Cybercrime is rising rapidly.
How easily could you be hacked?
The first time Kevin Nguyen was hacked, he was caught completely off guard. The 30-year-old travel consultant from Austin, Texas considered himself tech-savvy and safe from the nebulous threat of cybercrime. He had even read media reports explaining that a major social media networking site had been hacked without a hint of fear that he was among those compromised. “I was under the assumption that it did not affect me,” Nguyen says.
Then the alerts started trickling in. Someone was trying to access his bank accounts. Within weeks, multiple credit cards were opened in his name.
Nguyen isn’t alone. Cyberattacks are on the rise, affecting people from all walks of life. An analysis of Google data concluded that phishing sites — illegitimate pages designed to look official to steal information from users — increased by more than 350% at the outset of the COVID-19 pandemic. The Federal Trade Commission found that $5.8 billion was lost to fraud in 2021, a 70% increase from the previous year. Similarly, the FBI’s Internet Crime Complaint Center received 847,376 complaints regarding cybercrime in 2021 — a 7% increase from 2020 — with potential losses exceeding $6.9 billion.
“It’s been my observation that far more people are the victims of targeting, and at a much greater scale, than anyone wants to talk about,” says Sean O’Brien, founder of the Privacy Lab at Yale University in New Haven, Connecticut.
As cybercrime increases, demand for better digital security solutions has increased. “Most solutions available in the market today have not been overhauled in more than 30 years,” says Hari Ravichandran, CEO and founder of Aura. “Consumers deserve to have the latest and greatest technology at work to protect them. I started Aura to bring them just that.”
“Spinning up a fake login page is a few commands away for anyone who wishes to learn.”Sean O’Brien, Yale Privacy Lab
Real-life stories of being hacked, like those told here, have spurred Aura to design digital protection tools — from a secure password manager that automatically updates compromised passwords, to a one-tap credit lock and dark web scans — that can prevent such invasions from occurring.
Proactive online safety tools would have made all the difference for Nguyen, whose mental health took a hit after he was hacked. Despite his knowledge about technology, Nguyen was reusing passwords — a practice that more than a third of Americans admit to doing. When hackers discovered his social media login, they gained an entrypoint into his health care and bank accounts.
Nguyen admits that he feared his savings would be accessed by bad actors and drained. When he learned that he had been compromised in an unrelated data breach more recently, he was astonished. “Are you freaking kidding me?” Nguyen thought when the suspicious emails began trickling in once more. “Which company was compromised this time?”
A Bit of Social Engineering
theft were made to
the FTC in 2021.
Commission, 2021)
Corporate security breaches, like those that affected Nguyen, often make the news — but hacking isn’t simply characterized by large-scale data leaks or online stranger danger. Often it involves social engineering — the use of psychological manipulation to influence a person’s behavior.
According to a major data breach investigation’s report from 2021, 85% of data breaches involve an element of social engineering.
Annie Petersen, 41, was browsing social media earlier this year when she spotted a quiz question posted by a colleague in the life-coaching industry. Petersen had been in touch with the colleague recently: She had messaged Petersen about her foray into cryptocurrency, a conversation that Petersen found surprising but not alarming.
Things took a turn after Petersen answered the quiz for fun. The colleague insisted on sending her a monetary reward for choosing the correct answer, eventually convincing Petersen that she had to change her social media settings to receive it.
What Petersen didn’t know was that her colleague had been hacked, and the hacker had been impersonating her. Before she knew it, the hacker locked Petersen out of her social media account. “It seemed a little off,” Petersen says. “But I didn't stop because I was putting my trust in somebody that I thought I knew.”
“Getting locked out of your social media could seem like just an inconvenience, but it could have major consequences,” says Ravichandran of Aura. “The hacker could persuade your friends on social media to provide them with information that could be used to access their accounts or use your password to access your financial information. There is a blast radius with these sorts of things that often isn’t considered. We created Aura so that people can finally keep up with the cybercriminals for the first time in history.”
“Cybercriminals use principles of persuasion to convince people to do things that maybe they shouldn’t do.”Rachel Tobac, CEO of SocialProof Security
And it’s not an unusual scenario. “The majority of hacks start with a human element,” says Rachel Tobac, CEO of SocialProof Security, a white hat hacking firm based in San Francisco. “Cybercriminals use principles of persuasion to convince people to do things that maybe they shouldn’t do, like click on a link, give out their password over the phone, or tell me what their mother’s maiden name is.”
Petersen eventually regained full access to her account after escalating the issue with an acquaintance employed at the social media platform — but explains that she felt humiliated by the whole affair. “I was embarrassed in all of this because I have a master’s in business continuity, security and risk management and am a former news producer,” Petersen says. “I ignored a part of my intuition.”
The experience made her recall her father getting hacked several years ago. Richard Petersen, 81, had owned a portfolio of domain names since the 1990s. When he called an international technical support company for help with an email problem — a service he had previously used successfully — he allowed a staffer to access his laptop remotely. The staffer stole sensitive information from his machine, leading to the loss of lucrative domains.
Richard was able to recover several domain names with the help of an international organization that manages domain registrations, but likened the experience to a home invasion. “It’s kind of devastating,” he says. “Just the psychological aspect of knowing that someone was in your house.”
Nonetheless, the Petersen family understands that others share similar experiences. “I don’t think it’s unusual for a family of three to have had two hacks,” the elder Petersen says. “There are more and more effective ways to do it.”
Family Ties
using the same password for most or all of their online accounts.
Like the Petersens, entire households are increasingly impacted by the looming specter of cybercrime. A recent report found that 1.25 million children in the U.S. fell victim to identity theft and fraud in 2021, costing affected families an average of $1,100. The same report revealed that 70% of child identity theft and fraud victims know their perpetrators.
Ray Ansari, a 42-year-old entrepreneur based in Alexandria, Virginia, experienced identity theft at the hands of a family member. The relative used Ansari’s Social Security number to apply for several credit cards, racking up more than $40,000 in charges.
Ansari opted against pressing charges and worked hard to pay off the debt — but the experience had a lasting impact on his approach to digital safety. He monitors his credit cards and credit history regularly, mindful of the ubiquity of fraud. Now, as the CEO of CCTV Camera World, a small business that sells security cameras, he finds himself encountering orders made with stolen credit cards on a regular basis. “Fraudulent sales are everywhere, people are filing chargebacks, someone is losing money just like I did before,” he says.
At home, Ansari keeps a watchful eye on his three young daughters, who use cloud-based educational products at their elementary school. “I had a good talk with my kids about password security about a month ago,” Ansari says, after learning that his 8-year-old had shared her password with her best friend. “I want to protect my kids because everything has this balance of being digitally and physically present now.”
Ansari has a point: Americans are spending more and more of their lives online, or digitally connected in some way. “We really need to stop thinking about the Internet as a different plane of existence,” O’Brien of Yale says.
Fighting an Amorphous Threat
Despite the prevalence of cybercrime, protecting oneself and one’s family from the shadowy threat of digital attacks can feel overwhelming, even futile. Nguyen of Austin, who now uses various password managers and two-factor authentication, describes the process as a nuisance. For others, it’s far too easy to yield to apathy and optimism bias — the perception that “it won’t happen to me.”
“Anyone can get tricked,” says Tobac, the white hat hacker. “What we need to make sure people understand is that it's also easy to protect yourself.” Tobac’s advice is to keep your machines updated, to use more than one communication method to verify who you’re talking to — and to remove yourself from data brokerage databases by employing tools like Aura.
“Email and text message phishing are still primary attack vectors, with growing success now that the pandemic has broken down the walls of work-from-home and bring-your-own-device culture.”Sean O’Brien, Yale Privacy Lab
Aura offers a full suite of easy-to-use online safety tools — from identity theft protection to VPN — all designed to proactively protect users from digital threats. Real-time alerts notify users of suspicious activities, like credit cards being opened in their names or personal information appearing on the dark web, and families can safeguard their online activities with a plan that covers up to five people.
As the experiences of Nguyen, Ansari and the Petersens demonstrate, cybercrime comes in varying shapes. Aura’s Labs division works to ensure that security is personalized to each user, employing AI and machine learning to help detect emerging threats. Best of all, every feature is accessible in one place, making the digital security process a no-brainer for users.
“We will all eventually get hacked or be part of a data breach,” Nguyen says, reflecting on his experiences. “It's the proactive steps you take beforehand that will determine how much of a nuisance they will be.”
Illustrations by Moritz Wienert