This is how you recognize that you are being scammed out of money

Finns lose the most money to online romance and financial scams. Finns are also haunted by phishing companies. Unpatched systems also pose a risk for data breaches.

Long-term cyber security trainer Sami Laiho says that the amount of money Finns lose to romance scams alone is close to 10 million euros.

– Social hacking based on traditional soft values ​​hits people’s wallets the most, Laiho states.

According to Laiho, a romance scam can usually be detected by the fact that a new love met online is not willing to have a video chat or phone call. Communication takes place mainly through messages, which, as trust grows, end up with requests for money.

-Whenever money comes into question, at that point you would have to stop, draw a line and listen to another opinion.

Longing for success

In addition to romance scams, various financial scams also milk money from people. Financial scams encourage you to invest in some specific stocks on the basis of large profits. The tipster tries to appear convincing in the success of the scam.

– It’s a bit of a different world and financial scams come second on the list. These appeal to man’s longing for success.

When artificial intelligence becomes involved in scams, it can be assumed that the scams will become even more cunning. Scammers can no longer be recognized by their poor Finnish language. In addition, fake deepfake videos produced with artificial intelligence will develop even better.

Laiho gave an example of a video in which an information security expert Mikko Hyppönen the face has been used to make an artificial intelligence video.

If you don’t see the embed, you can watch it from here.

However, artificial intelligence technology can be used for both good and bad.

– Yes, it certainly helps us to find information security holes and patch them.

Two-step authentication provides security

Phishing messages have become much more common in recent years. Artificial intelligence will probably also cause its own challenges in identifying these.

In phishing, the attacker tries to get the victim’s information, for example to log into services or tries to get the victim’s payment information.

However, Laiho wants to congratulate the citizens, because they have woken up to this and people know how to protect themselves against phishing.

– The best way to protect yourself is two-step authentication. I talked about it for a dozen years and they finally woke up to this, says Laiho.

In two-step identification to an online service, such as e-mail, the login is verified, for example, through an application on the phone or with the help of a code received via text message.

Reserve better in the old one

Data breaches have been attempted using phishing methods, but with two-step identification, criminals have had to look for other methods. According to Laiho, data breaches are now being attempted through a hole in the system.

– A gap in the system is caused by either a forgotten security software update, an outdated router, security cameras, and generally everything connected to the Internet.

In data breaches, companies usually suffer the most. Laiho points out that backups of devices should be kept somewhere outside the network.

– More tapes have started to be sold now than in the previous five years. The old tape backup is obviously a convenient medium for this.

Two types of blackmail scams

There are two types of blackmail scams. In these, the criminal tries to either lock the contents of the computer, or threatens to spread sensitive information about the target. From these, criminals seek either several small sums or one large pot.

In more serious cases, the attacker can lock the contents of the user’s computer and demand a ransom from the person to release them. In this case, computer backups are the right way to protect yourself from them.

– After getting to the machine, the attacker usually studies for months what kind of information is there and how much information can be requested. A possible ransom demand can run up to tens of millions in that case, Laiho states.

In another type of blackmail scam, the distribution of sensitive material and the loss of the victim’s reputation are again invoked, which, for example, porn blackmail has been. Usually, the extortionist tries to prove this with some information that may have spread in a data breach.

However, these types of blackmail messages are based on the number of messages.

– It’s a bit like telling a Finn that you’ve been to a sauna. When enough people go through it, this seems real to someone.

Organized activity

The activities of online criminals and scammers are usually very organized. Laiho says that scams are usually orchestrated from call centers where many people may work.

– If artificial intelligence gets involved in scams, it could replace human work and give a much larger volume to scams, Laiho thinks.

In ransomware cases, the attacker pays a license fee to the software developer. Fraud software has a kind of watermark, based on which the user can be charged for its use.

In data breaches and attacks targeted at public administrations, again, no state directly supports the group of attackers, but rather allows or accepts its activities.

Laiho says that, for example, with the Lockbit ransomware that once attacked the Finnish administration, it was noticed that the attacker was using its old version. From the code it uses, it was noticed that the malware is not activated if the user has a Russian keyboard.

– This would not have come to our attention if the attacker had paid the update fee. This observation has been corrected in its newer versions. However, this is an amusing proof that they have at least state approval in the background.

In addition to Russia, similar governmental “approval” for cyber attacks is given by Iran and China, among others. North Korea, on the other hand, is the only country that even finances its state’s activities with cybercrime.