The third week of Prosource’s National Cyber Security Awareness Month (NCSAM) Campaign features cyber security tips complementing the theme, “How Can Your SMB Avoid Becoming Prey? Today’s Top Cyber Criminal Strategies”.
Reports of massive data breaches have become commonplace, and the average cost of breaches have reached record levels. Cyber attacks are on the rise in SMBs, scams are constantly evolving, and cyber criminals are becoming increasingly savvy in using methods to get information and money from unsuspecting people. Arming yourself and your employees with knowledge on how to protect your identity is key to avoid falling victim to scammers.
Here are 7 tips to help you understand and spot today’s top cyber criminal strategies.
[You Might Also Like: Blog Article – “5 Types of Social Engineering Scams”]
Tip #22: Phishing Attacks That Impersonate Trusted Individuals are on the Rise
80% increase in phishing attacks that impersonated someone familiar to the targeted individual.[1]
Impersonation attacks are phishing attacks that imitate someone familiar, such as a co-worker, friend, or family member, to the targeted individual. These attacks are designed to steal money, intellectual property, or other sensitive data. Socially-engineered impersonation attacks are still reaching employee inboxes because commonly used systems aren’t catching these threats. To ensure these types of attacks don’t reach employee inboxes, it’s important to implement a multi-layered approach to security
[You Might Also Like: Blog Article – “How to Spot Common Cyber Scams”]
Tip #23: Hackers Pose as Top Level Executives to Get Employees to Transfer Money
According to the FBI, CEO fraud attacks have increased by 2,370% since 2015.[2]
Spear phishers can target any one in the organization – even top executives. CEO Fraud, or fake president fraud, happens when a cyber criminal poses as a company executive and convinces an employee to send them a large sum of money. These types of attacks may vary in detail, but they all contain four major elements: the ‘president’ makes contact, the ‘president’ asks for a transfer, the ‘president’ pressures compliance, and the employee makes the transfer.
Tip #24: Top Executives are Easily Scammed by Whaling Attacks
Whaling attacks increased by 200% in 2017 compared to 2016.[3]
During a whaling attack, phishers specifically target top senior management such as the CEO, CFO, or other executives who have complete access to sensitive data. The goal of a whaling attack is to trick an executive into revealing personal or corporate data, often through email and website spoofing. These attacks use fraudulent emails that appear to be from trusted sources to try to trick the victims into revealing sensitive data over email or by visiting a spoofed website. Whaling attacks are more difficult to detect than typical phishing attacks because they are highly personalized and are sent only to select targets within a company.
[You Might Also Like: Blog Article – “How to Prevent Common Cyber Attacks”]
Tip #25: Attackers Impersonate an Individual or Organization to Send Urgent Requests and Scare the Victim into Taking Immediate Action
60% of SMBs who were victims of cyber attacks did not recover and shut down within 6 months.[4]
People are more likely to respond to a phishing email if the request is sent with a sense of urgency. Common examples of urgent requests include messages from angry bosses, late credit notices, cancelled memberships, compromised accounts, missed package deliveries, and missing rent checks. These types of emails may also be sent as requests to confirm account information or unexpected password reset requests. These messages often use the victim’s name in the body of the email and are written in a stern voice to persuade victims to open attachments or reveal sensitive information.
Tip #26: Unexpected Refunds & Payments are Hard to Resist - and Attackers Know That
57% of SMBs are seeing an increase in cyber attacks in 2018.[5]
Free money and gifts are hard to resist, so it’s not uncommon for phishing emails to bait victims with the promise of refunds or payments. If you receive messages claiming you are eligible for a refund or payment, it’s important that you contact the business who you received this message from before doing anything. Research the company’s website online and find a legitimate phone number on the website to call and validate the email. Chances are that if you receive a request for money transfers that you were previously unaware of or seem out of place, they are scam.
[You Might Also Like: Blog Article – “Layered Security Key to SMB Cyber Protection”]
Tip #27: Scammers Use Unsolicited Emails Claiming You've Won a Contest to Gain Access to Information
38% of successful phishing attacks against businesses resulted in compromised accounts.[6]
Phishers may claim you have won or are eligible for a contest or prize even though you have not registered for a giveaway or contest. It’s illegal to ask for you to pay or buy something to enter or increase your odds of winning a contest. Legitimate sweepstakes are free and by chance, so if you are asked to pay, wire money, deposit money, etc., you are receiving a contest scam.
[You Might Also Like: eBook – “Cyber Security Toolkit”]
Tip #28: Scammers are Becoming More Sophisticated with Mobile Phone Vishing
45% of organization said phishing attempts came through phone calls or text messages.[7]
In a vishing (voice phishing) attack, scammers rely heavily on manipulation and social engineering to get victims to give personal information. Criminals typically send an email, phone message, or text pretending to be from an official source, such as a bank or government organization. The message encourages the victim to call a phone number to correct a discrepancy. Most vishing scammers now rely on “caller ID spoofing” which allows them to send out phone calls that appear to be from a legitimate or localized source. If a victim calls the number given by the scammer, they will be directed to an automated recording prompting them to provide information such as credit card numbers, birth dates, addresses, etc.
Check back next week for week 4 of Prosource’s NSCAM tips and tricks: “How Does Data Get Compromised During an Attack? Common Cyber Scams to Watch Out For”.
About Prosource NCSAM: As declared by the U.S. Department of Homeland Security and the National Cyber Security Alliance, October is National Cyber Security Awareness Month (NCSAM). The cyber security experts at Prosource created their own version of NCSAM to help SMBs across the United States increase their understanding of common strategies used by cyber criminals and ways to keep their SMBs protected against cyber attacks.
Every Monday in October we’ll send out an email with the week’s 7 cyber security tips and tricks to help your business become more vigilant against cyber threats. You can also check our Facebook, LinkedIn, and Twitter pages for daily tips and tricks. To sign up to receive our weekly emails, click here.
[1] https://www.nasdaq.com/press-release/new-report-reveals-an-80-increase-in-impersonation-or-business-email-compromise-bec-attacks-20180828-00078 [2] https://www.ic3.gov/media/2017/170504.aspx [3] https://www.itgovernance.eu/blog/en/whaling-attacks-increased-by-200-in-2017 [4] https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html [5] https://blog.barkly.com/smb-cyber-attack-statistics-2018 [6] https://www.comparitech.com/blog/vpn-privacy/phishing-statistics-facts/ [7] https://www.comparitech.com/blog/vpn-privacy/phishing-statistics-facts/