written by a Norton employee

Article

May 4, 2023

2 min read

One group prospers when faced with inflation, rising interest rates, layoffs and soaring fuel and food prices: Cybercriminals. 

And because these economic challenges will likely continue to impact consumer and businesses alike in 2023, cybercriminals will see a world more receptive to their online scams.

When consumers look for ways to earn more money, make investments that offset inflation, or seek solace in a challenging economic world, a perfect environment is created for online scams. Fraudsters will use text messages, emails, phone calls, social media and websites to trick victims into surrendering their personal information. Sometimes they will ask for  small payments that reveal their targets bank details. Others will entice their victims to spend big money on investments or lottery winnings that don’t exist.

So, it's the economy that will have the greatest impact on the spread of cybercrime in 2023. 

Here are our predictions for how some of these scams will work. 

1. Financial worries can drive poor decision-making

As inflation and interest rates continue to rise, consumers will struggle to fuel their cars, heat their homes, and fill their shopping baskets. Borrowing money to pay for rent, mortgages and loans will become more expensive thanks to increasing interest rates, creating difficult times for many.   

Fraudsters know this. They also know that consumers are at their most vulnerable when they are worried about their finances.

Expect a rise in several financial-based scams:  

1. Assistance scams: Cybercriminals will reach out to consumers by text, phone, email and social media to lure them into fake social assistance programs. These messages might claim that it’s not just the most vulnerable, or pensioners who can qualify for heating subsidies, but everyone can benefit. Or that everyone can receive tax rebates. All the recipients of these messages must do is click on a link, send a small payment, or make a phone call.

Unfortunately, it’s so often a scam. Encouraged to click on a link that takes them to an online form, victims are enticed to provide personal information such as their name, birthdate, and address on the form. When they click "Submit” their personal information is sent to a criminal. Sometimes they are asked to send an ‘administrative payment’, which not only profits the cybercriminal directly, but also provides them with access to the customer’s bank or credit card details.

That criminal can then use this information to take out loans or credit cards in the victim’s names. They might use it to access their online bank and credit card accounts. They might sell the information on the Dark Web to the highest bidder.

2. Shopping deals: Scammers send emails or social media messages to their victims, promoting low-cost clothing, electronics or groceries. They'll set up fake e-stores on compromised websites, promoting brand-name items at bargain prices. The fraudsters behind them will try to steal victims' personal information or convince them to send online payments for bargain products that aren't real. Once consumers send their payments, the fraudsters behind these deals and e-store disappear, with the customer’s money, and personal details. This leaves the victim responsible for trying to get compensation from their bank or credit card company, often in vain.

3. A bit of romance? When the economy suffers, people may also be impacted emotionally. They may be struggling from recently losing their job or have worries of financial instability. They might be suffering from low self-esteem. All of these things can make people especially vulnerable to online romance scams.

In these scams, criminals strike up an online relationship with victims, sending emails, communicating in chat rooms and buzzing their victims' phones with amorous texts. After building up trust, the scammers, promising to soon meet their victims in person, ask for money or ask for help move money around – money laundering.

2. Companies trying to cut costs could lead to more breaches making consumers and companies vulnerable.

The economy's troubles will also impact companies in 2023. We have already seen many companies reducing headcount, and it is likely to continue into next year. When companies operate with fewer staff and people are take on new responsibilities, companies can become more vulnerable to data breaches, ransomware attacks, and other cybercrimes.

Why? With reduced investment in IT security, phishing scams, data leaks and viruses, are more likely to slip through. Don't be surprised by headlines announcing big data breaches or record-setting ransomware payments in 2023.

And then of course, there is the risk of disgruntled employees deliberately stealing or leaking, confidential or customer information.

3. Advanced and open generative AI frameworks may be used by cybercriminals to create more compelling content, and even start using them in high-touch interactions such as romance scams.

Last year, we predicted that criminals would take advantage of improving AI technology to boost the effectiveness of their scams. That prediction turned out to be accurate. And this year? Expect scammers to continue to wield AI in their crimes as this technology becomes even more accessible and easier to use.

ChatGPT from OpenAI has made it much easier to write compelling content – content that is not limited to successful appeals against parking fines, school essays, or passing the Bar exam. It’s probably already used by fraudsters to improve the quality of writing used in their scams.

Programs such as Dall-E also from OpenAI, Midjourney, and Stable Diffusion allow users to create images by describing a picture. These models will create several versions of the images that users describe. This technology can be a powerful tool when wielded by cybercriminals.

Consider the romance scam we described earlier. Con artists can use these AI tools to create images of the person they are pretending to be and even place them near specific geographic landmarks to add legitimacy to their fake personas. It's a way to add more depth to an old scam and to more easily persuade a victim to send cash or provide their credit card information.

New AI tools already help us manipulate images and write compelling prose; what happens when language and video AI models become even better, allowing users to imitate real people in real time? Scammers can pretend to be anyone—all to get you to surrender your financial and personal information.

4. Weaker versions of 2FA could be exploited, leading to breaches in companies, which can lead to more consumer information exposure.

Criminals have already demonstrated ways to attack standard two-factor authentication (2FA) technology like SMS - either by intercepting messages en-route, or by using a picture of a passport to obtain a copy of a SIM . Despite this, outside of the financial service industry, we still don't see many companies adopting stronger multi-factor authentication practices for either customers or employees in 2023, and this could impact consumers.

That's a problem. Companies that continue to use weak 2FA are inadvertently leaving the door open for cybercriminals to steal important credentials. That can lead to serious data breaches and cybercrimes.

The key is for companies to turn to what are known as unphishable factors when setting up their multi-factor authentication systems. Unphishable factors are those that criminals can't trick employees into providing. They include such factors as biometrics, device-level security checks, hardware security keys, and cryptographic security keys. Over time, companies will start to deploy these more secure authentication technologies, but it won’t happen anytime soon.

Unfortunately, too many companies rely on phishable factors, those that are easier for criminals to intercept. These phishable factors include passwords, security questions, SMS text messages, and time-based one-time passwords. All of these can be intercepted and used to authenticate fraudulent transactions.

The Final Word

Challenging economic times create opportunities for fraud. Worried people, under pressure to make ends-meet, make mistakes and are more likely to fall for scams. However consumer-facing businesses can always do more to help their customers become safer. It’s not just about securing internal IT systems, it is also about helping the customer avoid malicious content, help them monitor their digital lives for sign of intrusion or compromise, and being there to help them when things go wrong.

Editorial note: Our articles provide educational information for you. Norton offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrolment or setup. Remember that no one can prevent all identity theft or cybercrime.