Three must-know cyber security threats in 2022
High-net-worth individuals and family offices are often seen as attractive targets for cyber criminals as they have substantial assets but generally lack the levels of protection you find in a major corporation.
In order to provide our clients with enhanced security, we have a relationship with, and offer a referral service to, a firm called XCyber. Founded by former UK government intelligence specialists and offering state-grade solutions, XCyber pride themselves on protecting people, data, brands and reputation in the digital domain.
We caught up with them to look at the three biggest cyber security threats which they think our clients will be facing, and therefore need to stay live to, in 2022.
1. The rise of credential stuffing
Credential stuffing is a serious and growing problem. It occurs when cyber criminals get hold of large numbers of stolen username and password pairs, and use the “credentials” to try and break into thousands of websites at a time.
The hackers tap into huge stockpiles of login credentials posted on the internet over the years after various data breaches and leaks – recycling them using their modern “stuffing” techniques. It’s particularly hazardous for people who use the same login and password combinations across multiple sites.
As part of XCyber’s monitoring of cyber criminals across the dark web, they regularly come across stolen or compromised login credentials that are often used to gain unauthorised access to user accounts.
“Even if the hackers are only successful 0.1% of the time, because of the numbers involved in their targeting which runs into millions upon millions, it still provides a high potential yield,” says Archie Nelson, XCyber’s Operational Requirements Lead.
From there, the attacker will look to gain access to as many unauthorised accounts as possible – so they can carry out other attacks or fraudulent activities.
“The real problem is if they get into your email – they can wreak havoc from there,” adds Archie. “They no longer need access to your bank account. By hacking into your email, they can intercept invoices and change payment instructions – from house purchases, to making donations, collecting rent, school fees or even buying art.”
Popular TV and audio streaming sites have also been victims of credential stuffing in recent times – with users either being locked out of their accounts or experiencing other disruptions. While attacks on well-known food delivery firms have also seen hackers order food from customers’ accounts, with losses adding up to hundreds or thousands of pounds.
2. Troubling phishing trends
As we highlighted in an earlier cyber-crime article, a ‘phishing attack’ tricks people into giving up sensitive personal data or financial information, usually by clicking on a malicious link in an email. These emails and phishing landing pages are becoming increasingly convincing, and are now probably the most common form of cyber-attack.
“The big peril is the same as credential stuffing – with the attacker successfully tricking the target into divulging their password and therefore gaining ‘legitimate’ access into the target’s email inbox,” says Archie.
“From there, they can do any number of things – from perpetuating spam, to gathering personal information and launching identity fraud. But again, the golden egg they’re looking for is anything related to payment instructions so they can try to divert and steal your money.”
Phishing scams have risen sharply since the start of the pandemic, according to the FBI1, with many people now embracing the work-from-home revolution. But hackers know that when people work remotely, they are also more likely to let their guard down or be distracted, which is the ideal time to exploit the situation.
“It all starts with a phish and ends with an awkward exchange insisting you’ve paid, only to find out you’ve paid a criminal,” adds Archie.
3. Avoiding an impersonation attack
Scammers can also pretend to be you and leverage this to either make money or damage reputations.
“Impersonation is a big problem for high-profile people,” says Archie.
The names of major celebrities are often used in fake endorsement scams, especially cryptocurrency related schemes.
Of course, these celebrities have nothing to do with the scams, where criminals will create fake news sites to make the ploy more convincing. It’s a worrying trend. The UK’s National Cyber Security Centre took down more than 730,000 such celebrity scam websites in 2020.
“It’s not just famous people who need to be aware of this type of scam, it can also be used against anyone,” adds Archie. “Criminals can quite easily register a fake email or social network account under your name. Using some basic internet research, they can then start to impersonate you.”
In another form of the scam, criminals can also pose as someone you trust. The attacker will look to build a relationship with the victim – by posing as either a client or a larger corporation – through a seemingly honest email, or by creating a fake social networking account.
Once trust is established, attacks will soon be deployed – in the hope of tricking you into making security mistakes or giving away sensitive information.
How to access XCyber’s services
Our XCyber referral service is available to all our clients, apart from in Monaco and Switzerland, and Barclays Private Bank does not receive a referral fee for facilitating introductions.
We established the relationship because we want our clients to have secure online defences. XCyber’s services include conducting a full review of a client’s existing security measures, and identifying potential weaknesses, before recommending a personalised strategy to help strengthen their defences.
If you’d like to learn more, please contact your Private Banker who will be happy to put you in touch with XCyber.
Any service provided herein is offered directly by XCyber only. Barclays sole role is to refer you to XCyber and is not providing any recommendation or advice. Barclays receives no payment or fee for this referral. We provide no guarantee to the services herein and that the client should engage their own legal and specialist advisers for documentation, etc.
- Has been prepared by Barclays Bank PLC (Barclays) and is provided for information purposes only and is subject to change. It is indicative only and not binding. References to Barclays means any entity within the Barclays Group of companies, where “Barclays Group” means Barclays and its affiliates, subsidiaries and undertakings.
- Is general in nature and does not take into account any specific investment objectives, financial situation or particular needs of any particular person.
- Does not constitute an offer, an invitation or a recommendation to enter into any product or service and does not constitute investment advice, solicitation to buy or sell securities and/or a personal recommendation. Any entry into any product or service requires Barclays’ subsequent formal agreement which will be subject to internal approvals and execution of binding documents.
- Is confidential and is for the benefit of the recipient. No part of it may be reproduced, distributed or transmitted without the prior written permission of Barclays.
- Has not been reviewed or approved by any regulatory authority.
· This communication is a marketing communication for the purposes of the relevant conduct of business requirements applicable to the communication.
Where information in this communication has been obtained from third party sources, we believe those sources to be reliable but we do not guarantee the information’s accuracy and you should note that it may be incomplete or condensed.
Neither Barclays nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation.
Law or regulation in certain countries may restrict the manner of distribution of this communication and the availability of the products and services, and persons who come into possession of this publication are required to inform themselves of and observe such restrictions.
You have sole responsibility for the management of your tax and legal affairs including making any applicable filings and payments and complying with any applicable laws and regulations. We have not and will not provide you with tax or legal advice and recommend that you obtain independent tax and legal advice tailored to your individual circumstances.