2025-06-21 –, Track 2 (Moody Rm. 101)
Every Thursday, thousands of people flock to X, Instagram, and TikTok to post old photos and their favorite memories as part of #ThrowbackThursday. Not to be outdone, Cybercriminals are doing the same thing. Last year, most vulnerabilities exploited by criminals were from 2020 or earlier, and the most common online scams were repeats of previous years. So, why are criminals using these legacy vulnerabilities and well-known scams? Because they work.
Earlier this year, the FBI and CISA issued a joint advisory about Ghost Ransomware attacks that are targeting critical infrastructure, including schools and hospitals, by using older known vulnerabilities, with some as far back as 2010. But this isn’t a new phenomenon. Last year, the majority of vulnerabilities exploited by cyber criminals were from 2020 or earlier, with some even going as far back as the late 1990s. While most of the recent headlines are focused on how AI is changing how criminals target victims, online scammers are often using unsophisticated older scams. The FTC and DOT both issued advisories in January and April of this year about “unpaid tolls” text scams. While this scam has been labeled as “new”, the unpaid toll fraud was consistently highlighted by the FTC as one of the common smishing attacks for multiple years.
This begs the question – why are criminals using these legacy vulnerabilities and well-known scams? Because they work. This presentation will explore how attackers are using throwback exploits and scams to target us by highlighting a few examples pulled from the headlines. Before outlining why these tools are still effective, along the way, we will discuss common pitfalls with patching systems and the social psychology of scams. Then, we will explore what we can do to bring our cybersecurity into the modern day.
Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy, one of Oklahoma’s largest and oldest firms. At Crowe & Dunlevy, Anthony serves as founder and chair of the firm’s Cybersecurity and Data Privacy Practice Group. His legal practice focuses on data privacy compliance, regulatory enforcement and permitting, and other “bet-the-company” suits in the areas of data security, privacy, and other complex business litigation. Anthony is an adjunct professor who teaches Cybersecurity Law and Information Privacy courses at Oklahoma City University School of Law. He also hosts “Nothing About You Says Computer Technology,” a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices. To learn more about Anthony’s current projects, upcoming speaking events or listen to the latest episodes of his podcast, visit www.anthonyjhendricks.com