The computer scam has made headlines in recent months because it has had “illustrious” victims among several public companies in the Valencian Community, although these are only a small part of a group of injured parties who are often embarrassed by these infractions due to the apparent lack of vigilance and control.
Cybercrime is one of the fastest growing forms of crime in Spain, around 40% in recent years, associated with the intensive use of new technologies, electronic commerce and communication and work protocols.
The evolution is both quantitative and qualitative, and if in 2016 the majority of computer crime was associated with crimes against honor, threats or coercion and represented 4.6% of the total, in 2019 the variants, victims and damages of cybercrime had increased notably and already accounted for 9.9% of the total.
These are data from the latest Study on Cybercrime in Spain prepared by the Secretary of State for Security.
How Cybercriminals Work
According to the National Cryptological Center, among the methods most used by cybercriminals would be those linked to the spread of harmful code through emails.
But the use of cryptojacking malware has also become widespread, phishing – identity theft – has been extremely refined to persuade users of the authenticity of scams, and other cybercrime platforms (Crime as a Service) are being innovated.
In recent months, this type of crime has been on the front pages and in the news regularly, since there have been several victim Administrations: the Valencia Conference Center, the Valencian Institute of Social-Health Care (Ivass) and especially the Municipal Transport Company (EMT) of Valencia.
The specialists of the Valencian firm Castillo Castrillón highlight, in addition to the evident damage that these scams produce in public coffers, “the feeling of insecurity that they transmit”, which is why many of these crimes do not come to light, especially in the case of private companies, which present the complaint but try to make sure the incident does not transcend.
The star techniques in these practices are those of identity theft or phishing or what is known as man in the middle, the intervention of communications, generally through the Internet or email, to steal information.
“These crimes are becoming more and more widespread, given the sophistication of computer science advances and the massive use that we make today of the Internet. And if the appropriate protection measures are not adopted, through greater investment in computer security, their incidence will go on the rise. Even more so at this time when the pandemic has changed our social and work habits, “these specialists add.
In 2019, a total of 218,302 events related to crime were known in Spain, 35.8% more than the previous year, of which 88.1% corresponded to computer fraud (scams) and 5.9% to threats and coercion.
Catalonia, Madrid, Andalusia and the Valencian Community were the regions that concentrated the most complaints of cybercrime.
The percentage of criminal acts clarified this same year amounted to 15.1% of the total, while those arrested and investigated reached the figure of 8,914.
The most dangerous and undetectable fraud
“The man in the middle method is probably one of the most dangerous and difficult types of computer fraud to detect. When you become aware of the attack, it will probably be too late,” says Ignacio Castillo Castrillón, chief executive of the firm.
“Firstly because the hacker tends to display great sophistication, simulating emails and documents with total accuracy to offer a false sense of truth to the scammed person or entity. And secondly because once the payment is made, the scammer it disappears in such a way that it is very difficult to follow its trace, especially if the cheated amount is divided into other accounts and if they are resident in tax havens. “
Among the communication channels most likely to be intercepted by the scammer, in the opinion of Ignacio Castillo, is undoubtedly “email, but in general any type of communication over the Internet taking advantage of the weaknesses of a Wi-Fi network or introducing malware or malicious code on the victim’s computer or mobile phone “.
How to avoid falling into the trap
Preventing this type of crime “is always complicated” but it involves avoiding open or public Wi-Fi networks with a weak encryption system and ensuring the correct identity of the interlocutor.
It is also key to protect personal or work accounts with strong and complex passwords, use VPN networks, browse secure web pages and keep the system and applications updated. “Ultimately, increase investment in cybersecurity,” he concludes.