Every day, we share information digitally. Business as usual, right? But what about the risks trying to undermine your business, steal your data, and clean out your company’s bank account?
In June 2017, the FBI released its annual Internet Crime Report showing $1.3 billion in annual losses due to Internet crime. The numbers are probably even higher because companies are hesitant to publicize themselves as victims of cybercrime.
Cybercrime continues to plague our Internet society, and the FBI’s Internet Crime Complaint Center (IC3) highlighted three specific crimes in their annual report: Business Email Compromise, Ransomware, and Tech Support Fraud. We’ve expanded on these cyber threats so you can educate yourself and your employees, and hopefully, avoid becoming a victim.
Business Email Compromise
Business Email Compromise scams go by various names. Call it a BEC scam, CEO fraud, or a wire-transfer scam, the goal is always the same – target organizations that routinely execute wire transfers. Why? Because human error can be easily exploited.
How the Scam Works:
The premise of the scam starts with an attacker hacking or spoofing the CEO’s email account, often while he or she is out of the office. Next, the criminal emails specific targets in the organization requesting an urgent wire transfer. Due to the authority, urgency, and consistency of the email, many times organizations fall victim and comply with the wire transfer request.
Common scenarios here target the finance department while the CEO is out of the country on business travel and unavailable to confirm the request. During tax season, attackers will target the HR department requesting personal information, like employee W-2 forms. Hackers even pose as lawyers or law firms to request fraudulent transfers.
BEC Scam Prevention Tips:
- Scrutinize the validity of any email requesting a wire transfer. Ensure it’s consistent with other transfer requests (timing, frequency, amount, recipient, etc.). Examine the sender’s email address for any changes mimicking the legitimate email.
- Confirm the transfer request in person or via phone call. Make sure there are dual approval protocols in place as well as a protocol for requests made by traveling executives.
- Educate your employees, emphasizing the warning signs. Oversharing is a cyber criminal’s dream, so use caution when posting an executive’s travel schedule or other employee information on social media.
Ransomware is the most notorious type of malware these days. Cyber criminals constantly have their lines in the water baiting victims to click on a phishing email or visit a compromised website to deliver ransomware.
The goal is to encrypt your files and deny you access to critical data or systems. Ransom demands in cryptocurrency (i.e. Bitcoin) keeps attackers anonymous and under-the-radar.
Ransomware Prevention Steps:
- Regular Patching: Many vulnerabilities leveraged in ransomware attacks are well-known flaws that have been exposed (i.e. WannaCry and NotPetya). Many attacks can be prevented through regular patching and updates.
- Close RDP; Use VPN: Close remote desktop protocols unless they’re strictly required. If you must use RDP, either whitelist IP’s on a firewall or do not expose it to the Internet. Only allow RDP from local traffic. Setup a VPN to the firewall and enforce strong password policies.
- Segregate you Networks: Separate your network into smaller, independent networks. This limits a ransomware infection from propagating across an entire organization by isolating networks.
- Offline Backups: Regularly backup any files stored on your devices. Ensure your backups are not connected to the rest of your critical network.
- Employee Training: Educate the workforce about ransomware and the associated dangers and threats. Anti-phishing training is one good approach. But overall cyber security awareness is important as ransomware is delivered through other vectors as well.
Tech Support Fraud
Tech support fraud is a type of social engineering where the criminal poses as a legitimate party offering technical support to victims. The intent of the fraudsters is to gain access to a victim’s device. From there, they can leverage their access for financial gain or engage in other malicious activity.
Many fraudulent tech support operations exist. There are several different ways the criminals will try to reel you in:
- Fraudsters are known to cold call and attempt to convince victims to allow remote access into their devices.
- Pop-up or locked screens are leveraged to take advantage of unsuspecting victims who a link on a compromised website.
- Fraudulent tech support companies use search engine optimization to appear at the top of search results for tech support.
- Fraudsters register URL domains similar to legitimate sites to take advantage of typos or errors made by victims who are typing in a web address.
Beware the Overpayment Scam
Cyber criminals are always looking for a new way to victimize you, and the overpayment scam is gaining traction. Posing as good-hearted professionals, criminals offer victims a refund for previous tech support services. Once they gain online access to a bank account, they first transfer money around between the victim’s accounts to make it appear the refund was too much. Before the victim notices anything odd, the criminals will request a wire transfer for the excess funds.
Keys to Mitigate Risk
As cybercrimes continue to increase, your organization needs to be diligent about analyzing its cyber risk. Errors happen, and raising cyber awareness among your workforce is key.
ePlace provides cyber training programs on our risk management platforms as a resource for educating employees on cyber threats, and we encourage you to implement these if you haven’t already.
Finally, the FBI urges victims of computer crimes to report the incidents to IC3.gov. The IC3 unit is part of the FBI’s Cyber Operations Section and uses the reports to compile and refer cases for investigation and prosecution.