There’s no disputing that cybercrime is on the rise. According to data from RiskIQ, $2,900,000 is lost to criminals every minute and companies pay out an average of $25 dollars every 60 seconds due to breaches. So it’s hardly surprising cybercrime is set to cost the world $10.5 trillion annually by 2025.
But what is it about the internet that encourages cybercrime? In the second part of our series on cyberpsychology, we delve into how the internet nurtures cybercrime and why we often fall for scams we wouldn’t in the physical world.
Let’s start with the bad guys.
How does the internet enable cybercriminals?
We’re not always aware of it, but all of us can be guilty of losing our inhibitions online. The internet can encourage us to be more confident and open. However, it can also have toxic side effects.
Some of us are more likely to be manipulative and deceptive online as we are less concerned about our peer’s judgement. When interacting with each other using technology, communication has limited physical features. Often we can’t see or hear the person we’re talking to, offering perfect conditions for misleading messages and false identities.
$2,900,000 is lost to cybercriminals every minute
Online interactions can seem less tangible than our offline lives. And, because the online world feels less ‘real’, harmful behaviour can also feel more acceptable. Without the victim’s physical presence, attackers feel distant and detached from their target and are less afraid of being caught. This makes lying and misleading behaviour much easier. Criminals also feel safer due to the anonymity offered by the internet and the lack of regulation of online behaviour.
Criminology theory suggests that the three key ingredients for more crime are a motivated attacker, a suitable target and a lack of ways to protect them. Let’s apply this framework to cyberspace. The motivation for cybercriminals is the belief they’re unlikely to be punished for cybercrime. The target can be just about anyone, such is the range of available victims. And, the lack of protection is provided by the way we conduct ourselves online.
How do cybercriminals use the internet against us?
There is a wide variety of methods cybercriminals use to ensnare victims. For example, phishing attacks create a sense of urgency and exploit it. It could be by creating a bogus ’emergency’ in which the cybercriminals poses as a friend in need of help. Or, it could be something less altruistic, like the chance to win prizes.
Criminals can also mislead us by presenting themselves as an authority or trustworthy institution – sometimes even using familiar names and logos. This could trigger us to be less critical when facing a request and respond out of habit, familiarity, or respect for authority. To give an example, during the COVID-19 pandemic we’ve seen a huge increase in bogus vaccination emails. The threat has become so widespread that the NCSC has launched an awareness campaign, encouraging anyone who’s been targeted to use its scam reporting services.
Online communication can often appear hyperpersonal. And this is especially true if we don’t know the person we’re communicating with. Online interactions can make us idealise the person behind the avatar or email address. Without a physical appearance, body language or other non-verbal cues, we struggle to determine someone’s intentions. The result is we often default to our better nature and develop a sense of having a close relationship very quickly.
This can lead to us disclosing personal details without actually knowing the person we’re communicating with. Cybercriminals know this and are quick to exploit it.
The situation is made worse by the ready availability of personal information on the internet. Take social media, for example. Through a person’s profile, you can often see friends or connections lists, recent locations, their interests, and any events they’ve been part of. This information is a great resource for attackers in making communication more targeted and personal.
What can cyberpsychology do to help us improve our cybersecurity?
Although it might sound like a slightly dusty academic concept, cyberpsychology has plenty of practical uses. For one, it can help us better understand our vulnerabilities online. And knowing that we’re prone to hyperpersonal communication and letting our guard down is the first step towards correcting that behaviour.
It also helps us understand the methods cybercriminals use to trick us and the behaviours that make us an easy target. This understanding can make us think more critically the next time we’re faced with a potential scam. What’s more, it gives us the tools to avoid falling for scams in the first place and better strategies for protecting ourselves. After all, to defeat your enemies you must first understand them.
Knowledge of how and why cybercriminals target us is important. However, knowledge alone isn’t enough to protect your business. You also need an understanding of the fundamentals of good cybersecurity. Fortunately, this isn’t nearly as difficult as it sounds. A great place to start is by getting certified in Cyber Essentials, the UK government scheme that covers all the basics of good cyber hygiene. It doesn’t require any cyber expertise and can help protect your business against 98.5% of the most common cyber threats.