The Ubiquity of Electronic Hacking: My True Cybercrime Story

By Bongs Lainjo, Author of “M and E: Data Management Systems”

In the past year alone, large, high-profile companies, including Bell Canada, Deloitte and Equifax were victims of cyber attacks, failing to protect their systems and their customers’ private information. If titans of industry with a small army of people working to protect those systems are vulnerable, what makes us mere mortals still believe it can’t happen to us?

I too used to think that only careless and complacent neophytes were likely to fall victim to electronic crime. Boy, was I wrong. So wrong that I ended up with the leading role in my own true cybercrime story.

As I do every year, I contacted my telephone service provider (SP) in December to suspend my services for a period of time. And as always, I tried to contact the SP electronically via a chat session. The process of logging in to my account to do so became impossible. I tried every username and password combination to no avail. Based on the excessive number of log-in procedures that many of us have to perform for bank accounts, emails, telephones, etc., I concluded that I may have forgotten the log-in parameters. Wrong again.

I begrudgingly contacted my SP by phone, got comfortable, waited for the endless loop of muzak to begin, and proceeded to hold until what felt like the end of time. Someone finally picked up and delivered the dreaded 2 words: «You can’t!»

That’s the immediate response I got from the SP representative for wanting to suspend my services. When I asked why, the SP told me I had a contract plan and holders of such plans are NOT eligible for any service suspension. I smelled a rat and knew the worst was yet to come.

Fast forward one week: My telephone bills have been automated for the last decade. Every month, I receive an electronic statement from the SP. Unbeknownst to me, and partially because I trust my SP, I realized that I had not received my September and October 2017 statements – even though automatic deductions continued to be made from my account.

During my earlier phone call to the SP, I listened to an automated message detailing my payments and deductions for the month of October. The payment amount was more than twice my regular payment. The drama only escalated when I eventually spoke to a real person at the other end of the line. When the SP told me about the ineligibility of suspending my services, I reminded the provider that I wasn’t doing anything out of the ordinary, and that in fact, I did this every year. She reiterated that because I was on a “service” contract, I couldn’t suspend my services. I retorted that I wasn’t on a service contract. The SP insisted – even telling me the brand of phone I had, which was provided as part of the contract. I told the SP that  during the last decade, I had always used my own phone and that contracts were not desirable to me. We agreed that I needed to verify my automatic deductions. Once I did, I found out that monthly overpayments had been deducted from my account more than twice. I also verified my electronic monthly bills, and low and behold, I had not received any bills for September and October. The SP confirmed that the bills were sent to my “new” email address and that was the reason no red flags were raised.

The SP immediately initiated an investigation, and all the extra charges to my account were reversed. It turned out the perpetrator hacked my SP account and modified my details, including changing my email address, to syphon payments from my account to pay for their costly new phone and services.

So what can we take away from this? Even with painstaking care taken by some users and providers, hackers are generally always ahead of the curve. With all the sophisticated and advanced technological strategies available and implemented by some small and large organizations, the challenges continue to evolve with limited green light on the other side of the Rubicon. This situation becomes even more distressing when trusted “insiders” are found to be complicit in some of these criminal practices.

Hacking Trends and Big Data

Users expect a safe and secure online experience, for both business and personal purposes. However, increased data breaches, espionage, and cybercrimes can erode trust. Reports indicate that 178 million records were stolen in 2015, with security breaches highest in Asia and the Pacific region while Europe and North America reported the lowest. In this regard, cloud management is a major and increasingly expensive challenge.

Cybercrime damage is expected to cost the world more than $6 trillion yearly over the next five years – up from $3 billion reported in 2016. Costs include stolen money, destruction of data, loss of productivity, post-attack disruption of normal operations, embezzlement, and theft of intellectual property. The costs also include reputational harm, forensic investigation, and restoration of hacked data.

With cloud-based enterprise workloads projected to increase by 29% in the next five years, security remains one of the biggest challenges. Furthermore, according to current research findings, electronic theft is yet to peak and the tipping point will surely be a wakeup call for all of us!

At a personal level, my experience as a user of many services reminded me how vulnerable we are, especially in circumstances beyond our control. Even when precautions are taken, the reality is that even the most diligent and adept institutions remain at risk. So stay vigilant my friends, and try to make peace with musak and being put on hold.