Why cybercrime spikes in times of global crisis

• An article by Leonardas Marozas, Security Research Lab Manager, CUJO AI. This article is part of Centre for Cybersecurity of World Economic Forum

• Over 65% of home networks attempt to open at least a single malicious website a month, and in times of crises these websites spring up rapidly.

• Americans lost over $10 billion to online scams in 2022.

• Artificial Intelligence can be used to quickly identify scam and fraudulent website — but boosting digital literacy is key, too.

Major events like the COVID-19 pandemic, wars and climate change events are often used opportunistically by cyber criminals, who exploit the spectacle to defraud well-intentioned people.

These malicious actors target crises by claiming to act on behalf of the victims or charitable organizations to attract donations. This type of fraud, phishing — or social engineering — is becoming one of the most impactful types of online crime.

The Federal Trade Commission in the US assessed that consumers reported losing nearly $8.8 billion to fraud in 2022, an increase of more than 30% on the previous year. The FBI has also stated that Americans had lost even more — over $10 billion — to online scams.

The creation of phishing websites in times of crisis could be a precursor to more coordinated, large-scale cyber-attacks, the spread of misinformation and the destabilization of the social and political environment.

This phenomenon is not just a cybersecurity issue. It's a global economic and social threat. Malicious actors are undermining trust in digital platforms, exploiting human empathy and diverting funds from legitimate causes, thereby impacting global stability and prosperity.

How fraudsters exploit crises

Take, for example, the October 7th attacks by Hamas on Israel. CUJO AI observed a spike in opportunistic activity.

CUJO AI observed a three-fold increase in traffic to sites claiming to organize aid for Israel or Palestine. This increase was not short-lived — visits to such sites remained at a new, higher baseline at least until the end of the month. While such a surge in traffic is understandable under the circumstances, a closer look at the websites that were being visited to gauge the scale of potentially malicious activities revealed a darker side to that spike in traffic.

Over a third of all websites related to the conflict were created after the attack. While some of these sites were legitimate, a significant number of them tried to garner support and attract donations in a suspicious manner. Some were claiming to sell T-shirts. Others only accepted payment via cryptocurrency.

This is not unique to the Israel-Hamas war. Whenever a major news story breaks, users go online to get as much information as they can — the demand side of the equation is important. This latest instance showed how rapidly the supply side — new websites — pop up to satisfy the demand. When analyzed by CUJO AI just a few weeks later, many of these websites were already unavailable and redirected visitors to other sites that had nothing to do with the conflict. It is thus safe to assume that the scale of suspicious activity was even larger, and that malicious actors jumped at the opportunity to defraud people, then disappeared just days after the start of the conflict.

Some suspicious websites were created by using website design tools that claim to allow a user to publish a website in minutes. A closer review suggests that creators of some of those new websites did not have even those few minutes to spare, as the sites were left half-built and unfinished.

How AI could counter cybercrime

Artificial Intelligence could shine when countering this kind of fraud. It is the only cybersecurity method that can analyze, detect and prevent phishing and other fraudulent activity as soon as possible. Traditional threat intelligence databases are usually not updated with enough speed to protect users in time, creating a vital gap for malicious actors. Since modern tools allow people to create new websites very quickly, cybersecurity solutions have to be ready for waves of previously unseen and potentially malicious sites.

In addition to major global events and crises, malicious websites, including phishing attacks, affect two-thirds of all households, according to the latest cybersecurity report by CUJO AI.

On an average month, over 65% of home networks attempt to open at least a single malicious website. These threats are so widespread, that they make up over 97% of all threats to mobile devices, which otherwise employ solid cybersecurity measures, unlike most Internet of things devices.

Digital literacy: The first line of defence

While AI algorithms can help close the gap left by traditional security measures, malicious actors always find a way to slip through, especially on social media networks or private messaging platforms. Phishing attacks rely on time pressure. They try to garner a fast response from the victim and might not always employ a website.

Therefore, building a higher level of digital literacy and awareness is essential to stopping the massive growth of financial and societal impacts of untrustworthy or outright malicious online actors.

As we consider the wider implications of automatically generated online content, we have to make sure that our collective resilience to malicious activities keeps pace with both opportunistic and coordinated attacks, ranging from outright lies to financial fraud. Doing so would protect the livelihoods of individuals and families all over the world.