With the sharp rise in remote work since the start of the pandemic, it should come as no surprise that cybercrime has also skyrocketed. According to the FBI’s annual Internet Crime Report, the total money lost to cybercrime climbed a whopping 64%, to $6.9 billion in 2021.
There are many reasons for the sharp increase in cybercrime: sophistication, multi-prong attacks, and lack of awareness in the cyber age. Many factors exist that make protecting ourselves from cybercrime more difficult than ever before. So, how can you protect your business’ sensitive financial and customer information?
Companies who aren’t prepared for cyberattacks are essentially risking tens of thousands of dollars, not to mention their reputations. While we recommend hiring an IT company to handle your cybersecurity and install security enhancements, there are also some easy practices you can implement to boost your company’s defenses.
The first step is awareness; understand the enemy’s tactics and you can defeat him. Below, we’ve outlined several common cyberattack schemes to help you define, identify, and prevent yourself from falling victim to them.
Definition: Spoofing is the act of disguising an unknown email, website address, or phone number in an interaction. The attacker’s goal is to trick you into thinking that you’re dealing with a trusted source.
Identification: Cyber criminals will disguise themselves by changing one or a few letters/numbers in their method of contact. For example, if a CEO’s email was firstname.lastname@example.org, a scammer might send an email to an employee from the address email@example.com or firstname.lastname@example.org. Or, in a bogus email, a scammer might provide a phone number for you to call that’s similar to the legitimate phone number, but just a few numbers off.
Prevention: Make sure you’re reading email addresses carefully. If you’re asked to call a company, don’t call the phone number provided in the email–look up the company’s phone number yourself and call to make sure the request is legitimate. Don’t respond to “company” emails that use a public domain such as gmail.com. Companies usually have their own domains, so any “internal” email from an email address with a public domain should be a red flag.
Definition: Using spoofing as a tactic to gain trust, phishing scams try to manipulate the user into giving up sensitive information such as login information, contact information, and credit card numbers.
Definition: After successfully using spoofing as a tactic to gain trust, phishing scams try to manipulate the user into giving up sensitive information. This can include login information, contact information, or credit card numbers.
Identification: Aside from reading all email addresses carefully, you can spot a phishing email a few different ways. If the email is poorly written with many spelling and grammar errors, that’s usually a good sign that the email is phony. If you’re asked to click on a link or download an attachment, that should also give you pause. If a malicious link/attachment is opened, the download could potentially unleash malware on your computer.
Definition: Malware is a malicious form of software designed to harm a user’s computer or network. Malware includes computer viruses, Trojan horses, spyware, and worms.
Identification: If you notice your device is running slower than usual, getting a lot of pop-ups, or crashing frequently, your computer may be infected with malware. Notice any new items, icons, or browser extensions on your toolbar that you don’t remember installing. Receiving frequent error messages may also be a sign that your computer is infected.
Prevention: Don’t put off updating your operating system. Software updates often fix newly-identified security issues. Also, don’t click on any links or downloads being advertised by pop-ups, even if they’re for an antivirus software. Install (a legitimate) antivirus software that will detect most types of malware. Finally, consider doing your day-to-day web browsing on a “limited” or “standard” account instead of an administrative one. Limited accounts usually can’t install software or make system-wide changes.
Definition: Ransomware is a type of malicious software that allows the attacker to lock the victim’s computer until a sum of money has been paid.
Identification: If you suddenly have files that won’t open or notice odd file extension names, this may indicate ransomware. The most obvious indicator, however, will be a ransomware note. This may be in the form of a splash screen that locks you out of your computer and provides instructions on how to pay the ransom in order to get your files back.
Prevention: Install anti-malware applications. Educate yourself and train your employees to spot and avoid ransomware. In the event that your computer is infected, make sure you have off-site backups of your data!
Social Engineering Attacks
Definition: Social engineering attacks refer to a wide range of cyberattacks focused on manipulating human interaction. Using psychological tactics, cyber criminals will try to trick users into revealing sensitive information that compromises their security. Social engineering can also take the form of long term psychological grooming, such as feigning friendship for access to credentials. Most of the schemes and tactics listed above fall under this umbrella term.
Identification: A social engineering attack usually happens in phases. First, the attacker identifies the victim, researching background information to inform their attack. This will help them interact with and gain the trust of the user. The cybercriminal will often groom the victim for days or weeks, even months. After trust is gained, the bid for sensitive information ensues.
If the attack is successful, the cyber criminals will then cover their tracks and bring the interaction to a natural end to avoid suspicion. This type of attack usually results in a data breach, information held for ransom, or fraudulent wire transfers.
Prevention: In 2022, 62% of insider data breaches were caused by employee negligence and errors. In many of these cases, the employees weren’t properly trained on how to recognize social engineering attacks. Therefore, one of the best preventative measures you can take is to educate your employees with formal cybersecurity awareness training on a regular basis.
Definition: Wire fraud occurs when a cyber criminal poses as a trusted source and requests a transfer of funds.
Identification: If you receive an email asking you to send money immediately, that should be enough to arouse your suspicion. If the request is urgent or an “emergency”, then you’re most likely dealing with a scammer (especially if the context of the email is frightening or emotionally manipulative).
Prevention: Always confirm through a different form of contact that the request for funds is legitimate. Enable multi-factor authentication for web-based email access. Geo-block email access from parts of the world where the company doesn’t have employees. Educate your employees on cybersecurity awareness, especially those employees who deal with transfers.
Boost Your Company’s CyberSecurity with AvarTec
Don’t let your business become a victim of cybercrime. Staying educated on the latest cyberattack schemes is a key component in defending your company from cyber criminals.
Another key component? Having a capable IT company at the ready to help defend your company against any and all cybersecurity threats. With AvarTec as your company’s cybersecurity partner, you can expect enterprise-level support for your business. With our cybersecurity products and services, our team will provide a high-value protective shield to help defend your websites, networks, and computers from potential and existing threats.
Get the peace of mind you deserve and trust AvarTec to help protect your company’s money and reputation. Contact us for a quote, or ask about our Cyber Culet suite of cybersecurity products and IT support services today.