Cybercrimes are already 16% of all crimes committed in Spain, there have been some 287,963 complaints in 2020, 20% more than in 2019, in 2016 there were only 90,000 complaints. The majority of crimes are fraud, 89.6%, followed by threats and coercion, 5%, and then sexual crimes.
These crimes do not only affect individuals but also affect businesses, companies, 70% of Spanish SMEs are subject to cyberattacks: identity theft (37%), malicious internal threats (37%), ransomware (35%) and DDoS attacks (33%) with human error or lack of cybersecurity awareness being the most important risk.
It is therefore important to know about these cybercrimes and invest in their prevention. Let’s see them:
Impersonation of your identity (identity fraud):
By obtaining your personal data (name, ID, bank passwords, passwords, etc.), cybercriminals can impersonate you by impersonating your identity and in this way:
- Make use of your bank accounts.
- Carding or irregular use of credit cards or your data or virtual cards to make payments (online purchases, games and bets…).
- False means of payment.
- Fraping (sneak into your social networks and make publications on your behalf).
How can cybercriminals get hold of your personal data to commit these crimes?
- Phishing: Cybercriminals use “baits”, fraudulent messages to attract their victims to forged sites (links in whatsapp, text message or email indicating that if you click on the link you access a prize or that it is your bank asking you to provide some data …), many times from friends or people you know whose account criminals have previously hacked or from false profiles on social networks, so that they enter personal information such as usernames, passwords and bank details, which the criminals will obtain.
- Pharming: uses malware to redirect unsuspecting users to counterfeit versions of websites, in order for them to enter their personal data.
- Keylogging: This spyware secretly records everything a person writes to obtain account information and other personal data, including keys and passwords.
- Sniffing: If you connect to an unprotected and unencrypted public Wi-Fi network (cafe, hotel, airport, etc.), hackers can steal your data by “sniffing” your Internet traffic with special tools.)
- Remote access tools: remote desktop protocols are susceptible to infiltration, or the use of a lost or stolen laptop.
- Threats from third parties that are part of your supply chain (customers, suppliers) that access your business systems to do their job. Its misuse, its carelessness or its lack of protection affect your system.
- Email and instant messaging that contains personal data or reserved information, it is easy for them to fall into the hands of others.
- Sharing files in an insecure way. Either without or with software to share files or collaborate.
- Publish information in forums or blogs of a company. Users often post support requests, blogs, or other work-related messages on the internet. Intentional or not, this can include confidential data and attachments that can put your business at risk.
- Bots in Social Networks. In particular, we have been seeing for a long time how bots, which is how automated accounts are known, are taking over a good part of the platforms and social networks and represent 37.9% of world web traffic. Tinder has +50 million users and according to a study by the University of Arizona 23.4% of those profiles are bots that are difficult to detect. Most bot profiles include a biography, school, work, they have about 60 contacts on Facebook, 4 images. Their messages on many occasions include fake urls committing pishing, they use url shortening services to not allow users to judge the content of the link, they usually send 6 messages and each message contains about 15 words. Thus, through these bots, cybercriminals steal personal and banking data from their victims or commit scams, they also encourage the subscription of malicious services. These profiles are created en masse and despite the fact that apps claim to use tools to destroy them, their creation is at a higher rate than their destruction.
- Fake news. Fake news tends to polarization, to create extreme currents and to the positioning of its recipients, arouse emotions and feelings of belonging to a group, which incites and invites them to participate. Therefore, there are many fake news that arrive through various means whatsapp, email or others with links or urls that seek to obtain our personal data and commit any infraction or crime with them.
Cybercriminals use “baits”, fraudulent messages to attract their victims to forged sites (links in whatsapp, text message or email indicating that if you click on the link you access a prize or that it is your bank asking you to provide some data …), so that they enter personal information such as user names, passwords and bank details. Many times from friends or people you know whose account they have previously hacked or from false profiles on social networks, so that they enter personal information such as user names, passwords and bank details, which the criminals will obtain.
It is becoming more and more common, especially on social networks, that false profiles of attractive men and women talk with other people to gain their trust and then ask for money transfers with any excuse such as coming to Spain, paying for a night from a hotel for an unforeseen event (example, a wealthy French woman visiting Africa to collect an inheritance due to the death of her father and one day she has problems there with her credit card and needs you to pay her a hotel night which for you is not much money; or the flatterer in Africa who asks you to send her a mobile phone or € 50 to buy a mobile phone with which she can talk to you instead of sending a message; and many others…) and they can even ask to send intimate images and then extort them by threatening to divulge them if money is not sent to them (for this they have been able to send you sexual images as an incentive for you to send yours).
The loan scam:
Ads for fast money loans with almost no commissions. It may be attractive to you and it seems reliable, but be careful, they request small amounts to be able to give you the loan for management costs. However, that loan is a fraud and the requested money will never arrive.
Harassment, threats and extortion:
It is essential in the face of these crimes to act quickly, block the person who is harassing or threatening and report it in the place where it occurred (a social network, an app,…), not responding to the harasser or threatening or giving in to blackmail or extortion; Save the information, the evidence to be able to communicate them to an adult and the competent authority or Delete as soon as possible the information that harms the victim, among other measures.
Cyber-extortion: blackmailing a victim using their personal information, photos or videos, including sexual content, that they sent in a moment of intimacy.
Sexting: sending sexual content and its subsequent dissemination and or viralization. Sexting consists of sending messages, photos, videos of sexual erotic content. According to a study published by the journal JAMA Pediatrics, a large number of young people under the age of 18 participate or have participated in sexting practices. Specifically, 1 in 7 (15%) has sent sexual content and 1 in 4 (27%) has received it.
Sextortion consists of blackmailing that person, the victim, using that information, messages, photos or videos with their dissemination or viralization. The victims are selected from among the users of sexual contact pages to demand, under threats, the payment of amounts ranging between 100 and 200,000 euros. The amounts are requested in various ways: transfers to accounts, payments at ATMs or even through platforms such as Bizum. The modus operandi of these organizations consists of publishing false advertisements on contact web pages, in which all kinds of services of a sexual nature are advertised, collecting the telephone numbers of all those who have come to make a call interested in the services offered.
A few days later, the extortionists call and send messages to the phone numbers they have compiled, claiming to be responsible for the advertised whorehouse, and the victims are reproached for not having attended a false meeting, thereby demanding the payment for lost time.
In some cases (depending on the organization), in order to get the victims to agree to make the payments, the extortionists threaten to spread to the environment of the victims that they are users of prostitution services.
Ransomware: One of the most common ways is ransomware, which consists of infecting a computer with malware that encrypts all files until you pay a ransom to unlock them, the figures can vary enormously depending on the size of the business and the importance of the data locked, it is very common that they demand ransom in cryptocurrencies which is not easy to execute during a ransomware attack. When this happens, lawyers can step in to act as ransom negotiators, finding that data is still blocked, the business suffering damage with each passing day, and time-pressed negotiators negotiating with extortionists who may be anywhere in the world. Cybersecurity teams must work to prevent this cyber attack, which is usually inevitable, with 85% of cyberattacks coming from human errors, from business employees, and there is no strong authentication, antivirus or firewall that works against human errors. So training employees in cybersecurity and prevention of cyber attacks is the most economical and effective investment to improve the cybersecurity of a business. It is also convenient to have the info available in other ways in other formats that you can go to quickly (Backup) or data recovery services to be able to continue with the business operations in the shortest possible time. And even have a cyber risk policy that can mitigate any item.
It is also cyber extortion, or threatening a company with methods such as a DDoS attack directed by a botnet that consists of disabling, interrupting or shutting down a network, a website, email, etc.
Cyberbullying (psychological harassment) occurs when a minor torments, threatens, harasses, humiliates or annoys another through the Internet, mobile phones, game consoles or other telematic technologies. Victims can be harassed 24 hours a day and have no quiet moments or safe spaces. The supposed anonymity, physical distance, less personal exposure, immediacy and the absence of rules make the bullies become more impulsive and aggressive, and the bullying towards the victim increases. The characteristics of the Internet and mobile phones can make bullying very viral and reach many more people in a very short time. Even harassing messages or posts can linger over time, damaging and affecting the image of the victim in the future.
According to the data from the Save the Children study, “I don’t play that game. Bullying and cyberbullying in childhood ”, 6.9% of Spanish students suffer cyberbullying and 9.3% traditional harassment or bullying. Which led to numbers means that between 82,000 and 111,000 minors have been victims. In the networks, one in three children denounces that they have been insulted by Internet or mobile. According to El mundo, 1 in 4 minors suffers from cyberbullying.
Cyber Harassment: refers to all kinds of online harassment, such as stalking, sexual harassment or …
Doxing or exposing someone’s personal information online without their consent, for example, physical address) and
Fraping or sneaking into someone’s social media and making fake posts on their behalf).
Grooming or recruitment of minors for sexual purposes on the internet. The Internet gives pedophiles or criminals the option of posing as minors in order to approach them. This crime has tripled in recent years.
Stalking is a practice in which a person tracks and controls the actions that another person performs on the Internet and on their social networks. In itself it is not a violent practice, but it can become so if the person uses the information collected to extort money from the victim.
Trolling. Trolling (or trolling, in Spanish) consists of deliberately provoking another person through social networks by insulting or reprimanding them.
The fake hack: Someone contacts you to tell you that they have hacked you, that they have your sensitive information, and that if you don’t pay them they will spread it. However, the hacking has never occurred, but many of the people out of fear that it is true fall into one of the main computer crimes in Spain.
Damages, sabotage, and others.
- Damage to computer systems and sabotage.
- Cracking (modifying software to remove its protection), spyware (spyware).
- Facilitation of access to interactive services provided remotely electronically.
As you can see, cybercrimes are more varied and more frequent every day.