Cyber enters a new phase with criminals now advertising their services on the dark web.
The Fraud Barometer recorded a number of cases in which the commercialisation of cyber-crime had been a factor – with criminals advertising their services on the dark web. In one case, a cyber criminal who created a virus and launched an attack which knocked a communications company in Liberia offline, was jailed for 32 months. He had been paid $30,000 by a rival company to cause the mass disruption - which the victim spent $600,000 repairing.
The data also recorded a 57% increase in the number of account takeover cases reaching court, in the first half of the year where digital scammers used a range of techniques including email, SMS and apps to get hold of personal data that then enabled them to take over bank and credit card accounts. In one case, a Tyneside man who was the UK front of a scam conducted in India was jailed for 28 months at Newcastle Crown Court. The fraud involved online scammers who fleeced vulnerable computer users out of hundreds of thousands of pounds by pretending to help them fix bogus viruses or by hacking attacks on their computers.
Victims, many of them elderly, were panicked into contacting the fraudsters after messages informing them their computers had been infected either popped up on screen or were played through speakers.
When they followed instructions to contact a free number, they were put through to India-based crooks who said they could fix the problem for a fee. But once the scammers had access to victims' banking details, they plundered their accounts and sometimes installed software to allow them to steal more.
“We are noting a worrying move from criminals simply hacking as a means to an end to being industrialised personal data brokers on the dark web. As our digital footprints get larger, cybercriminals will continue to develop new and innovative ways to steal personal data. If we are not alive to the threats, there is a great risk that we increase our vulnerability to criminals through our inaction.
The Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) entered into force in June, and requires banks to repay funds to customers stolen as a result of account takeover. Whilst this is a very positive step for the customer, we all need to remain vigilant as consumers will continue to bear such costs indirectly.”
Roy Waligora, KPMG UK Head of Investigations.