Cyberattacks Are Targeting Immigrants

Cyberattacks are becoming more frequent — and many are singling out underrepresented populations. Research shows threat actors are more likely to target immigrants than some other demographics. Many experts agree these cases are underreported.

Threat actors are increasingly taking advantage of vulnerable immigrant populations by pretending to be a consulate or law enforcement agency. While they prefer phishing and social engineering techniques, other cyberattack types aren’t uncommon. 

Unfortunately, cyber attackers often prey on people’s hope for a better life. For example, the United States Embassy in London has received thousands of reports of scams related to the Diversity Visa program — better known as the Visa Lottery — where people were told they “won” a green card. No matter where someone is in the immigration process, they’re more vulnerable to attacks. 

Why Are Immigrants More Likely to Become Victims?

When most people get a call about their car’s extended warranty or receive a threatening email demanding payment in the face of jail time, they know to hang up. Unless threat actors have personal details, phishing, social engineering and account takeover attacks often fall through. 

Most immigrants share one trait — their immigration status. Cyber attackers prey on their fear of being deported to scare them into handing over money or data. Even those who are in the country legally are vulnerable because they have much to lose.

According to the Congressional Budget Office, over 44.7 million immigrants were living in the U.S. in 2021. They account for 15.5% of the country’s population, making them a specific yet large target.

Here are some of the reasons immigrants are vulnerable to cyberattacks:

  • Unfamiliar with English: Research from 2018 shows only 53% of U.S. immigrants speak English proficiently. If someone can only somewhat understand a message in English from a cyber attacker, they likely won’t pick up on the small signs that indicate it’s a scam.
  • Lack of resources: Since U.S. green cards are only valid for 10 years, many immigrants fear legal or financial trouble will jeopardize their immigration status. Cyber attackers know this and target them more often because of it.
  • Threatened immigration status: The Congressional Budget Office states roughly 25% of immigrants are in the U.S. illegally. If someone without legal residency experiences a devastating cyber attack, they may fear reaching out for help because of their status.
  • Unfamiliar with the law: Cybercriminals often pose as customs or law enforcement, using confusing legal terms to scare and confuse. Most immigrants aren’t familiar with the intricacies of foreign legal processes, so they fall for the trick.

Attackers will use any advantage they can to prey on their unsuspecting victims. They often use scare tactics and stress urgency to make immigrants feel desperate and compliant.

How Immigrants Can Identify Potential Cyberattacks

Immigrants can protect themselves from targeted cyberattacks if they know how to identify them. The main sign is usually odd behavior. U.S. agencies handling immigration status will never contact someone to make threats, ask for bank transfers or urge immediate action. Instead, they’ll go through formal legal channels.

Immigrants should also become aware of common scam signs. Every cyberattack has unique indicators. For example, a message from a suspicious sender containing a link could be a phishing scam — especially if the message contains misspelled words, formatting issues or false information.

How Immigrants Can Defend Themselves Against Cyberattacks

Immigrants are more likely to be targeted by cyber threats, but they can protect themselves with various techniques.

  1. Avoid Clicking on Suspicious Links

Phishing is one of the most common cyber attacks targeting immigrants because it is often successful. In fact, 95% of cybersecurity incidents happen because someone uses a malicious link.

Recipients should make it a habit to never click on links or attachments in emails without verifying their source. Even if a message doesn’t come from a suspicious source, they should read through the contents of the email thoroughly to ensure the sender wasn’t hacked.

  1. Use Modern Translation Technology

Most immigrants in the U.S. don’t speak English as their first language, so learning legal terminology is often out of the question. Fortunately, immigrants can use tools to translate text into something they can understand. This way, they can understand exactly what a message means.

  1. Secure Online Accounts 

Immigrants should secure their online accounts to protect their personal information. When creating passwords, the U.S. National Institute of Standards and Technology recommends using as many characters as possible to defend against brute-force attacks. Signing up for access attempt alerts is also helpful, so users always know when someone has tried to get into their accounts.

  1. Use Proven Authorization Tools

Tools like multi-factor authentication protect online accounts even when an attacker has the login credentials. Biometrics and one-time passcodes are also good backups. These technologies protect users from brute-force and account takeover attacks. 

Immigrants Can Protect Themselves From Digital Threats

No one has to be a cybersecurity expert to defend themselves against threat actors. Using authentication tools, leveraging modern technology and gaining awareness of common attack methods is enough to protect most people.

As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.