Cybercrime risks to grow in 2023 — don't leave yourself exposed 

This past year was ripe with cyberattacks, including the high-profile ransomware breach of Suffolk County’s government computer systems.

In fact, the number of cyberattacks targeting organizations in North America rose 47% in the third quarter of 2022 compared with Q3 2021, according to Check Point Research, a provider of cyber threat intelligence.

Looking ahead, experts expect risks to continue to grow in 2023. Several key threat areas include social media account takeovers, payment apps and scams targeting specific ethnic groups or immigrants with limited English proficiency.

“I think it’s going to continue to be a very active year for identity crimes and compromises,” says Eva Velasquez, President/CEO of the Identity Theft Resource Center (ITRC), a nonprofit organization established to minimize risk and mitigate the impact of identity compromise.

Scammers are leveraging technological vulnerabilities less and human vulnerabilities more, she says.

This is one reason why scams targeting those with limited English proficiency will increase along with relationship scams, with hackers gaining trust of unsuspecting victims through avenues like social media and dating sites, Velasquez says.
Social media account takeovers increased by more than 1,000% in 2022 because more people fell for phishing attacks and identity-based scams, according to ITRC.

Phishing involves scammers sending messages pretending to be a trusted person or organization. It’s often used to gain access to accounts or steal user data or even money.

Colette Lee Morales of Long Beach, an event planner, fitness trainer and hair stylist, was the victim of a social media account takeover early 2022.

Her Instagram account, with more than 5,000 followers, was taken over with the scammer wanting her to pay $500 in bitcoin to get it back.

An impostor posing as one of her Instagram followers, who she didn’t realize had been hacked, sent her a link and when Morales clicked on the link, she was immediately locked out of her account. The hacker also changed her personal information so she couldn’t get back in.

Morales was able to make contact with him for a brief moment through an Instagram video call and pleaded for him to give it back but he refused. Pretending to be her, he even scammed three of her followers out of money by direct messaging them on Instagram.

“That was the worst part they were talking to him and they thought they were talking to me,” she said.

She ultimately was able to get her account back without paying ransom through Instagram Selfie Verification, but she ended up losing over 100 followers who were scared off by bitcoin ads he was posting.

“It wasn’t about the number of followers for me, it’s just I really didn’t want to lose contact with people that I’ve connected with all over the world,” she says.

Social media account takeovers and other phishing-related threats will definitely be on the rise this year, says Adam Schwam, President of Farmingdale-based Sandwire Corp., a managed IT services company.

Phishing emails can look like they are from a trusted source, but once you click on a malicious link, you could be hacked.

Once they get into your email account, the threat isn’t just to you, it’s to your network who they can now directly reach, he says.

He offers clients a service, BullPhish ID, that mimics and sends out fake emails to employees. It tests them to see what they click on and then provides training to deter risky practices.

He also utilizes ID Agent, which monitors company website domain names and email addresses on the dark web to scour if either has been compromised, Schwam says.

And he also utilizes Passly, which is a password manager and enables multi-factor authentication, which requires the user to enter multiple forms of verification. It's like when you get a text code from your bank to verify your account.

“Multi-factor authentication can help combat many of these threats,” says Matt Pomara, co-founder and vice president of Ark Technology Companies in Garden City, an information technology company.

It’s available as an option to enable on many social media accounts, he says. But many people don't bother.

Morales, since getting hacked, has enabled that feature on her Instagram account.

Pomara also said people must be more careful with their passwords and use different passwords for different accounts.

People reluctant to use password managers tend to repeat the same passwords across multiple accounts, he says.

Other areas of concern, says Pomara, are risks tied to the continued work-from-home trend with people using their own unprotected devices.

Companies must make sure the devices employees are using have up-to-date security protections, he said.

And the increased popularity of payment apps could prove fertile ground for scammers, says Velasquez. The Federal Trade Commission has warned consumers about avoiding such scams on apps like Venmo and Cash App,

You can stop payment on a check or dispute charges on a credit card, she says, but there are limited protections on these payment apps, she says.