Safeguarding Your Business: The Top 3 Cyber Threats

Safeguard your online presence

In the early days, businesses relied on physical locations and word-of-mouth to attract customers.
However, with the advancement of technology, the way businesses operate has changed significantly. The internet has revolutionized business-customer interactions, making an online presence essential. Today, a business needs an online presence to reach customers in remote areas and showcase their innovative ideas, new products, and services. Having a strong online presence helps businesses reach more people, increase their visibility, and grow.

The digital age has opened up many opportunities for businesses to succeed, but it has also brought new risks and challenges. Cyber threats have become more advanced, targeting weak systems and exploiting vulnerabilities. To protect your business, it's important to know about the top cyber threats and take steps to secure your online presence.

In our relentless pursuit of success, we often find ourselves caught in the whirlwind of daily operations. Whether focused on generating revenue or handling essential tasks, such as creating PDFs, managing communication with suppliers, or sharing account passwords among employees for seamless collaboration, these responsibilities can distract us from the lurking cyber threats that endanger our business.

We must recognize that our focus on productivity and profit can sometimes blind us to the subtle threats infiltrating our systems.

Consider the risky act of downloading new software. Utilizing free or pirated programs to save money could expose us to harmful codes created by hackers. The tool we believed would help us save money or the exciting software we discover on social media could actually be a hidden threat, releasing harmful programs that steal our information or damage our files.

Another vulnerability lies in our email management. Email is a crucial communication channel, yet it can be a double-edged sword. Improper handling of email providers exposes us to phishing attacks, where cybercriminals disguise themselves as trusted entities to trick us into revealing sensitive information. One careless click can lead to devastating consequences.

As we navigate the digital landscape, it is imperative to be vigilant and proactive. Understanding the vulnerabilities allows us to fortify our defenses and ensure that our online presence remains secure amidst the chaos of daily business operations.

Threat #1 downloading malicious software

While saving money is always a good idea, downloading software from unknown sources can be very risky. It's something like the story of the Trojan Horse from ancient Greece, where the Greeks managed to sneak soldiers into the city of Troy by hiding them inside a wooden horse. The Trojans thought they were getting a gift, but it turned out to be their downfall. Similarly, free or pirated software might seem helpful or exciting, but it can secretly contain harmful programs. These programs can steal your personal information, restrict your access to your computer, or even damage your files. Therefore, it's best to only use software from trusted sources.

• Vulnerability name: Social engineering through Trojan horse attacks.
• Risks: Identity theft, financial loss, computer damage.
• Attack: Hackers hide harmful software in free or pirated programs, which can command your computer to steal your data, mess up your files, or lock you out of your computer.
• How to Prevent It:
• Use software from trusted sources.
• Buy legitimate versions of necessary software.
• Keep your software updated to fix security issues.
• Run a scan with your antivirus software to remove malware.

Thread #2 Improper handling of email providers

This weak spot doesn’t target your computer directly. Instead, it attacks you. Think of it like being conned. They try to trick you into doing something you shouldn’t, like handing over your access credentials.

How do they try to trick you? Scammers might send you an email that looks exactly like it’s from your bank, claiming there’s a problem with your account and asking you to click a link to resolve it. They could also send a message that seems to come from a store where you shop, offering a huge discount. Sometimes, they even send fake text messages! The key is, they create a fake copy of a real website or message to fool you.

Be aware of who your providers are and the typical types of requests they make. Verify any unusual changes, such as updates to payment information, and confirm the source of communication before taking any action.

• Vulnerability name: Social engineering through phishing attacks
• Risk: Steal your money, Steal your identity, lock you out of your account
• Attack: Scammers send emails to trick users into giving away sensitive information or clicking harmful links.
• How to Prevent It:
• Use strong email filters and tools to catch phishing attempts.
• Train employees to recognize phishing emails and teach them what kinds of requests to expect from providers.
• Double-check any unusual requests by directly communicating with the sender through a secondary method.
• Verify the source before taking any action. Contact your supplier or carefully check links by hovering over them.
• Avoid clicking on links in emails or texts. Use bookmarks instead.
• Maintain a trusted contact list of your providers.

Thread #3 Sharing Account Passwords can lead to data breaches

Expanding your workforce to handle increasing demands and keep your audience engaged requires careful planning. Creating individual accounts and granting access to key communication channels, such as social networks and email, is essential. Many platforms offer collaborative account features with controlled access, allowing you to grant specific permissions based on each role rather than sharing the main account password.

For example, you can assign specific access levels: some team members can read orders, while others can respond to requests. Never share passwords; instead, use different passwords for each account, choose strong passwords, and update them frequently. Implementing these practices helps maintain security and efficiency in your business operations.

• Vulnerability name: poor password hygiene
• Risk: Someone snoops on your stuff, impersonating you, steal your information, financial lost
• Attack: Sharing passwords increases the risk of them being stolen through tricks or insecure communication
• How to Prevent It:
• Use multi-factor authentication for added security.
• Use password managers to store and create strong passwords.
• Educate employees about the risks of sharing passwords.
• Encourage using different passwords for each account.
• Use features like collaborative accounts instead of sharing account passwords.

 

Cyber threats are constantly evolving, making it essential for businesses to stay informed and vigilant. Continuous learning and awareness in cybersecurity are vital for adapting to new threats and implementing effective defenses. Encourage everyone to participate in cybersecurity training, stay updated with the latest security practices, and foster a culture of vigilance to help ensure that your business remains protected in the ever-changing digital landscape. By staying proactive and informed, you can safeguard your business's online presence and maintain the trust and security of your customers.

Thank you for reading. Stay safe and secure online!

Don’t Take the Bait: Protecting Yourself from Phishing Attacks in Your Inbox, on Your Phone, and Beyond

 

 

The Anti-Phishing Working Group (APWG) reported that during the third quarter of 2024, there was a strong increase in phone call phishing, which was 28% higher than in the previous quarter. The report also noted campaigns that impersonated organizations not usually targeted, such as gas and electric companies, and city services.

Phone call phishing confronts the victim directly with an attacker backed by a team and a mature process, refined through trial and error. These attackers often perform this activity with near impunity, repeatedly setting the victim in an unfair situation. Let’s explore how these scams work, review one case, and discuss what alternatives we have if we get hooked in one of these situations.

 

How do phishing scams work?

A scammer (attacker) gathers information in preparation for an attack. They collect details from our online resumes, public profiles, and information we share on social networks or through other social engineering techniques.

 

They then craft a convincing or intimidating story. They may pretend to be from popular companies, government entities (like tax authorities or police), charities, service providers, financial institutions, or even impersonate employees using their public profiles.

 

This combination persuades the victim to interact with the scammer. If the attack is over the phone, they might trick you into not hanging up so you can’t verify their story. It can be much harder to refuse a request made over the phone compared to one made in a popup message in your browser, a text on your phone, or an email.

 

The final goal, whether they charm or intimidate their target, is usually to get a payment or sensitive information. At this point, the victim is too involved or stressed to think clearly. The scammer will offer options like payment apps, money transfer services, buying cryptocurrency, wiring money, adding money to a gift card, or receiving a check or money through an app.

 

Although this is a common pattern these attackers may use, they continue to evolve and change their methods, using technologies like Generative AI to achieve their crimes.

 

Case Study: Impersonation Scam.

 

December 30, 2024

 

The victim received a voicemail with the following message: “This is Sergeant G**** with the N**** County Sheriff’s Office, trying to establish contact. I believe this is A**** M****. Mr. M****, please give me a call back as soon as you get this. My callback number is 9##-###-####. Once again, my callback number is 9##-###-####.”

 

The victim was about to have lunch with their family and, due to the urgency of the message and the fact that it was from an authority, the victim did not want to delay and decided to call immediately. Sergeant G**** identified himself from the county Sheriff’s office and instructed the victim to move to a room away from everyone, alleging that the information was a legal matter and only the person involved was authorized to listen. The victim complied, and once alone, the officer started by warning that the call was about to be recorded. He explained the process and the alternatives in great detail. Each time he finished explaining something, he asked the victim to say their name and the date out loud as assurance that everything up to that point had been understood. The victim imagined the worst—that someone had cloned their identity and a criminal actor was misusing the victim’s name—which stressed the situation even more.

 

The first choice offered to the victim was to hang up and seek legal aid, with the consequence of following a path to the criminal process, which could lead to imprisonment and criminal charges being registered on the victim’s legal history record. The second possibility was to follow the civil process by freezing the citations against the victim. There were two citations, one for $1,750.00 and the second one for $1,250.00. After more than half an hour, there was still no clarity about the possible cause of these citations. The victim then questioned Sergeant G**** to clarify what caused this situation, and the Sergeant explained that there was a subpoena signed by the victim. The Sergeant promised that if it turned out to be an error, the money would be refunded.

 

The Sergeant asked what platform was convenient for the victim to make the payment. The victim, frustrated and thinking about what other criminal activities might be discovered in the coming days, recognized the need to be sure of every step and decision to minimize the impact of this bad situation. The victim then asked how they could verify that it was not a scam. The Sergeant offered to transfer the call to his supervisor. The victim rejected that offer, asked for the Sergeant’s badge number, and searched for the N**** County Sheriff’s office phone number. They called (with the speaker on) to verify the Sergeant’s identity. The person in the civil department immediately replied that it was a scam, and the attacker, after listening, hung up. Finally, the victim searched for Sergeant G**** and found a public profile on a professional social media platform. The victim continued on a preventive path and reported this to the authorities.

 

What could we do if we face this situation?

 

Prevention

The primary action recommended by the Federal Trade Commission (FTC) Consumer Advice is to block unwanted calls and text messages.

 

Identify the Red Flags

·       Isolation: The scammer will use any convincing argument to speak with you alone.

·       Conditions: The scammer will set persuasive rules to limit your choices, such as not hanging up the phone.

·       Lack of Information: Depending on their reconnaissance phase, they will struggle to justify their arguments. Avoid providing additional information.

·       Platforms: They will never have access to authorized payment platforms.

The FTC also mentions another crucial point: resist the pressure to act immediately. Legitimate businesses will give you time to make a decision.

 

Visit the FTC and FBI websites to stay updated on the best actions to take when facing a phishing scam.

 

What else would you do to prevent or stop such a situation? Please leave a comment.

 

Important links:

• FTC "How To Avoid a Scam",
• FBI "Scams and Safety"