3 Most Popular Ways Hackers Scam Small Businesses
In March 2018, Microsoft released their bi-annual Security Intelligence Report. Microsoft scanned 400 billion email messages, 18 billion web pages, and 1.2 billion devices for threats.
But what does that mean for small business? What are the hackers' methods? How can you protect your company?
What people tend to forget is that cybersecurity is a living entity. For every defense we can dream up, cybercriminals will find a new loophole and on goes the vicious circle.
Criminals take advantage of the abundance of free information available online these days. Things like social media, the Cloud, and fake software updates make for easy targets. Microsoft has identified these targets as "low-hanging fruit."
Let’s explore the most common methods cybercriminals use, so you can successfully protect your company.
1. Social Engineering Attacks
Phishing continues to be the first choice for social engineered attacks. But what is social engineering, or phishing for that matter? -- Great question!
Social engineering is a fancy term for using social tools to capture sensitive information. Social tools can include, email, social media, text messages, and phone calls. Basically, anything that has a social nature to it.
Example of a Socially Engineered Phishing Attack:
Criminals create email campaigns targeting unsuspecting people. This attack might be a campaign designed to target customers a specific bank or financial institution.
They'll create a email that appears to come from the bank’s fraud department. This email might ask for information to resolve an issue or an on-going investigation, etc.
It might even look like the one below from "Wells Fargo," asking you to click on the link and log in because there was an "unauthorized login attempt." And look, they even encourage you to mark the email as NOT spam, so these go straight to your inbox -- how thoughtful of them.
Scammers are "fishing" for usernames, passwords, email addresses, or social security numbers. You innocently reply with the information they are asking for, or log in to the fake portal, and BAM, they have all your information. This type of attack continues to be popular because unfortunately, it works.
How to Check Email Links for Phishing Scams
One technique to combat phishing is to review the email addresses and links. Try hovering your mouse over them (without clicking!) to ensure the address is spelled correctly and legit.
If you weren't expecting an email from someone, try giving them a call to ensure the email is legitimate. Keep in mind: in most cases, you're probably not inheriting a million dollars from royalty overseas.
2. Attacks via Software Pop-ups
Phishing attacks aren't always sent via email.
Hackers often use software and services we use on a daily basis as a point of entry. This includes things like Dropbox, Word documents, pictures, or ZIP compressed files.
Clicking links or buttons included in emails or software pop-ups is risky. The same is true for opening files downloaded from the Internet.
It's never 100% safe to open attachments, so your best bet is to be expecting them. Have someone confirm with you, before they are sent, that they are in fact sending attachments. And when possible, have this conversation via phone or in-person -- not by email.
How to Avoid Software Scams
As mentioned above, always double check links and email addresses, even if you are expecting them. When in doubt, call your IT department or help desk. They can help you identify the validity of the link.
It's also critical that all operating system and software security patches are installed. These updates fix issues that are allowing criminals to exploit gaps in the software.
3. Poorly Secured Cloud Applications
The last piece of low-hanging fruit for cybercriminals is poorly secured Cloud applications.
When signing up for Cloud services, it is essential to ask questions like:
1. How is the Cloud application and provider secured?
2. Who will be using the application?
3. Where and how will data be stored?
4. How can access be audited?
Cloud application providers should have the highest level of security with their applications.
This includes a secure path to access data, secured accounts, and limiting exposure to unauthorized users. Working with a team familiar with security standards will help deploy these applications.
There is no reason to compromise security while improving productivity!
Online security can be complicated, and education can help untangle it. Knowing about these online threats, and the techniques to battle them are essential.
Always work with your IT team when unsure about security. Threats will continue to evolve, and a well-trained team will be your best defense.
Have more questions? We're happy to chat anytime. Give us a call at 800-481-4369.
The IT Help Desk
The IT Help Desk was created with you in mind.
This monthly series will give you the inside track with tips and tricks sourced directly from our Help Desk to better serve you.