Frédérique: Article 3

It is understandable that passwords and cyber hygiene might not be at the top of people's most
pressing issues. And that is exactly how cybercriminals like it. It is also why every day, working-from-
anywhere people have become such perfect targets for cybercrime.

Anyone who still thinks cybercrime is something that only happens to big companies and global
corporations does not understand the new levels of risk. More and more, regular employees and
consumers are becoming cybercriminals' targets. It may seem like someone only hacked your social
media account, but that can lead to so much more.

The digital networks that process and transmit information have been exploding in speed and scale.
More devices have been transmitting more data at faster speeds than ever. We have had our devices
with us everywhere, and then we started working and learning from everywhere, too. Suddenly, data
was traveling faster and between more access points than ever before—often with much lower
levels of security. Whether you are the criminals' primary target or simply the window they smash to
break in matters less and less. The damage can be devastating either way. Artificial intelligence, 5G,
the internet of things and the constantly increasing speed of digital innovations have added to their
overload.
Marisa, can you explain what artificial intelligence is?

Marisa: Article 2
What is Artificial Intelligence? Artificial intelligence (AI) involves using computers to do things that
traditionally require human intelligence. AI can process large amounts of data in ways that humans
cannot. The goal for AI is to be able to do things like recognize patterns, make decisions, and judge
like humans. Artificial intelligence is playing an increasingly important role in cybersecurity — for
both good and bad. Organizations can leverage the latest AI-based tools to better detect threats and
protect their systems and data resources. But cyber criminals can also use the technology to launch
more sophisticated attacks.

AI can be used to identify patterns in computer systems that reveal weaknesses in software or
security programs, thus allowing hackers to exploit those newly discovered weaknesses.
cyber criminals can use AI to create large numbers of phishing emails to spread malware or collect
valuable information.

Frédérique: Article 3
Cybercrime is now everywhere—but thankfully, the best way to protect yourself from it is also the
best way to protect everyone: We all must change our perception, awareness and habits about
digital information, and we must start acting as though we are being watched. Because we are.

It is already easy to get tricked into clicking an email or text attachment—especially when it is work
related. But what happens when the attachment comes in a message directly from a boss or
manager and it reads just like them? What if they get a voicemail telling them to open an attachment
and it sounds just like them? Cybercriminals are now utilizing deep fake capability to parse the
contents of your inboxes for language and tone that will get you to lower your guard. They can even
pull from YouTube videos to copy someone's speaking voice. Something doesn't have to look or
sound strange to be a threat. It is designed to deceive.
Marisa: Article 3
I’ve read something about that too. One tool, identified by Europol, performs real-time voice cloning.
With a five second voice recording, hackers can clone anyone’s voice and use it to gain access to
services or deceive other people. In 2019, the chief executive of a UK-based energy company was
tricked into paying £200,000 by scammers using an audio deep fake.

Such scams have become vastly more common. Phone calls from tricksters claiming to be taxmen
almost doubled in number last year, according to UK Finance. Other countries show increases at least
as dramatic.
Frédérique, Have you read something about new forms of cybercrime in your articles?

Frédérique: Article 1
Yes, I´ve read about phishing. It is a specific type of cyberattack used to gain access to sensitive data
like addresses, personal information, passwords, login credentials and banking details. People are
contacted by email, text message or telephone and tricked into handing details or money over.

The attacker gets money or access to your email to spread further attacks. Once cybercriminals have
access to your email they can send emails from your address to your contacts to trick them. When it
comes to more advanced phishing attacks, the rewards can be massive.

Phishing is already the most prevalent cybercrime, and becoming increasingly more common and
sophisticated. In 2020, the FBI recorded 250,000 phishing cases, more than twice as many as the next
most common cybercrime.

Marisa: Article 3
I have also read something about phishing. Security experts have noted that AI-generated phishing
emails actually have higher rates of being opened than manually crafted phishing emails. AI can also
be used to design malware that is constantly changing, to avoid detection by automated defensive
tools.

Frédérique: Article 1
At the higher end, phishing will involve very advanced social engineering attacks that involve lots of
research, phone calls, emails and other fakery designed to trick individuals or companies out of
extremely valuable information or large amounts of money.

For software makers, tech support and IT departments, stopping phishers is a constant cat-and-
mouse game. Every time a way is invented to put up new defensive hurdles, the phishers learn a way
to jump over them.

Marisa: Article 3
The use of AI by cybercriminals is expected to increase as the technology becomes more widely
available. Experts predict that this will allow them to launch cyberattacks at far greater scale than is
currently possible. For example, criminals will be able to use AI to analyse more information to
identify targets and vulnerabilities, and attack more victims at once, Europol predicts.

They will also be able to generate more content with which to deceive people.
Ransomware attacks, too, are predicted to be enhanced with AI. Not only will AI help ransomware
groups find new vulnerabilities and victims, but will also help them avoid detection for longer, by
‘listening’ for the measures companies use to detect intrusions to their IT systems.

Other uses of AI for cybercrime focus on social engineering, deceiving human users into clicking
malicious links or sharing sensitive information.

First, cybercriminals are using AI to gather information on their targets. This includes identifying all
the social media profiles of a given person, including by matching their user photos across platforms.
Once they have identified a target, cybercriminals are using AI to trick them more effectively. They
make their targets think they are interacting with someone they trust.

Frédérique: Article 1
Just like Marisa said, the victims think they are interacting with someone they can trust. That’s why
you should also be aware of emails that refer to you as “friend” or “colleague” rather than your
name, it could be a sign of fraud or spam. Likewise, poor spelling and grammar, or low-quality
graphics from large companies should be a warning sign.

Marisa: Article 1
According to the Crime Survey of England and Wales, in 2019 there were 3.8m incidents of fraud,
mostly online, representing a third of all crimes committed. That figure has increased every year
since 2017 when the government started collecting data. In America the number of reported cases of
internet fraud increased by 69% last year. Reported losses there reached $4.2bn, three times higher
than in 2017.

New technology makes many old-fashioned crimes easier to perpetrate. Drug-dealers use bitcoin to
take payments and move money around. They rely on specialised criminal encrypted-
communications software to organise their affairs. “There is no serious organised crime that does not
have a digital component,” says Nigel Leary of Britain’s National Crime Agency (nca).

Most significant over the past year is the growth in ransomware. These days hackers focus on large
organisations and demand big ransoms. a cyber-security firm, says the amount paid in Bitcoin
ransoms increased by 311% last year compared with 2019. Victims are usually businesses but more
and more include governments and their departments, including the police. Ransomware is
described as the biggest threat to national security.

Other technological innovations are vital, too. simboxes, which allow people to conceal the origin of
phone calls, are sold for legitimate purposes, to marketing firms, for example. But they also allow
criminals to spam people or communicate without revealing their location.

Frédérique: Article 2
Dealing with cyber-insecurity is hard because it blurs the boundaries between state and private
actors and between geopolitics and crime. The victims of cyber-attacks include firms and public
bodies. The perpetrators include states conducting espionage and testing their ability to inflict
damage in war, but also criminal gangs.

Fixing the private sector’s stimulants is the first step. Officials in America, Britain and France want to
ban insurance coverage of ransom payments, on the ground that it encourages further attacks.
Better to require companies to publicly disclose attacks and their potential cost.
Marisa, what do you think is the best solution for preventing acts of cybercrime?

Marisa
With sharper information, investors, insurers and suppliers could better identify firms that are
underinvesting in security. Faced with higher insurance premiums, a flagging stock price and the risk
of litigation, managers might raise their game. Manufacturers would have more reason to set and
abide by product standards for connected gizmos that help to make iot devices more secure.

Governments should police the boundary between the financial system and the world of digital
finance. Ransoms are often paid in cryptocurrencies. It must be made harder to recycle money from
these into ordinary bank accounts without proof that the money has a legitimate source. Likewise
with cryptocurrency exchanges, which should face the same obligations as established financial
institutions.

Frédérique
Always assume any attachment is a potential risk, because it is. Think twice before clicking. And if it
looks legit, but it is asking you to do something strange, confirm with whomever sent it. This type of
cyber-aware culture is key, and there is a lot of free cybersecurity training out there available to help
individuals and organizations.

Make no mistake: The digital networks that we depend on today for essentially everything are not
the same as they were two years ago. And your strategy for protecting your personal information—
much less your devices and social networks—better not be, either. If you don't see cybersecurity as a
serious responsibility, you are increasingly running the risk of experiencing cybercrime as a serious
problem.