About 25 years ago, a good friend of mine told me the following story.

His mother (let’s call her Anne) had recently married a wonderful man (let’s call him John). John was recently retired from a long consulting career. He had a great house on a marina that came along with a boat. Sailing was his passion.

John was careful with his money. He wasn’t a risk-taker. He had diligently saved for his retirement and was set. After getting married, John felt like he didn’t have enough money saved up – he wanted to take his wife travelling around the world – to buy more luxurious things than he could afford on his retirement pension/investments.

One day John gets an email. It was a stranger in distress. He had heard John was a man of integrity and urgently needed his help. In return for his assistance, he would reward John with a significant amount of money. John thought this could be the answer to his money problems and figured there was no harm in replying to the email to learn about the proposal – it was not like he was getting asked for any money. John wasn’t prepared for what happened next. Cybercriminals launched an array of psychological techniques on John. They used them to persuade John to send them money. It started with him sending small amounts that gradually increased to much larger sums. They didn’t stop attacking him until John had no more money to give. He had maxed out his borrowing from banks and ran out of savings. He went bankrupt in the end; his dreams of a comfortable retirement shattered.

This story has stuck with me. I often wondered how someone so careful and risk adverse could fall for, what appears to me and many others, an obvious scam. How could this have happened to John?

In my career, I have been examining this question. I have witnessed many smart and intelligent people at the companies I have worked with fall victim to cybercriminals – both at work and outside the workplace. The financial losses for businesses and individuals are staggering – billions and billions are being funnelled to cybercriminals and it’s increasing. It is clear individuals and businesses are not well enough prepared.

I began asking myself if there is another way of looking at this. I looked closer at the cybersecurity programs I was running. I found, over the years, that one of the best ways to improve cybersecurity for companies was to make it personal for employees – in other words, get them to care about their own cybersecurity practices to protect themselves, their families and their employer.

The psychological techniques cybercriminals use are always about manipulating the individual – regardless of whether the individual is at work or at home. When I looked closer at the psychological methods used against John, I found the same underlying techniques that are used over and over again in other types of cybercrime. I believe understanding these techniques is key to combating cybercriminals and is why I wrote this book.

I am optimistic about the future. I believe that once people begin to realise that the underlying techniques used by cybercriminals are nothing new, they will learn to recognise new attacks for what they are – regardless of how the attacks come.

WHAT WILL THIS BOOK DO FOR ME?

You are likely reading this because you’re hoping this book will help you to avoid becoming a cybercrime victim, either at work or on a personal level. Yes, it will, for most types of cybercrime, but as you will discover reading this book, you can become a victim of cybercrime sometimes through no fault of your own. What do you do then? How do you respond to situations like these? Or better yet, prepare for them to lessen the impact if it happens? This book will help to answer these questions and many more. It will help you to avoid becoming a victim, and prepare you to respond to it in the best way possible if you do.

Cybercrime is a broad topic. This book isn’t an attempt to cover all types of cybercrime. It will cover the two types that make up most of it and are causing most of the substantial financial losses seen today for individuals and businesses: cyber fraud and cyber extortion. There are four categories of cyber fraud (impersonation fraud, advance-fee fraud, investment fraud, identity theft) and two categories of cyber extortion (cyber extortion and sextortion). One caveat – the chapters are not standalone. The cybercriminal attack methods and defences described in one chapter can be relevant for other chapters. They intermix. The psychological methods used in one can likewise carry over to another. Cybercriminals do not stop with one attack; for example, they may easily start with an advance-fee fraud that moves towards a cyber extortion attack. Cybercriminals often do not stop harassing the victim until the victim says no or runs out of money.

Each chapter will cover key methodologies, attack methods cybercriminals use, advice on how to protect yourself to avoid becoming a victim and what to do if you do find yourself in this situation. Historical examples of the type of fraud or extortion will be shown, explaining and demonstrating how these same methods are still in use today, albeit in a modern context – cyber. Real cases of cybercrime will be reviewed and dissected. Glimpses of how future attacks might look will be shown.

Cybercriminals target everyone. It does not matter if you are at work or at home. They will go after your family, including your children. Reading this book will help you to be prepared for when that occurs.