Who Do You Call When You're the Victim of a Cybercrime?

This article originally appeared in Future Tense, a collaboration among Arizona State University, New America, and Slate.

When something went wrong with my grandmother’s computer, she would call me, the granddaughter who studies cybersecurity. I would try to walk her through fixing whatever had gone wrong—usually the Firefox icon disappearing from her dock, or a file vanishing from her desktop, or a strange pop-up window demanding that she agree to something she couldn’t understand. Most of the time these weren’t cybersecurity threats; they were just normal computer hiccups—though there was that time she responded to a phishing email with her credit card information. But regardless of whether the problems were serious, my grandmother got upset every time this machine she relied on acted in some strange, unpredictable way. I like to think it helped a little bit that she knew exactly what to do when this happened: call me.

That’s why I was impressed to hear about the Israeli cybersecurity hotline that was officially launched this year, after an earlier pilot period. When people in Israel think they may be dealing with computer security threats or intrusions, they can just dial 119. Launched by Israel’s national Computer Emergency Response Team, the line is staffed by students of Ben-Gurion University of the Negev and provides support and guidance to people who call with concerns about their computers. Already the line is receiving 200 calls per day, according to the Times of Israel, but the operators did not specify which types of problems are most frequently being reported to them. (CERT also did not respond to my request for comment and more information.)

It’s meant specifically for people who think that they may be experiencing some kind of online attack or threat, not people who simply can’t find the Firefox icon, but it reminds me in many ways of how I used to help my grandmother. For one, it’s a phone-based system—something that makes a big difference to people who are uncomfortable or unfamiliar with computers in the first place, and may therefore be more likely to fall prey to certain types of scams or viruses. There is no shortage of online advice about what to do if you start seeing certain types of messages or problems on your computer, but if you’re comfortable navigating those websites, you’re probably not panicked by computer malfunctions in the first place. Being able to use a phone and talk to an actual person may be easier and more reassuring than accessing online resources for some people. And if your computer has been locked by a ransomware program or compromised by some other virus, it may also simply be more practical to reach someone by phone than to turn to the internet for advice.

The hotline model has other benefits too, not just for the people who use it but also for Israel’s Computer Emergency Response Team itself. It gives them access to information from people all over the country who are calling in about potential threats. Many of those calls will probably be about dealing with fairly routine risks, and some may not be tied to any actual threats at all (a Times of Israel reporter, for instance, tested out the 119 number by asking an operator what to do about her computer running slowly), but they still offer Israel’s CERT a window into potential new threats and problems that people in the country are encountering. If ransomware is spreading rapidly via a particular email attachment or phishing messages impersonating a certain bank are gaining traction or web browsers are being infected by a strain of malware, this is one way for the CERT to find out and take steps to alert others. It also probably brings in data from a population that may not be aware of the CERT’s other functions or likely to report incidents to it by other means—this, again, is part of the power of using a phone line.

One of the ongoing challenges for people who work in cybersecurity is trying to promote education and awareness about online risks to the general population, and many of the ways we try to do that are simply not very effective. I recently completed a mandatory online cybersecurity training for my job that included a multiple-choice quiz in which I was asked to select which response was NOT a reason for understanding why cybersecurity is important. The correct answer? “Attackers love it when potential victims understand how to defend themselves.”

There’s no doubt that educating people about these threats is important, but there’s also something practical and hands-on about the approach of simply creating a way for people to get help when they need it. Not every computer problem can be solved with a phone call, of course, and the hotline will probably have challenges and frustrations of its own. But it’s one of the first cybersecurity initiatives I’ve seen that I can imagine my grandmother using, and understanding, and even finding helpful, and that all by itself seems like progress.