There are many more of them than stated in the Authorities cyber attacks, according to analysts. According to a recent study by Surfshark, in 2022, 54 people per 1 million people were victims of cybercrime in Greece, which puts our country in sixth place in the world. The first five places in the ranking are occupied by the UK with 4371 victims per 1 million Internet users, the USA (with 1612 victims), Canada, Australia and South Africa. France, Germany, Mexico and Spain round out the top ten.

However, the problem may be much larger, as in some cases the victims do not report incidents to the authorities.

“There is the question of how and what we measure. That is, it is possible that some people have become victims of cyber attacks, the consequences of which are not immediately visible, especially if they do not have an anti-virus program. This is perhaps more common among users of older age groups, ”said Triantafyllos Akis Karathrantos, an international expert specializing in European security and emerging threats.

In addition, the most common cases where victims, especially if they are adult males, do not go to the authorities include posting their personal photos or videos online without their consent.

It is significant that, according to a recent survey by Metron Analysis, 1 in 10 Internet users have become victims of cybercrime, almost everyone has “heard” of the General Directorate for Combating Electronic Crime, but only 1 in 10 turned to him for Internet security issues. In fact, the percentage of those who fell victim to cybercrime and turned to the special department of the Greek police does not exceed 35%. According to the same survey, 1 in 10 went elsewhere for online security issues, as did 3 in 10 cybercrime victims. Friends and relatives are the first people contacted by 25% of victims of cyberattacks.

Critical Infrastructures

At the same time, critical infrastructure is a key target for cybercriminals.

“We are in a period when the West and many European countries are in confrontation with Russia, which also uses disinformation as a weapon. It also shows the need to protect critical facilities and infrastructures, such as a large telecommunications network, citizens’ tax data, ministries, energy facilities, etc. However, Greece, especially after 2020, has advanced in creating the necessary cybersecurity structures, while educating citizens also plays a decisive role,” says Mr. Karathrantos.

As George Douglas, chief operating officer of cybersecurity firm George Douglas, noted at a recent Delphi forum, the proceeds from cybercrime have surpassed those from drugs. “All economic activity is now being digitized. Security must be taken into account from the very beginning, because otherwise we will face surprises,” he said.

At the same time, cyberattacks pose the biggest risk for Greek business leaders, according to an earlier survey of 30 large Greek companies by consulting firm EY. Not unfair. According to the annual report of the American technology company IBM, last year internationally the average cost of a data breach incident for companies operating in critical sectors (energy, transport, communications, etc.) was approximately 4 million euros, which is an increase by 12.7% compared to 2020. Total losses are estimated to increase from 8 trillion. euro to 22 trillion. euro until 2027.

In addition, the time required for a cyberattack has been drastically reduced. “While in the past it took about 60 days to organize and execute a cyberattack, today it takes only four days,” said C. Bob Kalka, IBM’s vice president of security.

The ten most common digital tricks:

• Phishing emails. The goal is to trick the recipient into revealing personal and financial information or security codes. These types of messages are very similar to those that banks send to their customers, with the same logo, features, and style as real emails.
• Fake messages on mobile (smishing). The recipient is prompted to click on an email link to confirm, update or reactivate their account. However, the link leads to a fake website through which the attackers gain control of the mobile phone.
• Approach by phone (vishing) of the victim. Combined with the introduction of social engineering, the victim is persuaded to reveal personal information, security codes or pin codes, or even transfer money to scammers.
• A SIM replacement technique whose “secret of success” is based on the fact that the use of a mobile phone number is one of the most basic elements of a subscriber’s identification or transaction. Attackers impersonate the owner of a SIM card in order to deceive providers and obtain a new card that replaces the card of the rightful owner. As soon as they activate the new card, the old one is deactivated. As a result, all services (calls, SMS, Internet access) are sent to the offender’s device.
• Online shopping and great deals with no real effect. Fake contests for gift certificates from retail chains also fall into this category. The victim is asked to enter their phone number and other personal information.
• High-yield investment scams bring in perhaps the biggest loot. Criminals typically use tools and software that allow them to spoof their phone numbers (“fake caller ID”), present fake websites as real, and create fake documents. They promise their victims that with a very small initial capital, usually 250 euros, they will be able to earn a lot by investing in financial products.
• Online Date. Scammers, having gained the trust of the interlocutor, ask for and usually receive private photos or videos, and then blackmail them, demanding money so that they are not put on public display.
• Payment of bills and documents. According to Europol, the company is approached by email, phone, etc. by someone claiming to represent the receiving supplier. The scammer requests that the information for future account payments (i.e. the payee’s bank account details) be changed, thereby guaranteeing ownership of the proposed account.
• Sending a corporate email to a company employee authorized to make payments. A scammer who knows the internal structure of the company poses as a high-ranking executive (eg CFO) and urgently demands the payment of an invoice, often citing a “delicate” business situation (eg tax audit). Often a redemption request concerns making payments to banks outside of Europe.
• “Golden Legacy” In “419 scams” or “Nigerian scams” as they are called, messages are sent to random Internet users informing them that the owner of a large fortune has died. And, either there is no heir and the recipient of the message is chosen as the heir, or in order for the property to be released, it must be transferred to a foreign bank account. Thus, the recipient is informed that if he makes his account available (and sends his bank account details), he will receive a percentage of this property. Accordingly, people from Nigeria are looking for partners to transfer their funds and promise high commissions.