The fourth week of Prosource’s National Cyber Security Awareness Month (NCSAM) Campaign features cyber security tips complementing the theme, “How Does Data Get Compromised During an Attack? Common Cyber Scams to Watch Out For”.
If you’re like a lot of people, you imagine hackers launching complex attacks against international corporations and governments. The reality is that one of the most common forms of cybercrime is when you respond and fill out information to phishing emails. While most phishing attacks are sent by email or deceptive websites, there are many other approaches that hackers can take.
Here are 7 tips to help you identify common cyber scams and understand how data gets compromised during an attack.
[You Might Also Like: Blog Article – “5 Types of Social Engineering Scams”]
Tip #29: Look Out for Grammar Mistakes, Spelling Errors, and Generic Salutations That are Often Seen in Deceptive Phishing Emails
97% of people around the world cannot identify a sophisticated phishing email.[1]
Deceptive phishing is the most common type of phishing scam. It is a scam where attackers impersonate a legitimate company and attempt to steal your personal information or login credentials. Scammers typically send email messages containing threats or sense of urgency to scare people into giving their information. The success of deceptive phishing attacks depend on how closely the attack resembles a legitimate company’s official correspondence. Inspect all URLs to see if they redirect to an unknown website, and look out for grammar mistakes, spelling errors, and generic salutations in emails.
[You Might Also Like: Blog Article – “How to Spot Common Cyber Scams”]
Tip #30: Deploy Multi-Pronged Approach to Endpoint, Network, Server, and Backup Level Detection to Safeguard Against Ransomware
The average cost per ransomware attack to businesses was $133,000 in 2017.[2]
Ransomware can disrupt business operations or shut down business entirely. Ransomware is a type of malware-based phishing attack that encrypts data stored on computers. Attackers hold data “hostage” and demand payment be made via Bitcoin, or other untraceable currency, before the data is unlocked. Ransomware is commonly installed on computers through phishing emails or by unknowingly visiting an infected website. To keep your business secure, it is essential to deploy an all-out, multi-pronged approach to endpoint, network, server, and backup level detection. It’s critical for business’s detection defense to be everywhere, local and remote for both physical and virtual machines.
[You Might Also Like: Blog Article – “A Closer Look at Ransomware”]
Tip #31: Keyloggers and Screenloggers Track Keystrokes to Intercept Passwords and Other Sensitive Information Typed in Through the Keyboard
Phishing attempts grew 65% from 2016 to 2017.[3]
Keyloggers and screenloggers are types of malware-based phishing attacks that track keyboard input and send relevant information to the hacker via the internet. Advanced versions of these kinds of malware can embed themselves into users’ browsers as small utility programs that run automatically when the browser is launched. Antivirus is the first line of defense against malware, so make sure yours is up-to-date and working properly to keep keyloggers and screenloggers out of your system.
[You Might Also Like: Blog Article – “How to Prevent Common Cyber Attacks”]
Tip #32: Session Hijacking Allows the Hacker to Access to the Server and Information Without Having to Hack a Registered Account
76% of businesses reported being a victim of a phishing attack in the last year.[4]
Computer sessions are temporary interactions users have with websites. When you login to a password protected website, the session is started. The session will be active until the end of the communication, or until the user logs out. Session hijacking is an attack where users’ activities are monitored until they sign in to a target account or transaction. At that point, the malicious software takes over and can take unauthorized actions, such as transferring funds, without the user’s knowledge. To help prevent session hijacking, it’s important to have up-to-date antivirus and anti-malware software in place.
[You Might Also Like: Blog Article – “Layered Security Key to SMB Cyber Protection”]
Tip #33: Attackers Can Redirect Website Traffic to Steal Information
30% of phishing messages get opened by targeted users and 12% of those users click on the malicious link or attachment.[5]
Pharming redirects a user’s website traffic to another, fake website using malicious code such as viruses, worms, Trojans, and spyware. Commonly spoofed websites include social media platforms and company portals. These fraudulent websites are designed to appear legitimate, when in reality victims are willingly handing their personal information to cyber criminals.
[You Might Also Like: eBook – “Cyber Security Toolkit”]
Tip #34: Attacks Can Eavesdrop or Impersonate Someone, Making it Appear Like a Normal Exchange of Information is Underway
The average cost of a phishing attack for mid-size companies is $1.6 million.[6]
Man-in-the-middle attacks are harder to detect than many other forms of phishing. During these attacks, hackers position themselves between the user and a legitimate website, and they either eavesdrop or impersonate one of the parties. They record the information being entered but continue to pass it on, so the user’s transactions are not affected. The attacker either sells or uses the information or credentials collected when the user is not active in the system. Using secure communication protocols, including TLS and HTTPS, help mitigate spoofing attacks because they encrypt and authenticate transmitted data. Doing so prevents the interception of site traffic and blocks the decryption of sensitive data.
Tip #35: Attackers Use Attractive Offers to Lure Victims Into Giving up Their Information
Nearly 1.5 million new phishing sites are created each month.[7]
Search engine phishing occurs when phishers create website with attractive sounding offers and have them indexed legitimately with search engines. Users find these sites when they are normally searching for products or services and they are fooled into giving their information. Common scams include false banking sites offering lower credit costs or better interest rates than other banks. Victims who use these sites to save money from interest charges are encouraged to transfer existing accounts and give up their personal information. Common incentives used to attract victims include an amazing discount, free giveaway, low interest rates, free credit cards, employment opportunities, and emergency warnings.
Check back next week for week 5 of Prosource’s NSCAM tips and tricks: “Is That Email Legitimate? Remain Vigilant by Spotting Email Phishing Scams”.
About Prosource NCSAM: As declared by the U.S. Department of Homeland Security and the National Cyber Security Alliance, October is National Cyber Security Awareness Month (NCSAM). The cyber security experts at Prosource created their own version of NCSAM to help SMBs across the United States increase their understanding of common strategies used by cyber criminals and ways to keep their SMBs protected against cyber attacks.
Every Monday in October we’ll send out an email with the week’s 7 cyber security tips and tricks to help your business become more vigilant against cyber threats. You can also check our Facebook, LinkedIn, and Twitter pages for daily tips and tricks. To sign up to receive our weekly emails, click here.
[1] https://inspiredelearning.com/blog/phishing-statistics-facts/ [2] https://blog.barkly.com/ransomware-statistics-2018 [3] https://blog.dashlane.com/phishing-statistics/ [4] https://blog.dashlane.com/phishing-statistics/ [5] https://blog.dashlane.com/phishing-statistics/ [6] https://blog.dashlane.com/phishing-statistics/ [7] https://blog.dashlane.com/phishing-statistics/