The IT Nerd

Atlas VPN findings reveal that Americans lost $1.19 billion to imposter fraud in 2020, which is $613.8 million more than last year, representing a 106.56% increase. 

Here, a criminal pretends to be a trusted person to get consumers to send money or provide sensitive personal information. Most commonly, scammers impersonate a family member, a government agency, a computer technician, a well-known company representative, or even a romantic interest.

The data is provided by the Federal Trade Commission (FTC). US Citizens can submit fraud reports to the FTC for further investigation. The FTC shares this data to inform the nation about the state of the cybercrime landscape in the US. 

Last year, Americans submitted 498,278 imposter scam complaints, out of which 22% reported a financial loss. Median loss reaches $850. Scammers used phone calls as the most common method of contact. On average, US citizens lost $297.45 million per quarter to imposter scams in 2020.

In 2019, consumers lost $576 million to impersonators from 645,874 individual complaints. Significantly fewer people reported losing money to such scams, with 13% of complaints indicating monetary damages. On average, victims lost $144 million per quarter, with median losses standing at $650. Once again, fraudsters mostly used phone calls to contact the victims.

Looking back at 2018, US consumers submitted 549,922 pretender scam complaints. Over 18% of victims indicated a financial loss, which amounted to $491.6 million in damages. Fraudsters swindled out around $122.9 million per quarter, with median losses at $500.

Finally, throughout the last five years, US residents suffered a staggering $2.34 billion in damages from imposter scams.

To read the full article, head over to: https://atlasvpn.com/blog/americans-lost-1-19-billion-to-imposter-scams-in-2020

The COVID-19 pandemic forced the majority of people to move their work to their homes, which meant an unprecedented increase in online meeting application usage. 

Criminals did not overlook this fact and started to distribute malware using popular meeting applications as a lure. 

Atlas VPN analysis reveals that cyberthreats disguised as videoconferencing applications jumped by 1,067% in a year. 

Threat actors spread these malicious files through phishing emails or websites. Fraudsters create seemingly authentic emails and websites to lure victims into downloading the installer, which comes with a hidden bonus called malware.  

Edward Garb, a cybersecurity researcher and writer at Atlas VPN, shares his advice on how to protect yourself against malware:

“There are countless little tricks that fraudsters can use to dupe you into clicking on a phishing link or downloading an attachment. As a rule of thumb, simply decide to ignore all email attachments and links until you confirm with your colleagues, friends, or Google search that a particular company is indeed sending out such emails.

If you need to download a particular software, go to their website directly, do not click on an email link, or use downloaders from third-party websites.”

In March 2020, researchers detected 90,000 malicious installers hidden under the name of popular meeting applications, while in February 2020, the number jumped to a staggering 1.05 million, representing a nearly 12x increase.

Most threats were detected in January 2021, when victims encountered 1.15 million cyber threats. 

Throughout last year, hackers attacked victims with this type of malware around 411,000 times per month. The volume of attacks increased steadily during 2020, with a noticeable spike in November and December.

To read the full article, head over to: https://atlasvpn.com/blog/malware-disguised-as-meeting-apps-spiked-by-1-067-in-12-months

Ransomware is malicious software that restricts access to a victim’s files or devices until the ransom is paid. Last year, this type of attack was one of the cybercriminals’ favorite methods for targeting organizations.

According to the data presented by the Atlas VPN team, the government sector was the most affected by ransomware attacks in 2020, followed by Banking. In total, 50% of last year’s ransomware attacks were directed at these industries among the top 10 most-targeted sectors.

Government organizations took the biggest share of ransomware attacks last year — 31,906, while the banking sector suffered 22,082 attacks. Other industries that made it to the top five include manufacturing (17,071), healthcare (15,701), and finance (4,917).

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on ransomware attack trends in 2020: 

“Financial organizations have always been popular targets among cybercriminals due to their wealth.  In the meantime, the government and healthcare sectors are known to be especially vulnerable to cyberattacks. As the latter industries also played a critical role in dealing with the global pandemic last year, they became an easy prey to hackers.”

WannaCry ransomware was favored by cybercriminals

Like most cyber threats out there, ransomware comes in many different types. However, some ransomware families were more popular last year than the others.

Out of all the ransomware types, WannaCry, also referred to as WCry, was most favored by cybercriminals. This cyber threat was responsible for 220,166 or nearly 87% of all last year’s top ransomware families’ attacks. 

Locky ransomware also continued to plague organizations last year. There were 15,816 Locky cases detected in 2020. 

Other ransomware families that were highly active last year include Cerber (5,448),  Ryuk (3,376), GandCrab (2,326), Sodinokibi (2,275), Crysis (1,744), Crypwall (1,019), Egregor(827), and DoppelPaymer (526). 

To read the full article, head over to: https://atlasvpn.com/blog/government-most-hit-by-ransomware-attacks-in-2020-followed-by-banking

According to data presented by Atlas VPN, Americans over 60 years old lost a staggering $966 million to various types of internet scams in 2020.

Edward Garb, Cybersecurity Researcher at Atlas VPN, explains why fraudsters focus on older generations: 

“Not only do cybercriminals target victims over the age of 60 because they are believed to have significant financial resources, but also because elders tend to lack knowledge about basic internet security practices.”

Americans ages 60 and older submitted 105,301 complaints to the FBI and reported a total of $966 million in monetary damages last year. Meaning, on average, older citizens lose $9,174 per scam. Looking at monetary damages on a day-by-day basis, elders lost around $2.65 million daily in 2020.

US citizens ages 50-59 lost nearly $849 million from 85,967 reported scams in 2020. Average financial losses per scam are even bigger, amounting to an average of $9,863 per complaint.  

Next up, people ages 40-49 also lost a huge amount of money to cybercriminals, totaling $717 million from 91,568 reports. In other words, this demographic loses around $7,832 every time they fall victim to internet scams. 

Even though Americans ages 30-39 reported a similar number of scams at 88,364, their losses are substantially lower than all previous groups, at $492 million in losses in 2020. In turn, their reported losses per complaint are also smaller, reaching around $5,570.

Internet users ages 20-29 suffered over $197 million in financial losses from 70,791 reported internet crime cases, which means that generally, victims in this demographic suffer $2,788 in damages when they get scammed online. 

To read the full article, head over to: https://atlasvpn.com/blog/elderly-people-lost-nearly-1-billion-to-intern

Recent findings by Atlas VPN reveal that government documents or benefits fraud jumped 45 times in 2020. Most states have experienced a dramatic surge in fraudulent unemployment benefits claims filed by organized crime rings using stolen identities. 

In short, fraudsters are utilizing phishing scams, past data breaches, and other methods to collect information from individuals across the nation and file for Unemployment Insurance (UI) and Pandemic Unemployment Assistance (PUA) benefits.

Edward Garb, Cybersecurity Researcher at Atlas VPN notes, that:

 “Not only did government documents or benefits fraud reach an all-time high, but it even became the most prominent scam strategy in 2020.”

The Federal Trade Commission (FTC) received 5,251 such complaints in 2019 Q4, while in 2020 Q4, the number reached a staggering 235,859 individual reports, representing a 4,391% increase.

Americans filed a total of 406,375 complaints regarding government documents or benefits fraud in 2020, which amounts to around 1,113 victims per day.  

Most people realize that they were a victim of identity theft when they get a notice from their employer or from their state unemployment benefits office regarding their supposed application for benefits. 

However, at that point, the funds have usually been transferred to the criminals’ account. Fraudsters then transfer the money through countless foreign accounts so that it would be nearly impossible to track down. 

Another note-worthy increase was in loan or lease fraud. This type of scam jumped from 32,295 complaints in 2019 Q4 to 59,900 in 2020 Q4, amounting to an 85% increase.

As a final note about the prevalence of identity theft in the US, the Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

To read the full article, head over to: https://atlasvpn.com/blog/government-documents-and-benefits-fraud-surged-45-times-in-2020

It is no secret that cybercriminals often pretend to be someone they are not to lure out people’s money or valuable information, and what can be better used for this purpose than a well-known and trusted brand?

According to the data presented by the Atlas VPN team, Microsoft and Zoom were the most commonly impersonated companies in the phishing attacks in 2020. In total, 80% of all last year’s brand email phishing campaigns imitated Microsoft or Zoom to scam victims.

Multinational technology company Microsoft was a definite leader over the other brand impersonators. The brand was used in a whopping 28,536 unique phishing attempts accounting for 70% of all last year’s brand phishing campaigns. 

However, Zoom, which exploded in popularity amid the pandemic when all the industries turned to remote video communication tools, came in second. It was exploited in 3,803 brand phishing campaigns, which constitute more than 9% of all such attempts.

In the meantime, the third spot in the list is occupied by the world’s largest online retailerAmazon. Amazon’s brand name was taken advantage of in 2,747 or nearly 7% of all phishing campaigns impersonating well-known brands. 

In total, over 12% of all last year’s phishing emails used brand impersonation as their tactics.

Technology was the most impersonated industry of 2020

With Microsoft being the most phished brand, it is not surprising that the technology sectordominated phishing emails last year. Companies in the technology sector, such as Microsoft, Netflix, DocuSign, LinkedIn, Apple, Dropbox, and ADP, were exploited in close to 72% of all phishing campaigns that imitated existing brands.

The technology sector is followed by the telecommunication industry. Names of telecommunication industry leaders, such as Zoom, RingCentral, eFax, Xerox, and AT&T, were used in close to 14% of such phishing attempts in 2020.

Meanwhile, companies’ names in the retail industry were utilized in 8.5% of such phishing attempts in 2020. Notable brands include the already mentioned Amazon and CVS, as well as Sam’s Club and Walmart.

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on the situation: “With the eruption of the global pandemic, most of our lives transferred online, and cybercriminals were quick to take advantage of the situation by launching new scam schemes and phishing attacks. When it comes to the latter, fraudsters favored brands and industries that people were relying on the most during the pandemic.”

To read the full article, head over to: https://atlasvpn.com/blog/microsoft-and-zoom-most-impersonated-brands-at-80-in-2020-phishing-attempts

Few events in the recent decades have impacted how we go about our daily lives or conduct business as much as Covid-19. When the global pandemic hit last year, many were forced to shift to remote work or transfer their business online, bringing about a wave of challenges.

According to the data presented by the Atlas VPN team, based on the KPMG 2021 CEO Outlook Pulse survey, nearly one-fifth (18%) of CEOs see cybersecurity risks as the number one threat to their organizations’ growth over the next three years. 

Concern over cybersecurity risks rose significantly among CEOs compared to last year, when it occupied the fifth spot in the list with 10% of CEOs indicating it poses a threat to their organizations’ development. 

Other CEO concerns that made it to the top five include tax risk (14%), regulatory risk (14%), supply chain risk (12%), operational risk (10%), environmental or climate change risk (10%), emerging or disruptive technology risk (6%), and interest rate risk (6%). 

Meanwhile, talent risk, which occupied the first spot among concerns last year, dropped by a fifth (20%) to a mere 1% in 2021.

To mitigate these risks, companies plan to spend more on digital technologies this year, with 52% prioritizing data security measures.

Rachel Welch, COO of Atlas VPN, shares her thoughts on the situation:

“The emphasis on cybersecurity in companies is long overdue. While Covid-19 has brought about a myriad of challenges for individuals and organizations, it has also encouraged us to seek better practices. In the end, those who will be able to adapt to the new normal in the post-Covid world will come out of the situation more robust than before.”

To read the full article, head over to: https://atlasvpn.com/blog/nearly-one-fifth-of-ceos-see-cybersecurity-as-the-biggest-threat-to-organizations-growth

Analysis by Atlas VPN reveals that phishing in the US soared over 12 times in the last five years, hitting a record 241,342 complaints in 2020.

This data is provided by the Federal Bureau of Investigation’s (FBI) branch called Internet Crime Complaint Center (IC3). This branch was established in May 2000 as a center to receive complaints of Internet crime.

According to Rachel Welch, COO of Atlas VPN, “The FBI data only confirms what most of our other reports found when looking back at 2020. Last year cyber criminals went on an internet crime spree and caused more damages than ever before.”

In 2016, the FBI’s crime center received 19,465 phishing reports, while in 2020, the number jumped to 241,342, representing an 1140% increase. Phishing-related monetary damages amounted to $54 million in 2020.

Phishing complaints increased by more than 110% when comparing 2020 to the previous year.

2020 internet crimes by type

The Federal Bureau of Investigations reports that they received a record number of reports from US citizens in 2020 at 791,790, a 69% growth from 2019. 

Moreover, losses due to internet crime increased by $700 million from $3.5 billion in 2019 to $4.2 billion in 2020.

The American public was mostly attacked by phishing/vishing/smishing/pharming attacks. The second most common internet crime in the US is non-payment or non-delivery, at 108,889 complaints in 2020, amounting to $265 million in losses.

To read the full article, head over to: https://atlasvpn.com/blog/fbi-reports-12x-surge-in-phishing-complaints-over-the-past-5-years

Shockingly, 99.2% of US government Android users run outdated operating systems, exposing themselves to hundreds of vulnerabilities. 

Let’s not forget that due to COVID-19, the majority of government employees had to shift rapidly to remote-work. Meaning, workers started to use their mobile devices to access government data more than ever before, in turn creating a vast attack surface for cybercriminals.

According to Rachel Welch, COO of Atlas VPN, “These figures are a massive concern since government agencies store extremely sensitive information. If that data falls into the wrong hands, it could cause large-scale havoc.”

Diving into the analysis, it appears that as many as 22.8% of the US government workers still use the Android 8 operating system. 

This version of OS is called Android Oreo and was released to the public on August 21, 2017. This operating system has 636 known vulnerabilities. We can expect countless new attack vectors to surface as time goes by.

Moving forward, 28.2% of federal, state, and local government employees use the Android 9 operating system. According to publicly available data, this OS has 173 publicly known vulnerabilities. This Android version is known as Android Pie and was released to the world on August 6, 2018.

Next up is Android 10, the most popular operating system amongst the US government employees. Over 38.3% of workers run this OS on their Android devices. This operating system has more than 266 vulnerabilities known to date and was originally released on September 3, 2019.

To read the full article, head over to: https://atlasvpn.com/blog/99-of-us-government-employees-run-outdated-android-oss

Recent estimations by the Atlas VPN research team reveal that over 1 million US government employees were potentially exposed to mobile phishing scams from January 1, 2020, to December 31, 2020. 

Phishing attacks designed to steal sensitive data like login credentials can be delivered through email, messaging applications, social media platforms, or even dating applications.

The estimations are based on numbers provided by Lookout, a leading mobile security platform. Lookout is used by the US federal, state, and local government workers on both personal and government-issued mobile devices. 

Approximation reveals that as many as 140 thousand US federal employees were exposed to phishing scams in 2020. Furthermore, over 366 thousand state employees and 946 thousand local employees potentially received phishing scams at least one time in the period from January 1 to December 31, 2020.

99% of US government employees run outdated Android OS’s

Perhaps even more shocking is the fact that a staggering 99% of US government Android users run on outdated operating systems, exposing them to hundreds of vulnerabilities. 

For example, as many as 22.8% of the US government staff that have Android devices still use the Android 8 operating system. This version of OS is called Android Oreo and was released to the public on August 21, 2017. 

Currently, this operating system has 636 known vulnerabilities. We can expect countless new attack vectors to surface as time goes by.

As of March 10, 2021, the newest Android operating system is version 11. It was released on September 8, 2020, but only 0.08% of US government workers have updated their phones to this release. 

To read the full article, head over to: https://atlasvpn.com/blog/over-140-thousand-us-federal-employees-exposed-to-phishing-scams-in-2020