In recent months there has been a spate of warnings around scams either online or through email and text messages.
Cybersecurity has also been elevated in the public consciousness since the HSE cyberattack last month.
Only this week, the who lost €14,000 from her bank account in one of the latest rounds of text message scams.
reported on a womanOn Wednesday, people were warned of a new sophisticated text scam circulating, claiming to be about a missed package.
With the rise in scams, we asked a cybersecurity expert what was going on.
Professor Donna O’Shea, Chair of Cyber Security at Munster Technological University (MTU), gave us some answers.
“I have never seen so many online and text scams doing the rounds,” said Prof O’Shea.
She highlights how she was recently targeted by a text scam saying: DHL: We were unable to deliver a parcel today, and directing her to click on a link.
“This scam is an example of a cybercriminal sending a text from a convincing looking Irish mobile number that claims they belong to DHL, targeting the hope that we have recently purchased an online item that we expect to be delivered.
“The cybercriminal, in this case, is exploiting an increased dependence on online shopping due to coronavirus, a hope that you have made a recent order, and human error by clicking on the link.”
Prof O’Shea said cybercriminals use “social engineering and human behaviour techniques” to target individuals.
“For example, our behaviour to shopping has changed due to coronavirus, cybercriminals use tactics such as spam or phishing to exploit this change in human behaviour,” said Prof O’Shea.
“Complex attack models can also emerge if attackers have access to personal or private data gathered through social media or data leaks, providing a more custom, tailored and convincing attack scenario, again exploiting a vulnerability in human psychology.
“No one is immune against attacks of this nature, being aware is our best line of defence.”
Cybercrime has become more professional in the last number of years, according to Prof O’Shea, who added that the barrier to entering the profession is low.
“Exploit kits, which is software developed and sold by criminals, have made it much easier for those without technical knowledge to perpetrate cyberattacks which has led to a rise in the volume of attacks.
“These exploit kits are sometimes sold as a service by cybercriminals, with cybercriminals offering trial periods, 24/7 user support, multi-language documentation etc.
“This low barrier to entry, high incentives in terms of payoff has led to a dramatic increase in cybersecurity attacks and has made attributing cybercrime incidents to a particular person, organisation or state is simply not possible.”
Phishing, vishing and smishing scams.
“In the case of phishing, the attacker makes contact via email representing themselves as a reputable company, in the hope that you will click on a link or download an attachment.
“The goal here from the attacker's point of view is to install malware onto your PC or get you to provide personal/banking information,” said Prof O’Shea.
Vishing and smishing scams are similar.
“Vishing involves the cybercriminal contacting you via a phone; whereas smishing uses texts to launch the attack.
The recent attack on the HSE was a ransomware attack, unlike the ones highlighted above.
“The CONTI Ransomware attack was basically a human-operated double extortion ransomware attack. The ransomware exploited a vulnerability in a network perimeter and once inside the perimeter was able to install itself on the network and contact its control and command server and wait for further instructions,” explained Prof O’Shea.
“When the cybercriminal decided the time was right to launch the attack they contacted the ransomware/malware inside the network perimeter, instructing the malware to copy the files to the attacker's server and encrypt the files locally.
“The attackers then demanded a ransom for the key to decrypt the files locally. The demand for a ransom is the reason why it is called a ransomware attack.”
Phishing scams can be used as a precursor to a ransomware attack.
The phishing scam can be used by the attacker in an attempt to trick the victim into downloading the piece of software/malware onto the victim's computer.
Prof O’Shea explained that this can be subsequently used to launch a ransomware attack.
“Take the time to look properly at the text message and be careful when clicking on links sent to you via SMS.”
“Pay close attention to the source email address of the communication as attackers try and mimic genuine addresses. Don’t click on links that look suspicious, don’t reply to scam emails.”
Contact the Garda National Cyber Crime (GNCCB) Bureau or your local Garda station, advises Prof O’Shea.
The GCCB conducts investigations into criminal offences of a significant or complex nature including network intrusions, interference with data and websites belonging to Government departments, institutions and corporate entities.
Prof O’Shea has advised vigilance and awareness.
“Be vigilant, be aware, trust your instincts. Make vulnerable family members aware of scams.”
The GNCCB has previously advised of four steps that can help