My Take On Cybersecurity

Let me tell you a story about how someone stole my $2,500 Macbook Pro last year. This was my first run-in with a digital cyberthreat. A year later, I’ve still been unable to retrieve it, and the FBI Internet Crime sector has failed to assist the case. To start from the beginning, I grew up selling a lot of electronic devices on eBay. I got really good at it, and my friends/family always sought to me for selling their used goods. Due to this semi-proficiency, I continued to utilize the platform because I had never encountered any game-changing issues. Well, clearly, I jinxed myself. In July of 2019, I listed an excellent-condition, nearly brand new Macbook Pro on eBay in the same manner that I had done throughout the many years leading up. Within two days, I received a notification that someone had placed a bid on the item. Since the offer was within range of what I was hoping to sell for, I proceeded to message the user directly via eBay’s messaging portal.

Lesson #1: always use the messaging function within the medium of which you are registered, especially when it’s an e-commerce or freelancing platform because you never know exactly who you’re doing business with. So, I’m glad that I began the transaction by messaging the bidder via eBay. However, over the next couple of days, I received a few emails, to my personal email, regarding the completion of the sale and shipping information for mailing the device. According to my eBay account settings, my email notifications were turned on, which made sense as to why I was receiving messages to my email about finalizing the transaction.

Lesson #2: always check the exact email address of the person sending you emails. Apple Mail, Gmail, and other email servers hide the full sender’s email address because it’s “ugly”. Moving on, I shipped off the computer. I distinctly remember leaving the UPS store and feeling so relieved that I had completed the task and that receiving the payment was all that was left. Little did I know…

So, about a week went by, and I had an epiphany to check the shipping status and track the package. With eBay, the seller doesn’t receive payment until AFTER the buyer confirms that they’ve received the item. Therefore, I was anxious to get on with it and receive the money. It was then that I ended up calling FedEx, discussed the tracking details, and then asked them to update if it had been delivered. The gentleman informed me that someone picked it up from a nearby FedEx office, instead of it being hand-delivered to a house. When I heard this, it seemed fishy; red flag #1. He also was able to pull up the name and home address of the man who picked up the package and mentioned that both pieces of information were wildly different than the details attached to the user on eBay; red flag #2. AND, apparently, the user deleted their eBay account directly after receiving notice that the package had already been shipped; red flag #3.

Long story short, since the account was fully taken down from eBay, there was nothing eBay could do about retrieving the payment information from the buyer. I was left in the dark. Whoever this scum-of-the-earth human was, blatantly stole a brand new MacBook from me because they were able to photoshop genius message notification emails to make it look like eBay had been forwarding them to me. When I looked back at the previous email notifications, I finally located the sender address, and it was not even close to being from a verifiable eBay sender. It’s honestly impressive how this person was able to pull it off. I keep my email inbox clean 24/7, have been familiar with the process of selling products on eBay, and they still were able to scam me. In the end, there wasn’t much eBay could do.

They instructed me to submit an “Internet Crime Claim” through the FBI’s Internet Crime sector; however, it never went anywhere. Understandably, they probably have a million other more important things to do. Something interesting that I discovered throughout the ordeal is that any theft of an item worth more than $2,000 is considered felony theft or grand theft in most states. And it awards the larceny with a felony charge. Too late, I guess.

The moral of the story, I learned a whole lot about cybercrime through this experience. Thankfully, I haven’t come across any more run-ins recently. Although, I receive about 100 falsified text messages and scam phone calls per day. I am positive I’m not the only one. According to PNC, the most common cybercrime types are phishing attacks, malware, online credential breach (usernames and passwords), debit/credit card fraud, and identity theft. Phishing is an interesting one. Cybercriminals use email or malicious websites to solicit personal information from an individual or company by posing as a trustworthy organization in a phishing attack. This is precisely what happened to me. The “buyer” posed as the “trustworthy” organization of eBay and was able to compose fraudulent, yet effective, notification emails that featured my personal information.

They successfully manipulated me. But now I know what to look for. Malware is also one of the most popular cybercrime types because it can manifest itself in numerous formats. Malware could include anything from Trojan viruses to spyware and is still a key component in most cybercriminal operations. Different types of malware can wreak havoc on your devices in a variety of ways: from remotely controlling your computer, to spying on your keystrokes, to even stealing personal documents or information saved on your device. I’d recommend putting a sticker over your webcam, using a trustable VPN (a virtual private network), and downloading a malware-destroying plug-in directly to your computer. If anyone needs a recommendation, I use a combination of “Malwarebytes” and “CleanMyMac” to inspect my computer on a regular basis. I believe this is becoming an aspect of digital survival for everyone who possesses any sort of internet-operating device.

In recent years, a new type of malware, called ransomware, has increased in notoriety and is currently plaguing organizations worldwide. During a ransomware attack, malicious software causes devices and networks to be locked down until a ransom is paid. Cybercriminals often target organizations that possess significant amounts of confidential information that need to be used in a timely manner, such as hospitals or law firms. This year, 2020, has fostered a lot of buzz about the COVID-19 pandemic and how destructive it has been, which is undeniable. However, I have this feeling that the next terrorist attack that America will face may likely be amongst the cyber-universe. Granted, the COVID-19 pandemic was not a confirmed “attack” by any means. But, it raises concern about how everyone is functioning in the digital world 20 times more than we were before this year, due to social distancing and the increase in people working from home. Kind of scary to think about, huh?

Now for some stats. According to Cyber Observer:

  • Worldwide spending on cybersecurity is going to reach $170.4 billion in 2022.
  • 68% of business leaders feel their cybersecurity risks are increasing.
  • Data breaches exposed 4.1 billion records in the first half of 2019.
  • 71% of breaches were financially motivated, and 25% were motivated by espionage.
  • 52% of breaches featured hacking, 28% involved malware, and 32-33% included phishing or social engineering.
  • Only 5% of companies’ folders are appropriately protected.
  • 65% of Americans have never checked to see if they were affected by a data breach.
  • Security breaches have increased by 11% since 2018 and 67% since 2014.
  • Hackers attack every 39 seconds. On average, that’s 2,244 times a day.

It’s important to internalize the significance of this type of crime because although it’s invisible, it’s more common than we may think. Unfortunately, the eBay fiasco never received proper closure. But, in a way, I am incredibly grateful for the astounding wake-up call.

References: