With each year technological advances, invite a rise of cyber criminals. If 2018 taught us anything, it’s that cyber threats aren’t letting up anytime soon! As we shift our focus into 2019, it’s critical to not just protect against today’s threats, but to educate clients on how they can actively steer clear of malicious activity and defend themselves before it’s too late.
Being educated on current threats is key to ensuring those that dominated 2018, don’t make their mark on 2019 as well. With that being said, today we’ll take a closer look at some of the key threats of 2018 to be aware of as we wrap up the first month of the new year. Each and every cyber attack comes with a lesson, but without learning from these lessons we are doomed to repeat the same mistakes year after year.
Here are FIVE threats you’ll want to keep in your back pocket when thinking about how to keep yourself and your customers protected:
1. Phishing attacks are all too common!
1 out of every 150 emails scanned per month are unique, zero-day email attempts. Even though these emails are all classified as phishing attempts, each one is a little different than the last. Ranging in focus from money scams, malware distribution, disguised links, and many more.
This past year there was also a significant rise in Account Takeover Attacks. ATT, is when a cybercriminal uses stolen credentials to use a legitimate email account. After they compromise a legitimate account, it’s used to launch a Business Email Compromise (BEC) attack from the real individual’s email address. Approximately 43% of the time these attacks are targeted at individuals such as the CEO. These attacks center on a wire transfer or to click a malicious link. Read this article to discover how you can protect your customers.
2. Zero-day exploits and impersonation tactics
Last year saw a massive growth in impersonation scams across the board. Basically, they’re delivered via email to your inbox. What’s scary? These phony emails slide by commonly used email security filters, and are delivered right into users’ inboxes. This is a truly unique threat in that it uses zero-day email links. This means these are scams never seen before, and thus are undetectable by most email security platforms. As soon as the user clicks on a link in the email, they are encouraged to enter their log in information for sites such as Outlook, DocuSign, and Google Docs, thereby leaving themselves vulnerable without even realizing it. Click here to learn about defense tactics against Zero-day exploits!
3. Gift Cards may not be a gift after all
At the close of 2018, a new targeted spear phishing attempt took off. This attempt was to trick victims into sending gift cards to their cyber attacker. As the holiday season progresses, there is a significant raise in gift card purchases, from the CEOs. However, the ones making the actual purchase are usually the office managers and receptionists. With this fact in mind, it made it easy for cyber criminals to craft an attack targeting these individuals by impersonating the CEO. By implying urgency and a speedy turn around, these attacks have been quite successful.
4. Password Thieves are using common file types
Cyber criminals showed no signs of slowing down their attempts at password thieving in 2018. This continues to be a huge focus this year and, in the years to come. Often times, cyber thieves attempt to steal username and password credentials by using common file types, like a Word doc or an Excel file, to trick users into opening malicious documents. Because of the familiarity with these common file types, unsuspecting users most likely won’t suspect anything malicious.
5. Video extortion and tricks
This type of attack certainly ranks high on the scare factor. Attackers essentially type the user’s stolen password in the subject line of the email being sent. This attack can be quite frightening as there is no doubt the attacker has the information from the users account as it is right in front of them in black and white. The kicker is that the email requests a transfer of Bitcoin in exchange for the attacker to not release an incriminating video of the user. What might be missed in a moment of panic, is that there is no proof the attacker has an incriminating video at all. Oftentimes seeing the attacker has your password would frighten a user enough to comply blindly.
Email Phishing can be quite convincing if you are unsure of what to look for. These scams can wreak havoc on an any business, so it is imperative employees are properly trained on what to look for in an email that contains malicious content on a regular basis.
There are a number of steps you can take and mindsets you should get into that will keep you from becoming a phishing statistic, including:
1. Always check the spelling of the URLs in email links before you click or enter sensitive information
2. Watch out for URL redirects, where you're subtly sent to a different website with identical design
3. If an email seems suspicious, contact that source with a new email, rather than just hitting reply
4. Be mindful of spelling errors and typos throughout messages
5. Don't post any personal information publicly on social media
Preparing for, anticipating, and responding to data breaches and cyber intrusions is the best way to protect your business against fines, a bad reputation and a loss of clients.
LACyber is a division of Lincoln Archives providing comprehensive Data Breach Defense Services. Lincoln Archives and LACyber are proud to be a part of Lincoln Family of Companies serving the Western New York Community since 1914.