Editor’s note: This is the first of a regular feature the Catholic News Herald is launching to help readers remain aware of online threats. Information and helpful tips about cybersecurity, privacy and safety will be shared from Scott Long, information technology director for the Diocese of Charlotte.
Cybercriminals steal. Cybercriminals are smart. They do not care who they hurt. You might think that they target mostly large companies or organizations, but in fact, 71 percent of cyber-attacks happen at organizations with fewer than 100 employees, the U.S. Congressional Small Business Committee found in a 2015 study. Those numbers remain relatively unchanged today.
Why do cybercriminals attack small and medium-sized businesses? The goal of almost all cyber-attacks is to obtain personal data. Larger enterprises typically have more data to steal, but small businesses have less secure networks that make them easier for hackers to breach. Hackers can employ automated attacks to target thousands of small businesses, making size less of an issue than network security.
What are they looking for? Criminals want your name, street address, email address, phone number, and other personal data that they can then use to steal your identity. The crime of opening accounts in someone else’s name using legitimate information is called identity theft. Your Social Security number is the holy grail for these criminals, because with that data they can open credit cards and bank accounts, etc., in your name. You may never know that your identity has been stolen until you legitimately apply for credit or when your payments start to bounce.
Criminals can also buy data collected through legitimate internet services, or they buy it from illegitimate sources, or they steal it.
It’s nearly impossible in this day and age to avoid giving out some personal information online. Think about all of the subscriptions you’ve registered for, ones that required the exact data just mentioned above. Did you read the fine print in the privacy policy or information disclosure statement before clicking “yes” and then downloading, registering or subscribing? How secure is that vendor?
It is also important to routinely check your bank statements and credit history, and if you have access to a fraud or identity theft prevention service, use it as much as possible.
Besides identity theft, another common cyber-attack involves impersonation. Criminals steal a community leader’s reputation, authority and influence in the community by setting up fake email accounts or stealing the contents of the victim’s address book or email addresses associated with the leader’s profession. Then they send out email impersonation campaigns, soliciting for money or gifts.
This has been a problem in several dioceses, including the Diocese of Charlotte. Leaders who have been impersonated in the diocese include dozens of pastors, school principals, even Bishop Peter Jugis!
Everyone who uses email is a potential victim of this cybercrime.
How can you protect yourself? Before responding to an email request for money or your personal information, especially if it says it is an urgent request, first stop and think. Is it legitimate? You’ll likely conclude that something is not quite right about it. Follow your instincts, and check with the parish, school or the chancery to verify the communication. Ensure the request is legitimate before you send money, gift cards, or even any response at all. Please know that pastors and others in our diocese do not solicit for cash or gift cards through email.
Another way to avoid impersonation attacks is to avoid posting your email address on a website or social media page. Cybercriminals use “bots” – short for “web robots,” a software application that can automate tasks over the internet in high volumes – to scour the web looking for vulnerabilities to exploit. Harvesting email addresses from web pages is an easy tactic for them. Use an email form tool on your website, and spell out your email address (using the words “at” and “dot”) when posting it online or sharing it with anyone.
Educate yourself about cybercrime, then share what you know with your family, friends, fellow parishioners and school communities so that we can all help make the online world safer and more secure. More to come in future editions of the Catholic News Herald. God bless.
Scott Long is the information technology director for the Diocese of Charlotte.