October brings promise of candy corn, bright orange pumpkins, and trick-or-treaters delivering happy fright on Halloween night. October also symbolizes the month to recognize another type of fright – perhaps the most monstrous fright lurking and circling your business: the attack of the cyber criminals.
This very real threat is always morphing, and businesses who don’t keep up with security best practices, training, and technology updates can easily fall victim. The monetary and productivity losses for businesses of all shapes and sizes are staggering. So in honor of Cybersecurity Awareness Month, we wanted to provide an update of the latest ‘scary’ scams, and a reminder to take precautions and prevention seriously.
Knowledge is Power – 6 New Cyber Attacks
Cyber criminals are creative. Cyber criminals are sophisticated. Cyber criminals are evolving and improving their techniques. Attacks are becoming more convincing and users are falling victim too often. For these reasons, it is important for you, employees, management and the Board of Directors to know what to look for. Many people are aware of the “relative in Nigeria” or “click this link” scams, and these scams often still work. Below is an update of some of the newer, more creative, and more complicated scams circulating.
This type of attack occurs after a single email account is compromised. If an attacker is able to take over one account within an organization then that account can be used to send phishing emails to co-workers. The malicious emails would be coming from an internal source, therefore filters and recipients are likely to trust the content. Additionally, if the recipient replies to the email to verify the legitimacy, the hijacker could respond under the disguise of the victim.
Bank Phishing Sites
A bank phishing site is an identical-looking webpage to your bank’s webpage. The site would ask for a username, password and other personal information, such as bank account number, credit card number, PIN numbers and birthdate. These sites look official, are domains certified by registrars and have similar URLs to the intended victim. To further ignite confusion, these suspicious domains could possess a valid SSL or TLS certificate.
Calendar Invite Phishing
Attackers send a spam event invite to your Gmail account. The event is then automatically added to your calendar by default (this can be blocked by going to your Google Calendar settings). At this time, the objective of the event is to attract prospective phishing victims to open the invite and click on the link (phish bait). However, as the hackers get smarter, this scam will become more targeted and sophisticated.
Artificial Intelligence (AI)
There has recently been a compromise of a UK based firm. The criminals used AI software to impersonate a chief executive’s voice and demand a fraudulent wire transfer. The AI software is able to mimic voices in a realistic and believable way. Accents and the melody of the voice are present, and the attacker is able to respond and converse with the victim.
Hurricane Dorian and other Recent Disasters
Phishing emails are low hanging fruit after a major natural disaster. Any emails, texts, social media pleas relating to a recent disaster should be reviewed with extra caution. The goal of the attacker would be for the victims or potential donors to click the link or open an attachment directing users to malicious websites.
This common, hard-to-stop and easy-to-do scam allows hackers to take control of a phone number. The technique gives the criminal access to the digital accounts under that particular phone number, including financial, social and email. The objective of the scam is to harass people and steal funds. The swap is accomplished by persuading mobile phone servicers to switch a phone number to a new device. This opens the flood gates and allows the hacker to access all accounts and reset PINs by requesting temporary login codes be sent to the phone number. Victims of SIM swapping often complain of the scam happening to them multiple times.
Cybersecurity and Prevention
It’s no secret that behavior plays a key role in combatting cybercrime, and prevention is the best defense. The worst thing any business can do, is put it off until later – lack of cyber prevention and security in this day and age becomes a matter of not if, but when.
As a reminder, K·Coe can provide a technology advisor to evaluate the efficiency of your system, and recommend and implement best practices for prevention.