It seems 2020 has been a bumper year for cyber criminals with SMEs through to corporates falling foul to ransomware attacks including Carnival Cruises, Hackney Council, Garmin, Pitney Bowes and Honda.
And it’s not just ransomware attacks, Twitter was hacked and criminals posted tweets from Bill Gates, Barrack Obama and Elon Musk. While the surge in the popularity of Zoom during the first phase of lockdown saw strangers hijacking online meetings.
On the SME stage, there has been a huge increase in spam as well as fraudulent attempts to gain access to company systems, email, financial records and so on.
Cyber security must remain front and centre stage for all businesses. Whilst your people are your biggest asset, your data comes a very close second.
So, whilst we have talked about phishing before, we felt it was worth exploring what to look out for as criminals become increasingly more sophisticated.
Spear phishing is when an individual is targeted, rather than the more blanket approach sent out in high volume, known just as phishing. Criminals are likely to have already built a small profile – they know the name, place of work, job title, email address and the kind of role somebody holds. When they send an email, it’s worded in a relevant way, using the kind of language you might expect. This means it can also often bypass spam/email filters. It is easy to be taken in by this approach.
This is probably one of the bigger risks while your team are working remotely. Without a colleague to ask for an opinion, and the more relaxed atmosphere of working from home, staff are more susceptible to this kind of attack.
Whaling takes a very similar form to spear phishing but is very targeted to senior level directors – CEOs, CFOs, MDs and so on. Whilst senior company executives might be more wary, the criminals work on the principle that when it works the rewards are much richer. Being able to mimic a senior director clearly adds weight, after all, who challenges an email from the Chief Exec?
And, yes, this really does happen. Sadly, more than one of our customers have fallen foul of this ploy and lost significant amounts of money after being hoodwinked into making fraudulent payments.
Yes, we know, these terms are becoming ever more confusing. Who knew there were so many ways to describe elements of cybercrime?
Both of these terms are elements of phishing but using phones rather than email. Smishing is the act of using text messaging, and there has been quite an increase in this recently.
Vishing is calling you, either by landline or mobile, and attempting to con you that the caller is from a legitimate organisation. The most common “callers” are from your bank, credit card company, HMRC or even the police.
Mobile rings… Recipient answers, and the caller says:
“An Inland Revenue fraud case has been opened in your name; you must press 1 now.”
Thankfully the person who received the call realised it was a scam and hung up.
Yes, that really is a thing! This is a relatively new approach by cyber criminals. This works by scanning social media. Crooks look out for people innocently ranting or complaining about poor service. They purport to be the customer service department of a business and then ask for various details to look into the matter. Before you know it, key information has been handed over innocently, and the scam is underway.
Adding additional security measures and training your staff regularly on security risks are also recommendations we give to our customers. If you would like to talk about that in more detail, please give us a call on 01784 437 123.
If you’d like to learn more about how we can support your IT systems, please get in touch …
The White House, 53 High St, Egham TW20 9EX