Cybercriminals never stop trying to come up with new ways of cracking your passwords and stealing your data. It’s a constant game of cat-and-mouse, and it’s vital to stay informed about the latest trends and scams. Here are three to look out for.
1. The fake attachment
It’s one of the oldest tricks in the book, but according toProofpoint’s June 2015 half-year threat report, the first few months of the year saw a spike in the number of emails sent with fake attachments – usually files that appear to be documents but contain hidden malware.
In May, for example, hackers stole more than a million records from the Japanese Pension Service after one of its employees accepted an attachment that arrived with what they thought was an email from the Ministry of Health.
The lesson is clear – be very careful when opening unexpected attachments, and never open one from an unknown sender. Wherever the attachment comes from, you’d do well to scan it first with a good anti-malware program.
2. The request for confirmation
With LinkedIn and Facebook’s combined “population” more than twice that of continental Europe, criminals can generally assume that the CEO, CFO and senior managers of a target company have online profiles floating around somewhere.
Using the information in those profiles they can then set up a convincing fake email or social media account. They can send emails, or even voice messages, from the manager they’re impersonating to lower-level staff requesting that they confirm sensitive information, like passwords or security procedures.
Fortunately, it’s easy enough to prevent this form of cybercrime by implementing internal identity authentication procedures (like two-factor authentication or even biometrics) and using email filters to block messages from “lookalike” addresses.
3. The social media scam
Some cybercriminals are creating tailored social media advertisements that take users who click through to online scams, or trick them into downloading viruses and malware.
As Proofpoint notes, “a single phishing lure, malware link or spam message posted to a high profile corporate social media destination may be viewed by ten thousand or more potential victims.” For example, Facebook is routinely flooded with false NFL-related content designed to look completely authentic. When it comes to your business, ensure any social media log-ins are carefully protected, and be sure to report any content that uses your brand to dupe customers.
What’s the prognosis?
According to the a report by Juniper Research, the global cost of data breaches is likely to hit US $2.1 trillion per year by 2019, with the average breach costing US $150 million. What’s worse, North America currently tops the list of likely targets – in 2014, for example, the FBI received an average of 22,000 cybercrime-related complaints a month.
In this environment, no business can afford to experience “breach fatigue” – the state of being so “numbed” by constant cyberattacks that you become careless about security. Instead, you must stay vigilant, install reputable security programs, and keep track of new trends in cybercrime. That way, you can keep your business safe, and your customers too.