In many countries, Cybercrime is starting to overtake physical crime both in terms of incidents and losses. As information security continues to evolve into an integral component of technology, we have to equip ourselves with the knowledge required to secure our digital resources from unauthorised access, attacks or data damage in this modern and connected world.
In our effort to secure our data and defend our systems, a reactive response is not always the best form of response in the event of an attack or scam, like the adage goes, “prevention is better than cure” so it is in Cyber security.
The psychological trauma that comes with being a cyber-victim can be hard to bear, and many have asked whether it is possible to recover their money, track the perpetrator or even have them tried in a court of law and eventually charged. Although we seem to be getting closer to this point, as laws continue to be amended around cyber security, the detention of these criminals is still sporadic due to the sophistication of the attacks, and cyber laws governing different developing countries.
Countries such as South Africa and Rwanda have the POPI Act and the National Cyber Security Policy respectively to protect their institutions and citizens from these malicious acts. These laws and regulations prevent financial crimes and identity theft that happen online. Therefore, making it possible for governments to track the nefarious actors in the event of a breach or violation of the law.
In the event of a compromise or an attack, a victim has a number of things they can do to abate the extent of the attack. Again, at this point, it is important to understand the vector or method used by the attacker to exploit vulnerability or deploy the payload. Depending on the attacker’s method, your mitigation process and reaction may vary. In the event of a phishing attack (where the attacker uses email to lure the unsuspecting victim to a malicious web link), the response process may be different from that of a romance fraud where the victim has been in touch with the attacker on social media or email. However, the following will be imperative in mitigating a scam.
Payments and communication with the attacker must immediately cease, report the matter to your local police and ensure you do not delete any evidence that will help track the attacker. Inform your immediate family in case of the attacker shifts to those you care about using different tactics to leech off any extra cash from you.
Reset your account passwords and enforce multi-factor authentication, to authenticate any transaction or account logins. You can achieve this by implementing OTP (One Time Pin) or any other multi-factor authentication method. Ensure that you are running up to date anti-virus software and inform your bank about the compromise of your financial information asking them to terminate any pending transactions to the attacker if any.
Escalating cyber crimes
In case you would like to share the attacker’s details and raise awareness, you can reach out to the international community by escalating the conversation and names used by the attackers. The information you submit will help protect those likely to be victims and trace the actors with the hope of bringing them to book one day. You can escalate the crimes to the American Federal Bureau of Investigation (FBI) and submit the details on their Internet Crime Complaint Centre website www.ic3.gov. The data will be stored in databases used for tracing Cybercriminals and help in future investigations. Remember, October is Cyber security Awareness month, stay Cyber healthy and take care of your data.
*John Munjoma is a networks and cyber security professional who focuses on empowering upcoming network and security engineers through training.