By: Patti Maluchnik, CIC, CBIA
Georgetown Insurance Service, Inc.
The unfortunate reality is that as technology continues to evolve, so do hackers. Today, cybercrimes are more sophisticated than ever. But with so many scams out there, how can companies stay on top of these potential threats? Here are several cyber scams to keep an eye out for in the new year.
Say No to the CEO – It’s not uncommon for hackers to “assume” the identity of the CEO or company president. Employees can receive fake emails that appear to be from the CEO or another member of the leadership team but are phishing scams called business email compromise (BEC)— an exploit where attackers gain access to a corporate email account and spoof the identity of a high-level executive in order to trick people into transferring money or other sensitive information. It’s important to remind all employees to verify any weird tasks or requests they might get. Staff should always be wary of clicking links, sharing information or filling anything out online. I can personally attest to this type of scam as the very same attempt happened to me not that long ago. If you receive a suspicious email, talk to the individual sending the request either in person or over the phone. If their email has been compromised, replying or sending another email is likely to just go right back to the hacker.
Watch Your Texts – Ever receive a text from an unfamiliar number? Most of us have by now, and hopefully, you haven’t replied. Smishing (SMS phishing) is yet another form of social engineering that tricks users into downloading viruses and other malware onto their mobile devices. These text scams have been on the rise in 2018 and are likely to increase in 2019. The FTC warns not to reply to any unfamiliar number. Doing so may install malware on your phone that will collect personal information without you even knowing or you may find yourself with unwelcome charges on your next wireless bill.
Anything but Antivirus – This one involves a bit of irony. You’re surfing the internet, maybe even conducting some very important Google research, when a reminder pops up to update your antivirus software. You wouldn’t want to be caught with outdated antivirus software, would you? Then all the hackers could get you…but wait, they just did. While this scam may be years old, it’s still one of the most common (and most successful). If you’re ever in doubt that your antivirus software is out of date, it’s always best to check with your IT team or service provider. In fact, employees should make it a habit not to download any software or update without contacting their IT department first.
So Sophisticated – Gone are the times when changing your password would solve all your problems. Regrettably, the spammers sometimes win and gain access to your email. It isn’t uncommon for hackers to “steal” your outbox information and continue sending reply emails on existing email threads. Sometimes the emails will even include legitimate looking attachments that contain a virus or malware. While emails may appear to be coming from your email address, they’re often being sent from an outside server. And the unfortunate part is once the emails are sent, there isn’t much that can be done to stop the process. All you can do is change your password immediately, apologize to those affected, and move on. (HINT: a key way to avoid getting your email stolen is to have a complex password and use two-factor authentication).
Tax Time – The IRS is warning the public to brace themselves for a surge in email and phone phishing scams. As tax time rolls in, it isn’t uncommon for hackers to try their luck posing as representatives of the agency. As a reminder, the IRS will never call or email to demand payment or personal information, and they will never require payment over the phone. For taxpayers who get phishing emails, the agency recommends not replying to the message and being sure not to click any links or open any attachments. You can forward the email directly to email@example.com, then delete it completely.
Incoming Call from…Microsoft? – Calls coming from “Microsoft” are becoming more common as the years go by. You may receive calls from someone stating they are with Microsoft support and have received a notification that your computer has been compromised or they want to assist you in getting your license registered. They may then ask you to go to your computer and access a certain webpage or click a link via email. At this point, STOP. Never access a webpage or link given by someone claiming to be from Microsoft. As you can probably surmise by now, doing so can give them access to information on your computer, install a key logger (which tracks your keyboard clicks…and hence, your passwords), ransomware or a virus. Remember, any legitimate communication with Microsoft will always be initiated by you directly.
Sharing Isn’t Always Caring – This scam refers to emails that include a link to a shared file or document. Once opened, the email asks you to sign in to what appears to be one of the many cloud-based services available (such as Microsoft OneDrive, Dropbox, and DocuSign) to retrieve the document or file. However, once you open the document or click the link, there’s nothing there. You may have just shared your contact list with the spammer, or worse yet, installed malicious software onto your computer. If you’re not expecting a document of this kind from a specific company or person, then it’s probably fraudulent. If you suspect something suspicious, call the sender to make sure they intended to send a document to you and if you don’t recognize the sender, you can report a fraudulent email to your file sharing provider by visiting the fraud section of their website and following the instructions. In addition, using a spam-filtering company to scan your company email can certainly cut down on the number of fraudulent emails received in your business. But it’s important to remember that some will always get through, so training your staff to identify these types of emails is critical.
Just like in 2018, businesses will continue to fight the ongoing cybersecurity battle in 2019. However, armed with the right knowledge and education, companies today can recognize the threats facing them and implement even better ways to help protect themselves. It’s always a best practice to be skeptical of unfamiliar emails, attachments, phone calls or texts. And even if you do experience an email compromise or other type of data breach, you can help insure yourself against these threats. Talk to your agent today about what cyber coverage options and additions are available for you.