The year 2020 hasn’t been kind to many people. Between the COVID-19 pandemic, the resulting economic downturn, and the people looking to take advantage of these negative circumstances, it’s hard to know what to do to keep from becoming a victim. What helps is to take a thorough examination of where your business’ weak points are. This month, we thought we would take a look at cybersecurity by examining the perpetrators and their methods.
We can’t even talk about digital threats without first talking about phishing. Phishing has always been a good method for hackers to gain control over accounts, but since a lot of the security software that is defending current computer systems is extraordinarily good when compared to security software of old, it typically takes a user to trigger a network security breach. Phishing is the most used method, accounting for over one-third of all security incidents.
Phishing works with the assumption that the user is the weakest link and can be manipulated and coerced into providing the means to gain access to a computing environment. With so many successful breaches resulting from phishing attempts, you’d have to agree that this strategy works. There are many different types of phishing messages, but the main strategy is to flood people's email and messaging systems with messages that seem to come from a reliable source, but actually carry malware and other undesirable attachments. Some target individuals, but the lion’s share are more like a phishing net than a phishing lure.
Once the hackers hook their victims, they can then access secure computing resources or deploy their malware payload. Phishing attacks typically use current events to present scammers more opportunities for “success”. More often than not these attempts are fruitless, but when someone slips up and clicks on a link or downloads an attachment, they are in business.
Another prevalent scam is the loan or credit card scam. This is one where a seemingly trusted organization floats a line of credit to someone that typically wouldn’t qualify for it. This is enticing enough for the recipient to go through the motions trying to get the money. Oftentimes, part of the ruse is that the recipient of the loan or payment card has to pay some money as a down payment in order to receive the promised sum of money. The user will pay and that will be the end of it, hopefully.
Some people that get roped into this scam provide scammers with access to their financial accounts and find that there are mysterious withdrawals from their accounts. These scams are more likely to work in recessionary periods as many, many people are looking for a way to make ends meet. You may think that these types of schemes are clear as day and wouldn’t work, but you would be surprised what people will do when they are under financial duress.
This scam is a tried and true one. You will get a popup while you are surfing the web that looks urgent. It says something along the lines of “You’ve been infected! Download our product to remove the dangerous virus before it is too late!” This message flashing on your desktop is enough to get people to panic and make a grave mistake.
Users that would fall for this scheme could get lucky if it is only a hoax, or they could be in a world of hurt when their files or drives are encrypted and held for ransom. That’s why it is imperative to keep your head when confronted with abnormalities online. Impulsive action almost always results in worse results than deliberate action. The best way to avoid the risks carried out by these pop ups is to not click on them and to add an extra layer of protection to your antivirus that will help ward against malware deploying pop ups.
Another noteworthy scam that is all the rage among hackers in 2020 (and going into 2021) is the fake news scam. If you use the Internet at all you know all about fake news. Basically, fake news is disseminated on social media as actual news and presents major problems for society, let alone your computing infrastructure.
The fake news scam typically comes from what you would think is a trusted news site, but since the scammer spoofs the address, it redirects to a website that is rife with danger. Clicking on links, downloading documents, even filling out forms can transfer malware and other undesirable code to your computer.
To avoid the fate of someone that gets malware from a fake news site, you should stick to trusted websites. If you don’t trust any news site, then don’t read the news. For more reasonable people, however, utilizing fact check services can verify if the news you are being sent is real or just a scam.
A type of phishing that is relatively new, is what is called smishing. It is a phishing attack, but sent through a text message. Text messaging is typically looked on as a much more secure and reliable medium (as opposed to the telephone or email), and users let their guard down. Today, that has resulted in millions of smishing messages sent each day.
It’s a misconception that mobile is immune to this kind of scam. In fact, it may be the most obvious place a scammer would target as users typically move fast and loose around their mobile OS and now with Smishing (and social media phishing), everyone has to take care not to fall for a scam.
There are dozens of other scams that today’s hackers undertake, but irregardless of how they are sent, most of these attacks have a common denominator. That is that it takes the user to slip up. If you want to avoid malware and data breach you need to slow down and be vigilant in what links you click on and what sites you go to. One great tip is to verify every message you get that asks you to interact with it. If it comes from a truly trusted source, you won’t have anything to worry about.
If you would like more information about training your staff to avoid today’s most dangerous online scams, give Washington Works a call today at 301-571-5040.
Comments