Cyber enters a new phase with criminals now advertising their services on the dark web.
The Fraud Barometer recorded a number of cases in which the commercialisation of cyber-crime had been a factor – with criminals advertising their services on the dark web. In one case, a cyber criminal who created a virus and launched an attack which knocked a communications company in Liberia offline, was jailed for 32 months. He had been paid $30,000 by a rival company to cause the mass disruption - which the victim spent $600,000 repairing.
The data also recorded a 57% increase in the number of account takeover cases reaching court, in the first half of the year where digital scammers used a range of techniques including email, SMS and apps to get hold of personal data that then enabled them to take over bank and credit card accounts. In one case, a Tyneside man who was the UK front of a scam conducted in India was jailed for 28 months at Newcastle Crown Court. The fraud involved online scammers who fleeced vulnerable computer users out of hundreds of thousands of pounds by pretending to help them fix bogus viruses or by hacking attacks on their computers.
Victims, many of them elderly, were panicked into contacting the fraudsters after messages informing them their computers had been infected either popped up on screen or were played through speakers.
When they followed instructions to contact a free number, they were put through to India-based crooks who said they could fix the problem for a fee. But once the scammers had access to victims' banking details, they plundered their accounts and sometimes installed software to allow them to steal more.
“We are noting a worrying move from criminals simply hacking as a means to an end to being industrialised personal data brokers on the dark web. As our digital footprints get larger, cybercriminals will continue to develop new and innovative ways to steal personal data. If we are not alive to the threats, there is a great risk that we increase our vulnerability to criminals through our inaction.
The Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) entered into force in June, and requires banks to repay funds to customers stolen as a result of account takeover. Whilst this is a very positive step for the customer, we all need to remain vigilant as consumers will continue to bear such costs indirectly.”
Roy Waligora, KPMG UK Head of Investigations.
© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.