Smartphones have become such an integral part of our everyday lives that many users joke their devices have become grafted to their hands. We use them to maintain contact in our work and personal lives, correspond through email and social media, and a bulk of Americans have made the transition to conducting their banking through the use of mobile applications. As developers continue their bottomless pursuit to create an app for everything, more and more of our real, flesh-and-blood lives are being stored on our phones: personal details, account numbers, passwords, and other sensitive information that could be misused if it fell into the wrong hands. That’s why smartphone users have to educate themselves on the specifics of a scam called “SIM card swapping.”
What is SMS?
For many telephone, internet, and smart device developers, SMS (short message service) text messaging is the cornerstone of their services. As of 2010, it was the most utilized service provided by communication companies with 3.5 billion users. It became a vital tool in direct marketing campaigns and remains one of the most popular forms of communication in younger users. Because of the ubiquity of smartphones, many companies that require a two-step authentication process for their users’ security implement SMS as a secure means of accessing information. For example, you attempt to log in to your bank account, correctly entering your username and secure password. It’s not uncommon for banking apps to prompt a second form of verification, so the app tells you it will now be sending a four-digit verification code to your phone that you must enter on the app to confirm that you are who you say you are. The code is sent to your phone via SMS. Once this information is transmitted over SMS, users are often derelict in deleting that information from their devices. This is where users are vulnerable to the scam.
How SIM swap scams work
Smartphone users who have lost their phone or who have been the victim of a theft often have the ability to call their mobile provider and provide their secure information in order to have the provider remotely wipe the SIM card and have that information transferred to another phone. Thieves in search of secure information will use tools like phishing mail campaigns, posing as legitimate companies like insurance and credit card companies to get the victim to willingly hand over identifying information such as date of birth, address, and phone number. Once they have enough identifying information, they will call the victim’s mobile provider and pose as a customer. They claim they’ve lost their phone or their phone was stolen from them. Then, using the victim’s identifying information, they will request that the mobile provider remotely wipe their old SIM card and rewrite it to the SIM card in their new device. Just like that, the thief has any and all information that has ever been transmitted via SMS text. This leaves accounts, email inboxes, and secure information vulnerable to fraud. “A high proportion of banking customers now have mobile phone numbers linked with their accounts,” fraud prevention consultant, Emma Mohan-Satta, told Digital Trends, “and so this attack is becoming common in some regions where this attack was not previously so common. Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims who have been specifically targeted through successful social engineering.”
Who is vulnerable?
Anyone who uses their smartphone as part of a two-step authentication is vulnerable to a SIM card swap scam. Once the thief has their hands on your personal information, they can devastate you in minutes by performing bank transfers, rerouting mail, and making purchases in your name. If the SIM card contained any compromising information, such as lewd photos or inappropriate communication with another person, the perpetrators can use that information to blackmail a victim into paying a tidy sum in exchange for the return of the compromising data. A victim named Tina told Motherboard, “This just happened to me over the weekend. I lost service late Saturday night and assumed it was an issue with my always buggy iPhone. Then on Sunday morning my husband got a text from T-Mobile saying that a line on our phone plan had been cancelled (mine) and i soon discovered that $1200 had wired out of my bank account to someone in [redacted] with my same last name.”
While the cost to a single individual can be devastating, a sophisticated thief can do even more to topple a business like a house of cards. It’s common practice for some types of employers to issue their employees a company cell phone to facilitate business, and in this day and age, that almost certainly means a smart phone. Correspondence between coworkers, appointments, account numbers, and sensitive company information can be exposed and exploited for gain. Companies that carry high financial sums in their accounts can be ruined before they even realize there’s a problem.
How to protect yourself
Dependence on smart phones to facilitate two-step authentication plagues many users throughout the country who enjoy the convenience of verifying their identity through SMS. Luckily, tech sites like Motherboard recommend a few ways you can protect your identity and your monies.
Beef up account security
Many major cell phone service providers are developing new methods of two-step authentication in light of the rise of SIM card swap scams. Many offer their customers the option to set up a secure PIN for their account, completely separate from the login information used to access their account. The PIN is used as a primary verification feature specifically for when customers call into the support center for SIM card-related issues. Previously, many providers opted for a security question for this type of authentication, but the answers to these security questions can often be found on a victim’s social media, such as, “Which high school did you attend?” This way, the PIN is never transmitted through SMS text messaging, and no personal information from a social media profile can be used against them.
Don’t link your number to your online accounts
Once a thief has access to your account, they can easily reset your password and other authentication methods, making it very difficult to quash the problem. Instead of linking your mobile cell phone to your accounts, you can choose a different sort of number, such as a Google Voice number.
Many individuals and companies bypass security measures for a number of reasons, such as lack of time, interest, or the mere belief that they could never be the victim of a SIM card swapping scam. The reality is that it can happen to anyone, and there’s no shortage of victims for scammers. Users who practice their due-diligence can build a security to block them out. When the scammer hits this wall, they simply move on to the next target. Educate yourself and ensure that target isn’t you.
Carie McMichael is the Communication and Media Specialist for Lauth Investigations International. For more information on investigation topics, missing persons, and corporate solutions, please visit our website.
Those who met their current significant other in an age before the internet often have a difficult time understanding courtship rituals in the year 2019. Even Gen-Xers who are navigating the single-scape are having trouble adjusting to the way social media and dating apps have changed the way relationships are formed in the United States. The internet has done wonderful things for the world of dating. It reignites old flames who haven’t seen one another since high school. It connects the dots between persons across the country. It brings together people from different walks of life for a far more interesting relationship. However, the anonymity of the internet and the potential to be whoever you want to be has fostered one of the most devastating types of scams that exist in the modern world: romance scams perpetrated by “catfish”.
If you follow internet culture, you’re likely aware of a television program called Catfish: The TV Show. The series is a continuation of creator Nev Schulman’s 2010 documentary simply called Catfish. The film followed Schulman’s journey through his own romance scam, in which he met a woman online named Megan through the internet. Megan claimed to be many things: a singer, songwriter, recording artist, photographer, rancher, and part of an equally-talented family. Through their online communications, Megan led Schulman to believe that her life was very picturesque, but tragically, she has cancer. After several attempts to finally meet Megan fall apart, Schulman and his production team make the trip to finally meet her and begin to realize along the way she may not be truthful about her identity. At the end of the film, Schulman and his team realize that there was never really a Megan. “Megan” was actually a middle-aged woman, Angela, who used the internet as a way of connecting with others in her insular life. The online identity of “Megan” was not entirely fiction—Angela did have a daughter named Megan, who was a photographer, and she used that piece of personal information to craft a persona that endeared her to men and garnered their attention on the internet.
Schulman’s story is unfortunately a common thread in today’s dating world. In 2011, a year or so after the documentary first premiered, studies showed that males between the ages of 40-49 and females between the ages of 50-59, made up the largest age groups effected by romance scams or “catfishing,” 28% and 35% respectively. In most confidence tricks, frauds, or scams, the goal is simply to rob an individual of their finances for personal gain. Catfish scams are particularly ugly, because it’s not just about money. A catfish’s target is often a trusting person, a benevolent person who might experience low self-esteem, and is often isolated from others for a myriad of reasons. That person makes a real emotional investment in the catfish with the intention and belief that they will spend the rest of their lives with that person when they finally meet.
“Catfish” is an appropriate name for this particular type of scammer, according to Special Agent Christine Beining, a seasoned financial fraud agent in the Federal Bureau of Investigation’s Houston Division. Even as recently as 2017, she says, romance scams were on the rise. According to the FBI’s website, in 2016, almost 15,000 complaints which fell under the umbrella of romance or confidence frauds were reported, which is 2,500 more than 2015. Beining characterizes a catfish in search of their next victim as throwing a fishing line, “The internet makes this type of crime easy because you can pretend to be anybody you want to be. You can be anywhere in the world and victimize people. The perpetrators will reach out to a lot of people on various networking sites to find somebody who may be a good target. Then they use what the victims have on their profile pages and try to work those relationships and see which ones develop.” She offers the example of a Texas woman who ended up sending a cumulative $2 million to a man she met over the internet who “said all the right things.” This catfish targeted the woman’s strong Christian faith, and capitalized on it to pull her into his web of deception. When scammers are using social media maliciously, how are we supposed to protect ourselves in a digital age?
One of the country’s best fraud watchdogs, the Better Business Bureau, conducted a study last year on the current climate of catfishing and other forms of romance scams. While there are some discrepancies among experts as to what defines a romance scam, four consistent stages of a scam emerge:
Contacting the victims
Like Christine Beining said, scammers use the internet as a fishing line, and create dozens of fake profiles online with stolen pictures and manufactured personas in the hopes of netting a handful of victims. They hope to form an instant connection with that person, usually though an alleged common interest based on information mined from the victim’s page or profile. A potential victim loves to ski? Suddenly that catfish also loves to ski, even if they’ve never been. After a short period of time, the catfish will often encourage the victim to move the conversation somewhere else, like texting or another instant-messaging platform. This way, if their profiles are flagged by the social media platform as a scam, they will still be able to contact victims already in the net.
Like any predator, catfish depend on grooming behavior to make the victim emotionally dependent on them. They learn about the victim’s life—their hopes, their dreams, their traumas, their family drama. This stage varies in length, but it can often go on for months as catfish attempt to build an impenetrable wall of trust around themselves and the victim. Endearing themselves so allows them to have credibility in the victim’s eyes when those around them might arch an eyebrow. In a further effort to telegraph their integrity, scammers might also send gifts to their victim as one of the hallmarks of a “real relationship.” This is the stage where scammers begin to test the limits of the victim. They ask for small favors, such as small cash amounts to buy groceries or pay the phone bill so their communication may continue. It’s also the stage where catfish begin to further isolate their victims from their friends and family so the fraud can continue unhindered.
This is where the predator’s bites out of a victim’s income become exponentially larger. In any romance scam, one of the most common plot points in the catfish’s narrative is an “emergency,” likely with themselves or a close member of their family for which they need a cash sum. It can be anything from hospital bills to a plane ticket. If the victim is always willing to send money, there’s no way to predict when the fraud will conclude. This is also where victims can find themselves in real danger. Victims who are not simply bilked out of their savings can easily get mixed up in things such as money laundering or larger scale frauds as an oblivious participant. In the most severe cases, victims get on a plane to meet the catfish and meet a violent fate at the hands of a person they thought was their sweetheart.
The fraud continues
Exposing a catfish does not mean the nightmare is over. There has been an increase in brazen catfish continuing the fraud after being unmasked, this time disguised as a good Samaritan who just wants to help the victim get their money back. They can take the form of a law enforcement officer or a private investigator. The original persona might also reach back out sheepishly—admitting that they had been caught, but what originally began as a con to get their money has now become true love. It’s not uncommon for victims to allow the fraud to continue, having acknowledged the catfish’s honesty.
If you’ve been the victim of a catfish or romance scam, contact a private investigator today to learn how they can help you expose the culprit. A private investigator’s skill set and lack of any bureaucratic ladder will allow the case to move swiftly and efficiently, as time can be of the essence when chasing a scammer, who can quickly pack up their tent and move on to another social media platform before law enforcement pins them down. Private investigators also have no jurisdictional restrictions within their cases, which is particularly crucial to exposing scammers who are operating outside of the United States. They can also empower you with crucial knowledge to prevent the cycle of fraud from continuing. While it may sound callous to some, the best rule of thumb is to never send money to an individual you have never met in real life. After all, the internet is not a substitution for face-to-face interactions. If you’ve connected with someone over the internet, and the chemistry is there, a genuine person will not have the resistance and excuses that catfish often do when the jig is up.
Carie McMichael is the Media and Communication Specialist for Lauth Investigations International. For more information, please visit our website.
Advances in technology are constantly changing the dialogue about how we protect our children from potential predators. Over the last decade, parents have had to reform their strategy when it comes to protecting their child in the real world. Before, parents cautioned their kids on stranger danger, special code words, and remaining aware of their surroundings in public. In a new era of unfettered internet access through multiple smart devices, parents had to contend with the real world being brought into their homes, with predators targeting their children through social media. Now, it appears parents will yet again have to add some new pages to the playbook when it comes to protecting their children from predators on video game platforms with integrated social networking.
Parents with children between the ages of 12-25 will likely be familiar with the online first-person shooter video game known as Fortnite. In the game, 100 players at a time compete to be the last one standing in a battle-royale style of combat. The game features a chat feature allowing players to communicate in team efforts and other uses. It has great potential to foster team building and cooperation between young people, but also has a dark side recently illuminated by an arrest made in Florida in late January.
Authorities arrested 41-year-old, Anthony Thomas, a man who allegedly used Fortnite’s instant-messaging feature to groom over 20 minors, including a 17-year-old, with whom law enforcement allege he had a sexual relationship. The Florida Attorney General’s Office also stated Thomas has been charged with 22 counts of possession of child pornography, and other charges related to his unlawful sexual relationship with the minor. Investigators uncovered he groomed the minors by sending them gifts—including a cell phone so their communication could remain more private. Ashley Moody, Attorney General, remarked about the predation perpetrated, “This case is disturbing, not only because it involves child pornography, but also because a popular online game was used to communicate with the victim.”
Grooming is defined as “a process by which a child predator gains the trust of a victim by building a relationship with the child and then breaking down his or her defenses.” Once a predator has earned their trust, they begin exploitation. Minors who are groomed in the gaming community are particularly vulnerable because the predator may literally be on their team. Cooperative play between players fosters a healthy, “there’s no ‘I’ in TEAM,” mentality, but predators use this relationship to manipulate the minor.
One of a predator’s greatest weapons when grooming a minor online is pop culture. The predator—perhaps unlike the minor’s parents—shows their target they’re “hip and cool”, and are able to converse at their level about something they enjoy. This causes the minor to lower their guard, and the predator begins their manipulation game, culminating in the exploitation of said minor. Online gaming is becoming so ubiquitous predators have developed a way to sense when a minor’s gaming is suddenly being supervised. The moment a minor’s behavior changes—they stop responding to messages, or do so uncharacteristically—the predator can pick up on that and cease all communication before they’re caught.
Unfortunately, even if a parent is supervising the communication between their minor child and other players online, it doesn’t mean they cannot be groomed. In the grooming process, between the introduction and the beginning of the exploitation, predators often suggest moving their communications to a third-party app, like What’sApp or Snapchat. These are apps where communications disappear with ease, and a parent performing their due-diligence in supervising their child’s internet safety may not notice, or even know how to access. TeenSafe says it’s critical parents learn to recognize the signs of grooming in their minor child.
Signs of Grooming
- Your child wants to spend more time online or playing games on a console, but won’t tell you why.
- Your child does not want to discuss what he or she does online, or what websites he or she visits.
- You notice your child is using inappropriate language he or she would not have heard within your home or at school.
- When you walk in a room, your child quickly changes the computer screen, mutes the volume on their gaming console, or turns it off all together.
Fortnite and other games with similar messaging platforms have been on law enforcement’s radar for the last few years as the instances of these cases continues to grow. In August of 2018, Titania Jordan, a digital safety expert, appeared on The Doctors to provide parents with helpful tips—not just for supervising their children’s gaming—but also for establishing boundaries that can nip grooming in the bud.
- Do not allow minors to have computers, game consoles, or tablets in their room without supervision. Keeping these devices in common areas will increase visibility and deter predators from targeting them.
- Instruct your child to never reveal any personal information about themselves to people they’ve met online, especially very specific information, such as where they live or where they go to school.
- Create a culture of openness in your home where children feel comfortable coming to you if they feel uncomfortable about an interaction they’ve had online.
People of all ages play video games, but the vast majority of players are either minors or young adults, and parents often find themselves overwhelmed with the strange new world of online gaming. Titania Jordan reminded parents knowledge is power, recommending they verse themselves in the games their children play. This can only heighten your ability to detect when something is off. This means doing research online, and actively listening when your children describe normal gameplay behavior.
Having an internet connection in your home may feel like you’re inviting predators into your home. And true, there’s no time to supervise every single activity your child does online. This is why it’s so important to nurture an open line of communication between parent and child. Not only will parents be able to sense when something is amiss in their child’s online interactions, but a strong bond between parent and child makes it less likely that an online predator will be able to isolate the child emotionally and manipulate them for the purposes of exploitation.
You receive a phone call and hear the voice of someone you don’t recognize. They tell you they have your child and will kill them unless you pay a ransom – they direct you not to call police or you will never see your child again.
What would you do?
You tell the person on the other end of the phone not to hang up. You don’t want to disconnect with the one person that can reunite you with your child. You plead for your child’s safe return. “Please don’t hurt her. I will do whatever you want,” you say. And, you would!
They demand you go to the bank and wire a ransom of several thousand dollars. Do you call the police? Do you pay the ransom and hope the thug will return your child to you safe?
A child going missing is every parent’s worst nightmare, and for those who do have a missing child – living with such ambiguity is said to be the most traumatic of human experiences.
Sounds like a situation that only happens in the movies, right? Or, something that only happens to the wealthiest people in society.
The Federal Bureau of Investigation (FBI) has declared virtual kidnapping a violent crime and issuing warnings to parents that scammers are targeting parents and demanding a ransom in exchange for the safe return of children they kidnapped . . . well, virtually kidnapped. Police throughout the country are following suit, issuing warnings in their communities.
Police throughout the country are following suit, issuing warnings in their communities.
What is a Virtual Kidnapping?
A virtual kidnapping scam is an attempt to dupe victims into paying a quick ransom. The virtual aspect of the scam involves staging a scene on the phone to convince a person that a loved one has been kidnapped, following with a demand for ransom.
According to the FBI, “The success of any type of virtual kidnapping scheme depends on speed and fear. Criminals know they only have a short time to exact a ransom before victims unravel the scam or authorities become involved.”
Typically, the scam is executed by calling a victim claiming they have kidnapped a loved one, then demand a ransom in exchange for the loved one’s safe return.
Valerie Sobel is one such person who did receive a call from a person who said, “We have your daughter’s finger. Pay up or you’ll get the rest of her body in a body bag.”
Petrified, Sobel rushed to a money transfer location to pay the ransom, wiring $4,000 to the person who claimed to have kidnapped her daughter.
Valerie made many frantic phone calls to her daughter’s cell phone and after many hours had passed, her daughter Simone called her back totally confused but safe.
Basically, scammers call random numbers hoping to find a person who they can convince, while other times these scammers research Facebook and other social media platforms for names and numbers. If a scammer calls 100 people, chances are at least one will instantly pay.
Another way it may go down is a scammer calls you and you hear a child crying, “Mom, please help me.” Panic immediately sets in. You think it is your child. Then a man’s voice comes on the phone and calls you by your first name. This legitimizes the caller and you immediately ask them to just tell you what they want. What mother would not empty her bank account in exchange for her child’s safety.
If you don’t think you could become a victim, please read on.
Virtually Kidnapped Daughter
According to the Washington Post, Wendy Mueller lives in historic Leesburg, Va., and never thought she would become a victim of a virtual kidnapping scam.
One afternoon, while standing at her kitchen sink, she received a call from a number she did not recognize but answered.
She heard screaming and it sounded like her 23-year old daughter’s voice begging for help.
Then a man’s voice tells her, “we have your daughter.”
The caller told Mueller to put her phone on speaker, get her purse and phone charger and get into the car.
The man asked, “How much cash can you get right now?”
$10,000,” Mueller replied.
The man told her not to contact anyone for help or they would kill her daughter.
Mueller’s daughter attends college hundreds of miles away and she had no way of knowing her daughter was safe.
“They told me they were actually targeting someone else, someone they would be able to get a lot of money for. But they said my daughter intervened when they tried to grab him. And that sounded exactly like something she would do,” Mueller said.
“I was terrified,” Mueller continued. “They told me they wouldn’t hesitate to kill her.”
The caller had told Mueller he had hacked her phone and knew every move she was making. For hours, he told her to go to small stores and offices across Northern Virginia, where she wired the max amount of usually $1,900 each time to names and addresses in Mexico that the caller had given Mueller.
Mueller cross-crossed the state following his directions and making payments, until nightfall came.
Mueller had kept asking to speak to her daughter.
“They kept promising me: ‘As soon as you send the last one, you will talk to her,’” Mueller said.
The caller told Mueller he was a professional and part of a group of kidnappers – a huge organization – who do this all the time and kill.
The man told Mueller they had placed a set of headphones on her daughter so she could hear everything, so her daughter would know if her mother did anything to cause her death.
Mueller thought of stopping passersby but didn’t want to chance the kidnapper knowing.
“It was torture,” Mueller said.
As it turned out, her daughter was in class, safe and sound. Mueller had been scammed.
No one is immune
Thousands of families throughout the country have become targets of these malicious scammers.
According to FBI kidnapping expert, Agent Eric Arbuthnot, several organizations use these scams regularly to make money.
“Thousands of dollars in ransom,” said Arbuthnot. “And you’re talking about a criminal organization that is capable of doing more than one kidnapping at a time.”
According to Arbuthnot many of the cases have been happening on the West coast and along the border involving criminal organizations from Mexico, some claiming to be members of the cartel.
The FBI has seen recent increases in California, Nevada, New York, and Texas and increasing on the east coast.
Monroe Police Department in Connecticut said by using social media, scammers can identify a victim, look up relatives, and reference names of family members and friends to make the call appear legitimate.
FBI Supervisory Agent Christopher Johnson said his office in St. Louis, Missouri, deals with these types of crimes. “Scammers will often mention specific facts about the parent or victim, likely from information they were able to obtain online.”
Authorities say about one in five kidnapping cases are successful resulting in the criminal getting their ransom and not getting caught. While extortion has been around for decades, virtual ransom kidnapping calls are increasing around the country.
With this emerging scam, the FBI has launched a nationwide campaign to warn parents to fight back against “virtual kidnapping.”
If you receive a virtual kidnapping ransom call
Unlike traditional kidnapping schemes, a “virtual kidnapper” has not actually kidnapped anyone. According to Federal Bureau of Investigation, if you receive a call from an individual demanding a ransom for the safe return of a kidnap victim, it is suggested you quickly evaluate the following to determine if you are receiving a legitimate ransom call:
- Caller insists you stay on the phone.
- Call does not come from your child’s cell phone.
- Caller tries to stop you from contacting the kidnap victim.
- Call includes demand for ransom to be paid via wire transfer.
- Ransom amounts may decrease quickly.
Knowing what to do
Police say it is best to hang up the phone but:
- If you engage the caller, don’t call out your loved one’s name.
- Deliberately try to slow the situation down and ask to speak to your child directly.
- Ask “proof of life” questions like, “How do I know my loved one is okay?”
- To gain confirmation if your child is an actual kidnapping victim, ask questions only your child would know such as the name of a pet.
- Listen very closely to the voice of the person speaking, if possible record the call.
- If possible, have someone else try to call your child’s cell phone, school, by text, social media, etc., to confirm their safety.
- To buy time, repeat the caller’s request and tell them you are writing down the demand, or tell the caller you need time to make arrangements.
- Don’t agree to pay a ransom, by wire or in person.
- Don’t deliver money in person.
- Immediately call your local FBI office and police.
According to the National Crime Information Center (NCIC), as of March 31, 2017, there were 86,618 active missing person cases in the FBI database, with 8, 792 entered as involuntary.
Experts agree that an actual kidnapping with a ransom demand is quite rare but all experts urge parents to be vigilant.
To read the FBI warning, please click here.
We expose more of ourselves on a daily basis than at any other time in history. Most people have some form of social media an enterprising sleuth could build a profile based off of just by pressing the “older posts” button. There’s been a lot of news about wiretaps lately, but something under most people’s radar are the Smart TV’s and toys that have been listening to their owner’s conversations.
While it’s scary enough to consider how many things in your home could be listening in on you this very moment, what’s even more concerning is how quickly you can lose control of these devices and extorted to get them back. And it’s not just individuals having their devices and data taken from them, it’s also hit schools, hospital and private businesses hard over the last year.
One of the most common forms of extortion today is the use of “ransomware” to lock people or companies out of their electronics and data. Ransomware is a term for a particular kind of hacking that’s been on the rise as internet reliance has increased. Victims of ransomware typically receive a message on their device’s display saying something to the effect of “pay us this money and we’ll give you back your data.”
In an interview with CNN, South Carolina public school administrator Charles Huck, highlighted the dilemma presented by ransomware when he said, “You get to the point of making the business decision: Do I make my end-users — in our case teachers and students — wait for weeks and weeks and weeks while we restore servers from backup? Or do we pay the ransom and get the data back online more quickly?”
If the targets of ransomware want their systems or data back then they don’t have much choice, but to pay the fee. The hackers have repeatedly targeted hospitals since their technology working is literally a case of life or death there is significant pressure on the hospitals to simply pay the ransom.
When Hollywood Presbyterian Medical Center had some of it’s communication devices taken over by hackers last year, the criminals demanded $17,000 to be paid in bitcoin. The hackers asked for that amount, because it’s low enough most places will pay under the impression it’s the quickest way to get it all over with.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Chief Executive Allen Stefanek said when the LA Times asked why they paid the hackers. “In the best interest of restoring normal operations, we did this.”
One of the scarier things about ransomware is this is only the beginning. The FBI reported ransomware to be a $1 billion industry in 2016. In a follow-up story CNN reported:
At that rate, ransomware is on pace to be a $1 billion a year crime this year. The FBI told CNN that the number “is quite high” because a few people “reported large losses.”
The agency also said that the losses could even be bigger once other related costs from these extortion schemes are factored in. Plus: Some victims may choose to pay and not report the crime.
Paul Roberts, founder and editor of a website called The Security Ledger told CNN, “The ransomware criminals understand this. Their business in some ways is a volume business so they don’t set their ransom so high that you can’t pay it. They set it at a level so they can get their money and move on to the next victim.”
This crime has even made its way into consumer electronics like smart phones and TVs. Last Christmas a photo of an LG TV stricken with ransomware went viral.
The hackers demand far less money to relinquish control of personal devices, but $500, especially if it’s on Christmas Day after you’ve spent money on gifts, is still a lot. In December, Slate reported:
“Ransomware works by taking over a system until a user pays a fee, often in the form of cryptocurrency or digital gift cards. One recent high-profile ransomware attack shut down much of San Francisco’s public transit system while another targeted a Hollywood hospital. More mundane ransomware has been reported on Android devices since at least 2014, and Frantic Locker first began to show up on phones in 2015.
Keep your systems operating systems up to date and don’t download files that aren’t from trusted site to help avoid ransomware. If you do all these things and still end up under attack, contact your systems administrator or the manufacturer of your device. Take precaution, because ransomware isn’t going away anytime soon.
David Schroeder, Blog Writer, Lauth Investigations International