How cyber criminals are using social media to hack into bank accounts

Concern: Michael Gubbins of the Garda Cyber Crime Bureau at Information Sec. Photo: Kyran O'Brien

Gavin McLoughlin

Criminals are using social media to check when customers are contacting banks about problems, and then posing as the bank in order to hack people's data.

That's according to the head of the Garda National Cyber Crime Bureau, who said gardaí have had multiple incidents of this activity reported to them.

Det Supt Michael Gubbins said cyber crimes will become increasingly stealthy and hard to detect in the coming years.

One example could be the increasing use of so-called fileless malware, where malware doesn't sit on a computer's hard drive but in its RAM, a temporary storage part of the computer where the malware is harder to detect.

But social engineering - using manipulation and deception in order to obtain the information being sought, like the example of calling people who have been interacting with banks online -remains "at the very top" of potential threats, he said.

He said businesses need to educate their employees to be conscious of cyber security best practice.

"You've got to let them know what's happening out's not all about technology or having the best IT equipment, because it doesn't capture everything," he said. "Co-operation among all relevant actors is key."

Det Supt Gubbins was speaking at Dublin Information Sec 2018, a cyber security event organised by Independent News & Media, the publisher of this newspaper.

The increasing usage of cryptocurrencies like Bitcoin has seen new types of cyber crime emerge, Det Supt Gubbins said, with users of the currencies being targeted by hackers attempting to steal the digital currency.

So-called "crypto-jacking" has also emerged, whereby hackers infiltrate a computer and use it to engage in the resource-intensive process by which a Bitcoin is created, known as "mining".

Other common attacks include ransomware - for example where a computer is locked by a hacker who demands a payment in order to allow a user to regain access.

Det Supt Gubbins said this has become less common in recent years as people had become more savvy in terms of preventing it.

He also urged attendees to make sure to stress-test their cyber-security systems in the same way as they would carry out a fire drill.