Here’s a quick guide to give to your employees that details the 9 most common online scams, so they don’t inadvertently fall for them. These are several of today’s most commonly used methods to wreak havoc on your entire network.
IMPORTANT: Make sure your employees know that if they think they may have been a victim of an online scam to let you (or the appropriate person) know right away so that you can alert your IT company before damage is done!
Here’s the quick list and an explanation of each:
Many people think that spam is an acronym. It’s not. The name came from an old Monty Python episode in which the word “spam” is repeated over and over. In the sketch, by repeating the word at increasing volume, it became both annoying and irrelevant. The nickname “spam” stuck because it perfectly describes the flood of useless, irrelevant, and uninvited e-mails that people receive in their e-mail inboxes.
Today, spam is still the #1 entry point into a network simply because people click links that they shouldn’t. Spam also becomes a challenge when the sheer volume of unwanted e-mails crowds out your important business and personal messages.
Just a few years ago, spam was easy to detect because of the broken English and funky links. Today’s scammers are smarter; they use company logos and spell-check everything so as not to be detected. Accidentally opening and clicking on a spam link could invite threatening malware into your computers and network. Rather than wait for unwanted spam to negatively affect your business, create a proactive plan to address it. This could include software that detects and removes spam or creating anti-spam filters or rules to keep it out of your inbox.
While most everyone can spot a spam e-mail at a glance, phishing is much more difficult to discern. The reason is because phishing uses realistic e-mails in an attempt to trick recipients into sharing passwords and other sensitive information.
Cybercriminals who rely on phishing to steal passwords, private information, or even money are constantly perfecting their craft to resemble the company they are trying to mimic. One widespread example of phishing mimicked Visa and told recipients that their credit card would be temporarily disabled if they didn’t go to a specific website and change their password immediately. Every step of the way, from the e-mail to the website, looked very similar to Visa’s branding.
Another phishing example includes a bank e-mail tricking an employee into providing company banking information. By sending threatening messages to specific employees, they are more likely to oblige and act too hastily. Phishing e-mails may also feature attached zip files that, once opened, will spread malicious viruses throughout computers and entire systems in almost no time at all.
While many Americans are now wise to never sending personal information, and certainly not credit card numbers or passwords via e-mail, phishing is still a very effective entryway into businesses’ computers and IT networks. Rather than dealing with the embarrassment of asking their manager or boss whether or not an e-mail is legitimate, many employees will take action on a professional-looking e-mail. It takes just seconds to let unwanted hackers into your business network. And once they’re in, there’s no telling the damage they can do.
A combination of the words “malicious” and “software,” malware is any piece of software or code created with the intent of damaging devices or stealing data. Malware includes all malicious software, including viruses, worms, spyware, ransomware, Trojan viruses, and others.
So, why do cybercriminals spend so much time creating and distributing malware? They do so with the intention of selling it online to the highest bidder for use by other criminals. Also, some cybercriminals engage in malware as a tool for protests. Others use it to test cyber security or even as weapons of war between governments.
Malware can also be used to turn a computer into a bot (robot) designed to perform malicious attacks on other computers. Therefore, even if your firewall is set up to block attacks from countries such as China or Russia, it won’t block malware attacks from your local computer.
Ransomware is a type of malware that is exactly what it sounds like – software that holds your computer system and sensitive information hostage until you pay the ransom for the decryption key. Imagine coming into the office and discovering that you can no longer access your customers’ files, financial information, or all your research and development records for your upcoming product launch. These cybercriminals know just how important this information is to keep your revenue stream flowing, which is why they know most businesses will pay.
Ransomware is typically introduced to a system by a single employee who opens something they shouldn’t. Because it is often hidden in attachments, such as an “unpaid invoice” in PDF format or a package-tracking document in Word form, ransomware often looks very innocent. However, when it’s opened, the malware makes it impossible to open any other documents or applications until the ransom is paid.
Emerging trends include ransomworms, such as the infamous WannaCry and NotPetya attacks. Ransomware attacks are now a part of today’s cyberthreat environment, which is getting considerably more sophisticated and costlier. In August 2019, in a coordinated ransomware attack, twenty-two Texan towns had their networks hijacked. A year earlier, Atlanta’s IT infrastructure was infected by ransomware. Although the city elected not to pay, they still spent upwards of $18 million to recover.
Because healthcare businesses must protect their patients at all cost, nearly half of all ransomware attacks target health care companies. And because most hospitals, doctor’s offices, clinics, and dentists have thousands of patients, paying the hacker per patient record can result in an extraordinary amount of money. The most high-profile attacks today affect large businesses and municipal governments. Even though many target specific industries, hackers are also casting large nets, including small businesses. By infecting hundreds or thousands of businesses just like yours, even if only a small percentage of them pay, they win.
Spyware is another type of malware that can be downloaded as easily as ransomware, through the same unassuming kinds of e-mail attachments. However, rather than holding your information hostage for a ransom, it doesn’t appear to do much of anything. Behind the scenes, it’s actually doing a lot. It could be logging every keystroke in your entire company or copying e-mails and sending all of the gathered data to the spyware’s creator. Of course, the only minor indicator that your system has been infected is that it may seem a little slower than usual.
Most spyware is used in conjunction with adware to monitor your Internet and social media habits; but it’s a huge privacy and security threat. Spyware can actually be used to gather personal information for the purposes of identity theft and fraud. Because you have no control over what spyware monitors or where the information is sent, it’s in your best interests to prevent all spyware in the first place and do everything you can to remove it from your computers.
Most everybody knows adware when they see it. Adware, comprised of the words “advertising” and “malware,” typically creates annoying pop-ups that crowd your computer screen. Now, unlike other malware, adware is not as dangerous as it is merely irritating. However, it does have the capability of undermining your security settings and tracking your activities as it slows down your computer performance.
Adware is mainly used for pinpoint marketing. While spyware watches your web-browsing habits, adware serves up ads based on what you’re looking for. It’s like your grandmother’s party line, where you could listen in to your neighbors’ conversations. Call the operator and ask for Pizza Hut’s phone number. Then, just before you call Pizza Hut, Domino’s is calling to tell you about their specials. They know you want pizza, so they are getting in front of you with ads to entice you to buy from them.
Worms are unique in the world of malware because they are “stand-alone.” That’s because worms don’t need interaction to spread to other computers. Once it gains access to a network—like clicking on an innocent-looking attachment in an e-mail—the worm quickly spreads, relying on technical vulnerabilities to infiltrate the network. That’s right, an Internet worm is much like a parasite. Like a tapeworm, it duplicates itself across as many computers as possible. While worms themselves are rarely dangerous, they often create backdoors in the system that allow a hacker to launch more serious malware attacks.
8. Trojan Viruses
Remember the story about the Trojan Horse? In the Trojan War, the Greeks secretly constructed a huge wooden horse that hid a select force of men inside. They rolled this massive horse into Troy, and before they knew what hit them, the Greeks won the war. Because it hides in plain sight (seemingly harmless programs), this form of malware is called a Trojan.
While viruses and worms can self-replicate and infect additional files and computers on your network, a Trojan introduces dangerous malware to a computer or network. These advanced forms of malware survive because they go unnoticed. While there, they can collect information, create holes in your security, or take over your computer and lock you out.
9. Social Engineering
As societies become more educated about how to detect malware and viruses, cybercriminals must become more sophisticated to sneak into your in-box and entice you to click. Like phishing, social engineering is far more personal. With social engineering, the attack can range from something as simple and direct as posing as a coworker with a seemingly legitimate e-mail and asking for a password, to developing relationships online or even in person, viewing social media pictures of where a potential victim frequently visits and targeting them outside of work.
Ransomware can be designed to exploit technical vulnerabilities and sneak into your computers and network, but the simplest form of spreading it is by someone opening the front door. That happens when hackers can outsmart your employees, and they open an e-mail that looks like it’s from a friend or colleague. The more advanced the social engineering process, the more likely someone will unknowingly invite malware into your network and business.
Cybercriminals today have an entire arsenal of weapons [that they are constantly evolving] to attack every computer in your company as well as your network. From simple phishing, spyware and adware software to dangerous malware, costly ransomware, and Trojan viruses, it’s like your business is a sitting duck just waiting for the inevitable to happen. Thankfully, over the next few chapters, we will give you the strategies, tools, and resources to build a formidable wall and defend yourself from these hackers and cybercriminals.
Making sure your employees are educated is your best frontline defense against becoming a victim of cybercrime. If you’d like to get a free copy of my latest book that shows you ways to stay protected and will educate your employees to help guard your business, you can grab your copy here: https://www.hodgsonconsulting.com/underattack/