Marta Štefanič, Arnes, SI-CERT, Ljubljana
The internet seems to be speeding away from us; at least that is the impression you get from a brief glimpse at the statistics of incidents from SI-CERT, slovenian computer emergency response team. In 2015, for the first time since 2008 SI-CERT started recording reported incident statistics, the number of reported incidents of online fraud exceeded the number of reported technical incidents: extortion viruses (ransomware), phishing attacks, online shopping fraud, extortion using covertly obtained intimate images and other fraud that most commonly spreads through the popular social networks. We are also concerned about the fact that in order to carry out the majority of this fraud, the attackers did not need any advanced computer skills, all they needed was some simple social engineering techniques. So we are already paying a tax on our lack of awareness, naivety and ignorance of online mechanisms. Those who have been defrauded are not computer illiterates, they are average users who do not heed the recommendations for safe use of online services, imagining that nothing can happen to them. We enthusiastically use social networks, we shop online, and we use online payment facilities, services for booking accommodation and so on. At the same time we forget that great technological advances that simplify our working processes also bring with them great responsibility. Online providers and intermediaries are responsible for delivering services and enabling their safe operation, while it is up to us users to use web services in line with the rules and conditions of use, and with no less caution than we previously applied to their non-digital predecessors. Take card transactions, for instance; at a POS terminal we cover up our PIN protectively, but then immediately entrust our credit card to some online store of dubious origin. And if it is really that easy to use social networks, why is most fraud committed right there on them? Trusting that the criminals will be prosecuted is pretty much pointless. The jurisdiction of institutions to solve online crime ends at the borders of the European Union, and the fraudsters take full advantage of this. They set up their websites on foreign servers, hiding behind generic electronic addresses, they use encrypted payment currencies, contact us from fake profiles and are often based in Third World countries, where their legislation is seriously lacking and the possibility of prosecution is a distinct rarity. It is we users who can do most to protect our security. The internet is a constantly evolving dimension that is gradually taking over the tasks and functions of services in real life, and the principles we must heed for a safe user experience are similar: caution, healthy scepticism and vigilance.
