How many traps have you fallen into, from pranks to AI scams?

        When it comes to 'cybersecurity', what image comes to your mind? Full of code on the screen? Black hat hackers? Or is it the 'package undelivered' text message? In the past thirty years, hackers have not only relied on technological infringement, but also engaged in fraud through brand management: from packaging messages, imitating tone, to building trust by getting closer, people are still willing to click on links, enter passwords, and even transfer funds voluntarily despite having some doubts. This issue of "Cybersecurity Network" introduces the evolution of fraud techniques and shares basic self-protection measures.

        Early on: Just a otaku prank? (1990s)

                In the 1980s and 1990s, the internet was just beginning to rise, and hackers were mostly tech savvy. They crack programs and infiltrate systems, mostly just to show off their skills or play pranks, such as hacking into school computers to manipulate grades or putting strange pictures on web pages. Until the emergence of the Melissa virus, it caused a global uproar.

        The Melissa virus is like a regular Word file, spreading through email. Once the recipient opens the file, the computer automatically forwards it to the first 50 contacts in the address book. Although the virus does not destroy personal files, its widespread spread can cripple a company's email system, causing global losses of up to USD 80 million. Although the creator was just joking, it also made everyone realize that a seemingly harmless letter can be the beginning of a large-scale attack.

        Evolution 1: From viruses to phishing scams (2000s)

        With the popularity of the internet, hackers have shifted their focus from spreading computer viruses to targeting people, and the new tactic of "phishing scams" has quickly become popular. At a time when online shopping is on the rise and people are still learning how to log in to online banking and use credit cards for online payments, hackers have begun to imitate fake notifications from PayPal or eBay. This type of fraudulent message is almost indistinguishable and easy to deceive, leading to large-scale personal data leakage and account theft. Although the method is not new, it is still one of the most effective ways of fraud to this day.

        Evolution 2: The Ransomware Era (2010s)

        In the following years, hackers have upgraded again. In 2017, a ransomware called 'WannaCry' swept the globe. It will automatically invade Windows computers, lock all files, and require users to pay Bitcoin to unlock them. Hospitals in the UK are unable to operate as a result, the Russian subway system is shut down, and CPC Corporation and Taiwan have also been infected. This type of attack has caused billions of dollars in global losses and has also brought attention to 'enterprise security'. Unlike phishing scams that target individuals, ransomware is a large-scale attack by hackers on businesses and governments, combined with encryption technology and anonymous currency, making it more difficult for the police to trace.

        Evolution Three: Supply Chain Becomes a New Breakthrough (2020s)

        The hacker later discovered that the system protection of the business owner was becoming increasingly strong, and the vendors in the supply chain became relatively easy targets to break through. In 2023, Kinmax, an IT service provider of TSMC, was attacked, resulting in data leakage and being publicly extorted by hackers for USD 70 million. Although this incident did not affect the company's business operations or customer data, it highlights a trend: the target of security attacks is no longer a single company, but the entire ecosystem. As long as one link goes wrong, the entire supply chain may suffer, which is why many companies currently require their partners to also meet certain security standards.

        Evolution 4: Social Engineering and Fake Identity Fraud

        In recent years, many fraudulent methods have become more realistic, such as Facebook sending official letters notifying users of violations and providing a link to appeal. The logo and layout of the website may seem identical to the official one, even including customer service chat rooms, but as soon as the user enters their account and password, their information is immediately stolen by hackers. This type of social engineering attack does not necessarily rely on technology, but on people's trust and habits to commit fraud, making the other party willingly surrender the data. With the advancement of AI technology, hackers can not only fake websites, but also people.

        Evolution 5: AI Fraud Appears (Now in Progress)

        In 2023, a company in Hong Kong received a video call from its head office Chief Financial Officer requesting an urgent remittance. After verification, it was found that the video conference was entirely synthesized by AI, and the Chief Financial Officer's voice and images were all simulated virtual avatars. But at that time, the other party's voice and appearance were exactly the same as those of real people, and they could interact in real time. This is the deep fake fraud that is now developing rapidly. Not only can the film change faces, but it can also instantly create realistic dialogues, making it difficult for people to guard against. Imagine in the future, when you receive phone calls from your child or voice messages from your supervisor, they may all be fake. This is no longer a movie scene, but a reality that is happening.

        Don't panic, but start understanding

        The evolution of cybercrime over the past 30 years is like a tug of war between hackers and defenders. Hackers will escalate, and as defenders, we also need to keep up. We don't necessarily have to become cybersecurity experts, but cultivating cybersecurity awareness is a necessary self-protection ability for modern people. We need to establish the following concepts:

        Be skeptical about information that is too favorable.

        Upon receiving instructions to provide personal information or make a remittance, all parties involved must verify.

        Use two factor authentication and regularly update passwords.

        When encountering uncertain links or messages, pause and check first.

        Nowadays, hackers' techniques are becoming increasingly sophisticated, and their opportunities come from the momentary carelessness of the public. Therefore, a little more vigilance and confirmation can save one frustration. Make cybersecurity a habit in daily life, just like checking doors and windows before going out every day, instead of only thinking about remedial measures when something happens.

        *Image source: Freepik

        #