crime Report by the Internet Crime Complaint Center (IC3) the total amount of victim losses from the little over 300,000 reports they received that year were $1.4 billion.
NKU University Police Chief John Gaffin handles many cyber crimes on campus from harassing communications to financial scams. But cyber crimes are complicated and can often lead to dead ends.
“Cyber crime is very tough for local, state, federal—really any law agency to respond to,” Gaffin said.
Gaffin gave an example of a recent case in which a scammer pretended to be a department head. The scammer then requested the employees to go to the store and buy a certain amount of Visa gift cards and email them the activation codes. An employee realized the names and email addresses did not match and contacted the NKU police department, who then ordered a subpoena to google server to receive subscriber information.
This led to a shared IP on a server in Hawaii but there was no way to pinpoint where exactly the scammer was located. Gaffin stated that this is usually the case.
“There are a lot of ways to hide yourself,” Gaffin said. “You can spoof IPs and do some things so it’s hard for us to figure out where its coming from. In some cases where we can figure out where its originating from, we have no jurisdiction.”
Cyber crimes are prevalent enough that IC3 receives over 800 complaints a day, yet only a handful are reported in NKU police department’s daily crime logs. According to Gaffin, many cyber crimes go unreported.
“I really tend to think that cyber crimes are very much unreported. I can’t tell you how many emails I’ve gotten that were scams. You know they are so you just delete them,” Gaffin said.
Gaffin also said that those who report cyber crimes usually only report them after they have already been victimized.
Another form of cybercrime is harassing communications, which the state of Kentucky defines as, “communication in a manner which causes annoyance or alarm and serves no purpose of legitimate communication.”
Harassing communications, unlike scams, are for the most part easily traceable but that does not mean there aren’t challenges.
“The biggest threshold is to prove communication was unwanted,” said Gaffin.
Gaffin also said in these cases a conversation with the party issuing the unwanted communication can typically suffice but there are instances where it has traveled all the way to the state level.
The IT department at NKU assists NKU’s police department with many of these crimes.The server team at NKU’s IT department and Scott Switzer, manager of infrastructure and operations, confirmed that these crimes are also prevalent on campus, “investigations into threatening behavior on campus, such as terroristic threatening and cyberbullying are also common.”
Ways we put ourselves at risk
“When we talk about cybersecurity we have to talk about the weakest link. The weakest link is human beings,” Professor of Computer Science Yi Hu said.
Hu is also faculty advisor for the cyber defense team. Hu said that scammers can produce very convincing looking emails but just because it looks legitimate, doesn’t mean it is.
“Many people have the habit of clicking a link in an email not knowing whether it is malicious or download some malware,” Hu said.
What may seem like a small mistake can have serious consequences, “that may download malicious software on your machine. Hackers can easily get into your computer but also get on the network of the company and from there they can attack other servers and steal data.” Hu added.
Smart devices, such as Amazon’s Alexa, can be another security concern.
One of the weakest points of security is actually our home networks, according to Hu.
“It becomes vulnerable very quickly because if there is any kind of vulnerability on there, the manufacturer no longer supports it but you are still running it. You may be running a weak security protocol and not know someone can take advantage very easily and get on your home network.”
How you can protect yourself and your information
It is important to be aware of signs that someone may be trying to scam you. If it sounds too good to be true, it probably is.
“Remember that the majority of email is not secure. NKU IT will never ask for your personal account information directly through email. Be wary of anyone claiming to need your username, password, or any other sensitive personal data,” said Switzer. Read your emails carefully, look for additional signs that the email may not be from a legitimate source.
“You want to look carefully at grammar. A lot of times they are not very well constructed. Hover over the URL and see if it is a legitimate URL or not,” Hu said. Illegitimate URLs are often similar to legitimate ones, Hu added, such as uspaypal.com (illegitimate) compared to paypal.com (legitimate).
“You want to have some kind of software that’s constantly monitoring your pc, laptop, or mobile device. If there is any kind of malicious activities on your computer or device they will alert you,” Hu said.
There are many different antivirus softwares that are available, many that are free or have free trials such as Kaspersky or Bitdefender.
While having 70-80 different passwords, about the amount Hu said he has, may seem excessive, it is important to have a wide variety of passwords. It only takes one weak password for someone to get your information. Like in 2016 when Mark Zuckerberg’s social media accounts were hacked due to his weak Linkedin password, “dadada”.
There is software that can help you remember your multitude of passwords such as Password Safe. Hu suggests creating a scheme or method for different websites to make the process a bit easier.
Other Security Measures
IT sends monthly newsletters that detail current scams they have become aware of, as well as ways you can keep yourself more secure. Don’t just ignore emails from IT; more than likely they are for your own good.
When connecting to Wi-Fi on campus, the most secure option for students is NKU_Secure. Since you are required to login on this network with a NKU username and password it is a safer connection.
Being overly cautious online may seem cynical, but when you consider the amount of data about ourselves that can be accessed, it’s better to be safe than sorry.
There are many ways to report suspicious activity online. If you have received a suspicious email, forward it to firstname.lastname@example.org or contact the IT help desk. By becoming aware of potential risks online at NKU, the proper authorities can prevent it from happening to others. You can find more information about protecting yourself and your computer here.