Remember Online Scams Target Businesses Too

It’s online scam a go-go out there. It seems that no one is safe. Not the widower looking for love; not the person looking for information on covid, not the home user who accidentally visits an infected site, not the worker bee who clicks on a dodgy email link. 

Today’s focus seems to be personal scams – those targeting the individual – but that doesn’t mean that the bad guys have taken their eye off the corporate ball. 

It might be helpful to think of these scammers as being in two different camps: those focused on home users; and those with an organizational slant. 

The romance scammer must invest long hours to woo their victim whereas pretending to be a supplier can reap you quick dividends. The ransomware attacker can only ask a small amount from an individual, but can pad on the zeros onto the ransom when it gets into a firm’s network.  

See, workers often possess keys to a kingdom of wealth, as far as a bad agent is concerned. Be it a database full of PII, cloud storage full of corporate secrets, or access to the back end of a website, this kind of haul is valuable to someone, and therefore can make the infiltrator a pretty penny or two.  

According to an FBI’s Internet Crime Complaint Center (IC3) report  issued last year, 2019 saw both the highest number of complaints and the highest dollar losses reported since the center was established in May 2000.

“IC3 received 467,361 complaints in 2019—an average of nearly 1,300 every day—and recorded more than $3.5 billion in losses to individual and business victims. The most frequently reported complaints were phishing and similar ploys, non-payment/non-delivery scams, and extortion.

Let’s review two types of online scams that can dupe the employee, be they in an office or remote working. 

Unauthorized software downloads

This is a biggie. Everyone is stressed out more than usual, thanks to the pandemic. Many face much harsher work conditions with less resources to rely upon. What if the IT team is down to a skeleton team? Who is handling all the inbound requests from office staff? 

So it is up to the individual employee to sort out problems that, perhaps in 2019, would have farmed out to IT. 

Free software downloads that offer a specific service or promises to simplify a task can seem like a gold mine. If the employee is not compelled to check the download site and have the application vetted by IT, they could easily be duped into downloading a malicious executable file, and running it on the company approved laptop. 

To help avoid this scenario, TBG security suggests: 

  • ensure that a list of all approved software is available and easily accessible to employees. 
  • Make sure this list is up to date and maintained, removing no-longer-approved programs in a timely manner. 
  • explain to all employees the risks of downloading unauthorized software.
  • create a clear and accessible request system for new software
  • block downloads from all unauthorized sites.  

The Spoof Attack

Pretending to be a trusted service provider, or even a member of the IT or management team, in order to sway the worker into performing a specific action, such as divulging their password, or giving away snippets of information about the company, its staff or its systems, is hot business. 

While it can be somewhat intensive work, it can prove very lucrative for the neerdowell infiltrators. Spoof attacks might be even more easily achieved today when many of us work from home, and where our systems might not be up to scratch.

To help avoid this scenario, TBG security suggests: 

  • never request sensitive information such as passwords from your employees 
  • make sure staff are trained to spot spoof attacks
  • set up a clear authorization request protocol to help internal teams identify rogue requests
  • explain to staff what to do if they feel they might have been compromised 
  • consider a reputable password management software to avoid multiple login scenarios
  • employe two-factor authentication wherever possible

Ultimately, our networks have spread far and wide, and many now include machines that might not be vetted by experts as safe. Obviously, this is a difficult task for those in lockdown. 

View Post

While it is impossible to make a cyber whizzes out of every user, training and education should be a no brainer. So is keeping your system as healthy as possible, through regular risk assessments and penetration testing. 

If you ensure that internal systems and procedures are properly tested, it will go a long way to safeguard your business from cyber headaches. Want help in getting your workers and systems ship shape, contact the experts at TBG Security

Previous Article2020 Holiday Infosecurity advice for the people in your life Next ArticleTakeaways from the British Mensa Security Drama