Cyber crimes are all over the place. Hackers are just waiting to make a big profit off of vulnerable parties, devices and networks. Every organization needs to be on guard for attacks that will inevitably occur. Small- and medium-sized businesses in particular are often prime targets, and they’re usually not prepared for what’s coming. Since nearly all breaches could be prevented with better user awareness, it’s crucial to have everyone in the company trained regarding the most common cyber threats. Here are a few things that everyone on your team should know about cyber attacks and how to avoid falling victim to them.
The Most Common Cyber Threats
The two most common cyber attacks are both email related: phishing and spear phishing. Everyone has seen fake emails with odd links or attachments—they’re sent out all the time. Phishing scammers attempt to disguise themselves as legitimate senders, such as a reputable company or your IT department, in order to lure the recipient into providing sensitive information. They often include clickbait for something that looks urgent or piques the reader’s interest—like in this example when one of our junior interns clicked on a link promising free toys.
Spear phishing is a more sophisticated version of this, where scammers do research about a target person online, for example browsing through their social media accounts. Then they do a small, focused attack specific to that individual. With this extra research done, they may be able to claim a relationship with the recipient. Watch out for CEO fraud, when the sender is bold enough to impersonate your organization’s leader. Here’s another scenario when this happened to our interns.
These are most often sent through email, but they can also happen through text messages or even phone calls.
When Recipients Fall for Attacks
Malware (short for “malicious software”) can infect your device when you visit a hacked website or ad, download infected files, install unfamiliar apps, or open a dangerous email attachment. Once this infection takes over your computer, it can activate your webcam or log all your keystrokes. This is a common method of data breach where personal information is stolen, and it can cause a lot of damage.
Ransomware takes this stolen data and scrambles it so that users can no longer access their own information. Then it holds the data ransom, keeping it locked up or threatening to make it public until the victim pays a requested amount. Organizations have lost huge amounts of money through ransomware, and some don’t ever recover.
Sometimes an attachment may contain a malicious macro, a sequence of instructions meant for automation. When used in a cyber attack, a macro can deliver a virus or gain access to a computer in order to spy and steal information. If you ever receive a shady request to enable content, don’t do it. For those who use macros for their workflow, disabling any default ones that you don’t need can help reduce vulnerability.
Red Flags to Watch Out For
All of these attacks can be part of the broader practice of social engineering—deceiving or manipulating someone in order to gain access to sensitive information. There are some key warning signs that can be easy to spot once you and your team know to look for them. In any message that doesn’t seem familiar or expected, check for these red flags:
- Misspellings or bad grammar
- A scenario that doesn’t seem likely
- A sense of urgency, as if your colleague needs something done right away
- A too-good-to-be-true offer
- A slightly unordinary email address
Here are some more details to look for that can give a scammer away:
Also beware of fake social media profiles, which might have an experience list that sounds unlikely or a model-like photo that doesn’t seem realistic. Basically, anything unexpected or out of the ordinary should be approached with caution, reported, or blocked. If you’re unsure, check with the supposed sender or do your own search for the legitimate website the message claims to be about. (Or just assume it’s malicious and don’t waste your time—valid messages from your team tend to have a way of getting to you without needing an odd-looking email to do it.)
On top of user awareness, there are security solutions that can safeguard your organization from being breached. Contact us today for advice on the best choices for your company.