Reports from law enforcement agencies around the world show that there have been even more victims of cybercrime in the past 12 months than in any other year. Attacks are being conducted alarmingly frequently, and cybercriminals are becoming even more brazen. However, cybercrime is still not dealt with in the same way as other types of crime.
Say you leave home, only to return to your front door kicked in. Everything of value has been stolen. What would you do?
You’d call the police immediately, right?
Now pretend you get an email from what looks to be your bank. They inform you that your banking password needs changed. A link to do so is embedded in the email. The next time you log into your account $1,000.00 is missing. Who would you call?
Most people would instinctively call their bank. But, why wouldn’t they call the police?
You should call the police first. After all, it is a crime. However, this is not how we typically approach online theft. Not only have I devoted my life to identifying and stopping cybercrime, but I’m a victim as well. My mission from the beginning has been this: I want to change people’s thinking about online theft.
On a trip to the grocery store, my card was declined for a small purchase. Knowing that there was more than enough to cover the bill, I contacted my bank only to find out that someone had gone to a Wal-Mart three times and spent $1,800.00 out of my account.
I called the police immediately. They only wanted to file a police statement so the bank would return the money.
The main focus wasn’t just getting my money returned. I also wanted to track down the criminal and put them in jail. However, the police didn’t seem interested. The crook lived in San Diego and I’m in Alabama. They would need to catch the criminal, fly him to Alabama, then house and feed him until the trial. The cost of these expenditures would far outweigh the $1,800.00 that was stolen.
Not satisfied with what I was hearing, I contacted the San Diego District Attorney. They informed me that they’d be glad to help as long as I’d sign an affidavit stating my wife or I would fly to San Diego to testify. Without a witness during the trail, the criminal would most likely be let go with no penalties. The cost of the ticket with room and board during the trial would have been more than the $1800 I had already lost.
I was unable to afford the trip, so I began fighting in a different way.
I began devoting all my time to tracking down cybercriminals and sharing the information that I found, in order to help people protect themselves.
I began to ask, “Why we don’t treat cybercrime the same as physical crime”? If someone would break into your home and steal your TV, we blame the robber. If someone steals $1,000.00 out of your PayPal account, we blame the victim for not having sufficient firewall protection or prevention software. What’s wrong with this picture?
Why are these crimes not acknowledged or tracked by the government? In 2012 alone, there were 18 new victims of cybercrime every second. 9 million of those fell victim to fake banking websites. 19 million Americans had money taken off their credit cards without authorization. 43% of Americans are still the target of large amounts of spam. Despite this, none of these activities are tracked by the Department of Justice.
While I continue the fight to inform people of cybercriminal activity and change tracking procedures, what can the consumer to do protect himself? Consumers should monitor receipts, credit card statements and bank accounts. And, although this isn’t the way that things are currently handled, I believe in the mantra “If you see something, say something.” When consumers are victimized by cybercrime, they should call the police, and if they don’t respond the way that we all think they should. Also, consumers should let their elected officials know by contacting their congressmen and senators. It needs to be known that we want justice against these crimes.
Learn more about my personal experience with cybercrime by viewing my recent talk on the TedX Birmingham Stage:
How did you get into the security industry? Was it a personal experience with cybercrime? Share your experience in the comments section below.