Don’t Get Hooked!

Cyber criminals are trying to lure you in continually, with a variety of attacks.

Businesses are under a continual onslaught of attacks from cyber criminals. As computer networks become more interconnected, and businesses  fully depend on this web of systems to operate, the attackers are finding more advanced ways to hook you. One of these methods is phishing, which also includes text phishing and voice phishing (vishing). These techniques exploit a variable that all businesses have, people. The attackers use very sophisticated methods to trick you or your employees to steal valuable information (passwords, account numbers, etc) or directly steal money instantly from your business. Lets look more at each of these three methods, and discuss how you can protect your business from these attacks.

Phishing

Phishing is when an attacker sends emails to your business pretending to be another company you do business with or a member of your team. Usually the business  accounting department email addresses as well as executive or key member email addresses are the target of this attack, however any or all of your email addresses can be a target.

One way this attack looks is the attacker will pretend to be your bank. They will send an email appearing to be just like your bank would send asking you to login and update some information or even that your account has security issue, the email will provide a link for you to click. Do not be fooled by this, they are creating a sense of urgency to get you to click the link. If you click the link, you are re directed to a page that looks just like the bank site, you enter your login credentials, and now your bank log in is stolen.

Another way this works that can cause your business to loose money instantly, is via a fake invoice. An email is sent to the accounting email address of your company, which is normally accounting@company_name.com. This email appears to be from a vendor or even an member of your team. It will contain a fake online invoice for you to pay. If your company has no anti phishing protection, and your accounting thinks this email is real, they will access the online invoice and pay it. The cyber criminals have now just stolen your money, right from your accounting department. 

The two methods described are very real, and happen routinely to businesses across America. The fallout can be difficult to clean up, and the cost in time and money can go very high depending on the scale of the attack.

Luckily this method of attack can be prevented. Contact your local Cyber Security vendor and discuss anti phishing systems. There are very modern AI Driving anti phishing systems that can prevent these criminals from hooking you and stealing your money. Go get a software solution for this ASAP!

Text Message Phishing

Text Phishing is very similar to normal email phishing. This type of attack is generally targeted at individuals not a business. Text phishing exploits people to click links that they have been sent to their cell phones via text message. With people receiving so many daily alerts on their cell phones, and via text, attackers are able to trick people into clicking these links, by relying on the fact that people tend to click links they get sent.

This attack operates just like email phishing. A text message is sent to your cell phone stating something to the nature of your account is having a security issue, please access the link and update your information. The link they send will take you right to a fake bank email web site, where you enter your credentials and your account is now compromised.

Preventing these sorts of messages is difficult. There is  (at the time of writing this) no technical solution. The real solution is awareness, and people need to be aware, and not click links in text messages.

Voice Phishing

Voice phishing much like the other two prior discussed attacks, works the same way. An attacker contacts you via phone pretending to be your bank or the IRS, and asks for information. This attack is very common and relies on peoples sense of urgency when it comes to banking and other financial organizations.  The attacker will often  fake the Caller ID of the company they are pretending to be. Do not be fooled by this tactic, Caller ID is easily spoofed. This is being reduced by the slow implementation of Stir-Shaken which is the FCC method for slowing down spoofed calls. However this attack is very common and is not slowing down at all.

There is no technical solution to this. As above the solution is awareness and training. If any one claiming to be from your bank, or the IRS (the IRS NEVER CALLS) hangup, and call back directly to the number of the bank if they need to speak with you, do it at that time. Always call IN to the bank, never take any calls from a bank and provide information.

Get A Free Cyber Security Assessment Today
Call Voipcom 480-571-4454