Do not be embarrassed to make a report after a hack

Victims of a hack often think that it was their own fault. They are too embarrassed to report the hack to the police. But reporting an incident can prevent the cybercriminal from attacking other victims.

According to a survey by I&O Research (in Dutch), 60% of cybercrime victims are embarrassed to admit they clicked on a harmful link in a phishing mail. Digital security specialists say that we have to stop feeling embarrassed. In November 2022, they named ‘cybershame’ as the cyberword of the year (in Dutch). Two experts talk about cybershame. What is it, and how can you overcome it? They also tell why it is useful to report a cyberincident.

Always report it to the police

Entrepreneurs do not always report attacks to the police, says Gina Doekhie. She is a detective in The Hague’s police Cybercrime Team. “Always report attacks to the police. If you do not report it, then nothing will happen.” The police cannot do their job if they do not have enough information. “The more information we have, the more patterns we can recognise. That makes it easier to find the criminals.”

You should also report attacks to Fraud Help Desk. They can then warn other entrepreneurs and consumers. It is also possible to report attacks anonymously via Meld Misdaad Anoniem (in Dutch).

There is a good chance that you will fall into a cybercriminal’s trap.

Smart cybercriminals

“Cybercriminals are smart. They will do everything they can to steal from your company. So there is a good chance that you will fall into their trap. Because they play with your emotions”, explains Lynn Jansen. She is a social psychologist, and often deals with victims of cybercrime. Cybercriminals take advantage of your emotions:

Greed

You get an email offering a large cash prize or a good job. The cybercriminal will use words like ‘unique’ or ‘last chance’, to make you want the offer even more, so that you click on the harmful link.

Curiosity

‘You will not believe what I found on this website.’ That makes it hard not to click on the link or file.

Urgency

If you are stressed, or do not have much time, you are more sensitive to urgent requests. You are then more likely to click on a link than when you have time to read the whole email. For example, the criminal might write that you only have 3 days to act.

Empathy

‘Other people before you gave hundreds of euros to this charity.’ Cybercriminals often appeal to your empathy, for example by telling a sad story and hoping you will help. And so, you pay.

Fear

‘Your account will be blocked’ prompts fear. If it seems like the message comes from an important organisation, like the Netherlands Tax Administration, people are more likely to click on the link.

Trust

‘Thank you, Mr. De Vries! Kind regards from your colleague at the main office.’ With friendly and personal words, the cybercriminal may try to give you the feeling that you can trust the sender.

Do not let cybercriminals benefit from your cybershame.

Overcome cybershame

“You can overcome cybershame”, Jansen explains. “Because once you understand the cybercriminal’s methods, you know that anyone can become a victim of cybercrime. So there is no need for shame. That makes it easier to ask the police for help.”

The following tips can help you overcome your cybershame.

• If you are an employer, create a safe working environment. “If an employee replies to a phishing mail, you want to know about it right away. Let your employees know that they can report it without guilt or shame. That will help limit the consequences.”
• Do not let cybercriminals benefit from your cybershame. “Prevent the incident from becoming worse. Get rid of your embarrassment, report it to the police and help limit the number of victims.”
• Let other people know you have been a victim of a cybercriminal. “If you admit that something has gone wrong, outsiders will be more likely to understand the situation (in Dutch).”

Reporting helps limit the damage

Not reporting a cyberincident, or reporting it too late, can lead to even more damage. For example: a hack with ransomware spreading through your computer system. If you wait too long, the harmful software can shut down your whole company for a while. In fact, waiting too long or not reporting a data breach that makes customer data public is even punishable by law. You are required to report the breach to the Dutch Data Protection Authority (AP) (in Dutch) within 72 hours. Otherwise, you risk a fine.