Cybersecurity found itself firmly in the spotlight this year thanks to Netflix's smash hit documentary The Tinder Swindler.
The documentary on Shimon 'Simon Leviev' Hayut and his romance scams shocked viewers around the world, but it also elicited a wave of misogynistic trolling from all corners of the internet, with some viewers convinced only 'gold diggers' could fall for such a brazen scam.
Advert
Yet women who work in cybersecurity investigate fraudsters like Leviev every day. Despite the fact women are disproportionately targeted by romance con artists, just one fifth of those working in cybersecurity are women according to a Gartner study.
To mark International Women’s Day 2022 and its theme of ‘breaking the bias’, Tyla spoke to two women about why representation in the industry is so important, and some of the mindblowing scams they’ve investigated.
Dr Kiri Addison, 34, Cambridgeshire, UK, head of data science for threat intelligence and overwatch at Mimecast
Advert
Kiri has always loved computers and technology. She got into gaming at a young age and even built her own PCs. “I didn't always know I was going to work in cyber, I just followed the subjects I was good at and enjoyed which was a mix of math, science and electronics,” she tells Tyla.
After finishing university and a PhD in physical chemistry, she began searching for a job in the technology sector and was 'drawn' to fraud and cybersecurity.
With such a large proportion of men working in cybersecurity, Kiri says she is often the only female speaker at the conferences she attends. When it comes to day-to-day work, she rarely gets the opportunity to work with other women directly.
One case Kiri remembers well involved a cyber attacker impersonating a CEO to force employees to send gift cards.
Advert
Leviev famously pressured his victims into sending huge sums of cash through bank loans and pawn schemes, but Kiri says this is not always the case. Requesting gift cards 'in the low thousands' is much more manageable for attackers because 'in comparison to a massive wire transfer request, they are relatively easy to get hold of, have less chance of raising suspicion and are harder to trace'.
In this case, the attacker did just that. They impersonated the CEO and sent employees at the company, which Kiri cannot name, an email asking them to complete an urgent task.
The attacker made the CEO’s name appear as the email sender and included a signature from the CEO. “This is a very common tactic,” Kiri explains. “As this occurred pre-pandemic, everyone was still in the office. In order to minimise suspicion, the attacker wrote in the email that they were stuck in a meeting so were unable to discuss the request face-to-face. This would have blown the attacker's cover.”
Advert
After the employees realised something was amiss and contacted Kiri to get involved, an investigation took place in which she looked for 'general indicators and tactics' the attacker used.
“On this particular day of the cyberattack, the employees were busy and covering for absent staff members which meant that they were preoccupied. This attack involved a lot of social engineering as there was the CEO impersonation, the time pressure and the added sense of urgency that was conveyed by the language the attacker used.”
These three markers of social engineering were also used by Leviev on his victims too. “Another point to highlight is the victim shaming element. We tend to forget that these scammers are professionals, and anyone can fall victim to it. It is worrying that despite the financial loss and psychological trauma caused by these scams, a lot of the victims are reluctant to come forward and speak out because they fear they will be blamed or accused of being too naïve for being targeted by such fraudsters.”
Advert
Kiri wants to see more women working in cybersecurity and believes there is an unconscious bias running through the recruitment process, in which men tend to hire people who represent them - basically, other men.
The best way to break the bias, Kiri says, is to start at school and encourage more girls to follow careers in tech. “The problem can't be fixed solely by the industry, it starts much earlier at home and at school where gender stereotypes are enforced, and women are discouraged from pursuing a path that could lead to a career in cyber.”
Jane Lee, 33, San Francisco, USA, researcher at fraud prevention company Sift
Jane went through phases of aspiring to be a doctor, lawyer or princess as a child but cybersecurity is ultimately what she ended up doing. “Secretly I’ve always wanted to be a detective," she tells Tyla. "As a child, I watched every single crime show on television, and was fascinated at how investigators were able to piece different pieces of information together to bring criminals to justice.”
A lot of the same principles go into Jane’s job in cybersecurity. “I am deeply passionate about protecting people and businesses from crime, and I get to do that everyday in my current role helping online businesses fight back against bad actors trying to steal from them and their customers. The work is challenging because we are in an adversarial space, but also incredibly rewarding when you know that you’re helping others.”
Jane recently found a new type of romance scam called “pig butchering”. The term itself was coined by scammers and translated from Chinese.
Jane explains: “They refer to their victims as pigs which they are plumping up and preparing for slaughter. It is completely morbid.”
It combines romance scams with cryptocurrency and has 'surged' in popularity in recent years. “In the same way we insist people understand financial instruments like credit cards and the stock market before they jump in, we should be doing the same with cryptocurrencies," Jane warns.
The criminals behind this con spend months gaining the trust of online daters using romance and the potential of cash windfalls to swindle victims out of their savings by asking them to buy cryptocurrency on legitimate websites like Coinbase or Cypto.com before the scammer ultimately takes their money.
Part of Jane’s job is to research new and emerging types of scams and fraud attacks. “As a dating app user, I quickly recognised what I was seeing, and realised that it was an incredibly prevalent problem. I rolled up my sleeves and went undercover to understand the inner workings of what was going on.”
While Jane cannot go into specifics on any particular case, she has seen victims losing up to $300,000 USD (£225,646.50) to pig butchering. She's still investigating the people behind this emerging scam.
“From my research, it seems that women have been the primary targets, however, I have also started hearing stories of men who have fallen victim.
“I believe this scam has been so successful against women because the conversation around crypto is currently dominated by men. This is why representation matters. It’s important for people to see others like them represented in the crypto space, so that they feel empowered to speak up and do something.”
Like Kiri, Jane says women are 'definitely underrepresented' in the industry and there’s still 'a lot of work to be done'. With the theme being ‘breaking the bias’ this year, Jane hopes that the industry will do more to avoid women becoming 'tokenized'.
She said: “The industry should be more intentional about involving women in a meaningful way; not just to check a box for a diversity metric. Women are smart, strong and empathetic, and deserve chances because they are capable.
“A few ways I overcome gender biases is by pointing it out when I see them, using effective communication tools I’ve learned, and challenging others to think of tangible actions they can take to confront their own biases.”
For for information about International Women's Day, visit www.internationalwomensday.com.
Topics: Technology, Life