We tend to think of hackers as dark, hooded, evil-looking, threatening characters. But the reality is that they could just as easily look as non-threatening as the boy or girl next door, or like you and me!
The same is true for some of the tactics they use, which on the face of it look like the real deal. Innocent. Not threatening. Not suspicious. Nothing that makes a warning bell go off in your head.
For example, there has been a wave of increasingly sophisticated email scams, where hackers have accessed corporate email accounts and have requested what appear to be legitimate bank account changes for a vendor. Your finance department probably receives such requests fairly routinely. So why would they suspect that anything is awry?
Despite a worldwide pandemic, cyber attackers haven't stopped poking holes in our defenses. This is especially true because millions of people are working from home where their defenses may not be as airtight as those of their corporate offices.
Bank fraud is so common that no one person or company is immune. And the most common entry point is email, as in the example above.
Another common attack is “phishing.” An attacker might send you an email pretending to be your bank and asking that you validate a recent purchase. When you click on the link in the email, it takes you to what looks exactly like your online bank account, except it is actually a clone controlled by the attacker. You might think you’re at bankofamerica.com but if you look closely, the “from” email address is actually bank0famerica.com (with a zero instead of a lowercase “o”).
Some scammers will even call you and pretend they’re from Microsoft, the IRS, your bank, one of your clients, or vendors. They might even pretend to be from your company’s cybersecurity provider alerting you to a potential breach. Then they persuade you to give out your personal or corporate information to (ironically) protect you. Don’t fall for it.
You need to know that your bank or other financial institution would never ask you to confirm these credentials in an email or an unsolicited phone call. When in doubt, contact your bank, your client, or your vendor directly to see if it was really them.
What Should You Do to Stay Safe?
At a corporate level, Liberty Grove Software recommends the following:
Monitor third-party vendor connections
Implement multiple layers of protection
Use strong authentication methods
Upgrade your software with the latest security patches
Encrypt your data
Use monitoring software to ensure that your current virus protection is running and has not been disabled
Make sure your firewalls are configured correctly
Perform regular internal security audits
Plan for annual updates and improvements
But the single most important thing you must do is to review your security protocols with all your employees, in-house and remote.
Make sure they are aware of rampant email scams.
Show them how to check “from” email addresses for anomalies.
Emphasize the danger in clicking links from unverified sources.