Cybercrime outlook 2023: It’s all about the economy

Who likes inflation, rising interest rates, layoffs and soaring gas and food prices? Cybercriminals. And because these struggles will likely continue impacting the economy in 2023, these online scammers should be happy, and wealthier, next year as they con unsuspecting people seeking financial relief.

Economic challenges cause many to change their daily behavior. Some will seek financial assistance from the government. Others will try to land side hustles to pad their bank accounts, while still others will be desperate enough to hope that surprise lottery "winnings" are real.

This creates the perfect environment for scammers, who can use texts, emails, and phone calls to trick desperate victims into surrendering their personal information, emptying their bank accounts, or spending big money for services or lottery winnings that never come.   

It's the economy, then, that will have the greatest impact on the spread of cybercrime in 2023. Here are our predictions for why. 

1. Economic trouble could lead to more scammers trying to earn money – and more victims desperate to save.    

As inflation and interest rates continue to rise, consumers will struggle to keep their bank accounts full. Consumers are spending more at the pump and at the grocery store. Borrowing money to pay for cars and homes is getting more expensive thanks to soaring interest rates. These are difficult times for many.   

Scammers know this. They also know that consumers are at their most vulnerable when they are worried about their financial health.

Expect a rise in several financial-based scams:  

1. Assistance scams: Cybercriminals will reach out to consumers by text, phone, or email to inform them of fake government assistance programs. These messages might claim that consumers can qualify for reduced electric or heating bills or that they are eligible for low-cost government meals and utility subsidies. All the recipients of these messages must do is click on a link, send a small payment, or make a phone call.  

This is all a scam, though. Consumers might click on a link that takes them to an online form. To qualify for government assistance, victims must provide personal information such as their name, birthdate, and address on the form. When they click "Submit,” though, their personal information is sent to a criminal.   

That criminal can then use this information to take out loans or credit cards in the victim’s names. They might use it to access their online bank and credit card accounts. They might sell the information on the Dark Web to the highest bidder.

2. Shopping deals: Scammers will send victims messages promoting low-cost clothing, electronics or groceries. They'll set up fake e-shops promoting brand-name items at bargain prices. Again, though, these deals are a scam. The fraudsters behind them will try to steal victims' personal information or convince them to send online payments for bargain products that aren't real. Once consumers send their payments? The entrepreneurs behind these deals and e-shops disappear.

3. A bit of romance? When the economy suffers, people may also be impacted emotionally. Whether they are struggling from recently losing their job or overall despair from financial instability, some might also be suffering from a bout of low self-esteem. This makes them especially vulnerable to online romance scams.

In these scams, criminals strike up a relationship with victims online, sending emails, communicating in chat rooms and buzzing their victims' phones with amorous texts. After building up trust, the scammers, after promising to soon meet their victims in person, ask for money or ask for you to help move money around.

As scammers and consumers get more desperate to pay their bills, we expect to see an increase in scams, and an increase in people falling victim to those scams. So stay alert as you navigate online.

2. Companies trying to cut costs could lead to more breaches caused by chaos and sabotage, which can trickle down to making consumers vulnerable. 

The economy's troubles will impact companies in 2023 as well. We have already seen many technology companies reducing and reorganizing staff, and it is likely to continue into next year. And when companies are operating with smaller staff and the people are taking on new responsibilities, you can expect that some companies will become more vulnerable to data breaches, ransomware attacks, and other cybercrimes, because of the changes. 

Why? With fewer staffers looking for the signs of phishing scams, data leaks and viruses, it’s likely more will slip through. Don't be surprised by headlines announcing big data breaches or record-setting ransomware payments in 2023.

Then there is the issue of disgruntled former employees. Some of those fired staffers might go rogue and try to infect the computers of their former employers with dangerous viruses. Yes, these former employees are taking a risk by participating in illegal activities. But some might be so angry about being fired that they're willing to take on some risk for the prospect of a revenge cyberattack.  

3. With more advanced and open generative AI frameworks available, more scammers could start to use these technologies in high-touch interactions such as romance scams.  

Last year, we predicted that criminals would take advantage of improving AI technology to boost the effectiveness of their scams. That prediction turned out to be accurate. And next year? Expect scammers to continue to wield AI in their crimes as this technology becomes even more accessible and easier to use.

Programs such as Dall-E, Midjourney, and Stable Diffusion allow users to create images by describing a picture. These models will create several versions of the images that users describe. This technology can be a powerful tool when wielded by cybercriminals. 

Consider the romance scam we described above. Con artists can use these AI tools to create images of the person they are pretending to be and even place them near specific geographic landmarks to add some veracity to their fake personas. It's a way to add more depth to an old scam and to more easily persuade a victim to send cash or provide their credit card information.

The above images are machine generated based on the text prompt “an instagram photo of a middle aged man sailing on his yacht in the mediterranean sea.”

We could also take just the third man’s face and move it into the context of “a man in sunglasses throwing a frisbee on Mount Everest.” While not perfect, it only took a few seconds to create.  With a little effort you could do better.  And with the underlying model and some understanding of how it all works - an expert could do much better with no limitations on the output. 

And what happens when language and video AI models become even better, allowing users to imitate real people in real time? Scammers can pretend to be anyone—all to get you to surrender your financial and personal information.

Con artists created a deepfake interview of billionaire Elon Musk promoting cryptocurrencies. Others created a deepfake video of an executive with cryptocurrency firm Binance. The goal was to trick victims into thinking they were meeting with a real Binance official about opportunities to have their cryptocurrencies listed on the company’s platform.

4. Weaker versions of 2FA could be exploited, leading to breaches in companies, which can lead to more consumer information exposure.

Criminals are devising attacks meant to breach standard multi-factor authentication technology. Despite this, we still don't see many companies adopting stronger two-factor authentication (2FA) practices for either customers or employees in 2023, which can impact consumers.

That's a problem. Companies that continue to use weak 2FA are inadvertently leaving the door open for cybercriminals to steal important credentials. That can lead to serious data breaches and cybercrimes.

The key is for companies to turn to what are known as unphishable factors when setting up their 2FA systems. Unphishable factors are those that criminals can't trick employees into providing. They include such factors as biometrics, device-level security checks, hardware security keys, and cryptographic security keys. Over time, companies will start to deploy these more secure authentication technologies, but it won’t happen anytime soon.  

Unfortunately, too many companies rely on phishable factors, those that are easier for criminals to intercept. These phishable factors include passwords, security questions, SMS text messages, and time-based one-time passwords. All of these can be intercepted and used to authenticate.

Consumers can help protect themselves from these types of cyberthreats. Make sure your password is unique and avoid using the same one across different accounts.

The Final Word 

Challenging economic times make people desperate, often desperate enough to fall for different types of scams. Stay alert this year while living your digital life, because scammers are always finding new ways to trick unsuspecting victims—especially when they are most vulnerable. Remember, if something seems too good to be true online, it probably is.