What are the main tactics used by opportunistic cybercriminals? This is the question that the most recent virtual seminar at the National Cybersecurity Center set out to answer to help the public to be better prepared to deal with the growing threats.
The new, more digital lifestyle, brought about by the COVID-19 pandemic, has led to a significant increase in the number of cyber attacks and the threats that resort to social engineering techniques to take advantage of users' fears about the disease are more and more frequent. .
According to Lino Santos, coordinator of the CNCS, it is common to face cybersecurity as an area that deals only with the vulnerabilities of technologies, however, the human vector which always ends up being more exploited by criminals.
Although there are still no concrete figures that give a full view of the extent of cybercrime in the pandemic, Pedro Verdelho, coordinator of the Office of Cybercrime of the Attorney General's Office, said that there are clear indications that there is an increase in incidents that resort to social engineering.
Based on the most recent data on complaints made, the official explained that there is an increase in the spread of messages, whether by email or SMS, which hide banking phishing schemes, including frauds such as MBWAY, and access to services such as Netflix and that take into account the new digital habits of users.
Sextortion cases also registered a worrying increase and Ricardo Estrela, operational manager of the Internet Safe Line, highlighted the growing number of calls related to incidents in which attackers try to extort large sums of victims, threatening them with the publication of intimate images or of alleged habits on pornographic websites.
In the schemes, agents try to gather as much public information as possible to make their attacks credible, often resorting to password banks exposed, for example, on the dark web and using them as a way to get victims to do what they want.
The manager of the Internet Safe Line made it known that one of the situations that leaves a deeper psychological impact on the victims, especially in the context of social isolation, is the scams through love relationships.
The victims are mainly people who have a lot of public information on social networks and websites or online dating platform. A narrative is easily created for these people and a relationship of trust is established, which ultimately results in the transfer of large sums to the burles. The cases are more striking when we talk about people in extramarital or unstable relationships. The issue can become even worse, leading to cases of sextortion, when sharing photos or intimate videos.
Already in the world of attacks targeting banking institutions, Elisa Parreira, coordinator of the information security unit at Caixa Geral de Depsitos, reported that the number of phishing, smishing and spam campaigns in general increased, especially during the month of April.
The cases are frequent and aim to collect data from users. Cybercriminals contact customers by pretending to be, in this case, CGD with messages that call for urgent action, for example, if the victim does not do what is requested, lose access to their account.
The situation ends up leading the most unsuspecting users to give their information. The official explains that for this reason CGD has maintained communication with customers to alert them to the latest attacks, but also to make them aware of good security practices.
Social engineering: What tactics are used most often?
According to Nelson Escravana, director of Research and Development in Cybersecurity at INOV INESC, the pandemic is a perfect context for cybercriminals who often use social engineering tactics to attack.