Some helpful information to help you understand and avoid 5 common cyber scams being used today.
1. Phishing Email:
You receive an email with the subject heading prompting immediate action. Often, these include notices that your account is suspended, closed or needs an update. Sometimes the title is something like: “Important update”. The email contains a link. Because that link directs you to a false login page, it is dangerous. It is here you will be prompted you to sign in. As a result, the cyber criminal gets critical information. This is a phishing email scam. The scammer wants to gain your password and other data. The purpose is to steal your identity and/ or your money. These email scams are made to look familiar. Sometimes they pose as a authority, a friend or known colleague or family member, for instance.
Best Practices:
Recognize that the danger is in the link or attachment. Scams arrive with information that is sent by email, with little or no message and include spelling or grammatical errors. In legitimate messages, many organizations will just include the important information in the body of the email or sent by regular mail. Do not “click” on a link without first ensuring it is a valid address. As scammers are more and more sophisticated and create convincing tricks so the reader takes action. So be wary of any emails or texts that you were not expecting. And be especially cautious with emails from unknown or suspicious senders. If you are unsure contact that individual or company directly to verify that the message. Make sure your firewall is functioning. Remember: Go to the direct source and fact check organizations as this is another way to understand and avoid 5 common cyber scams.
Important note: Bad actors that use phishing scams can take advantage of you by using current events and pose as a charity or organization that is in the news.
2. Hacker Scam:
Fake websites are commonly used to gain access to systems. Be aware of site URL’s. Check for the padlock and security certificate. Because the hackers try to create urgency, there will be a prompt and a link to follow the prompt. This link then causes your system to be infected with a ransomware virus and locks your system so a result is systems crash. Now, the computer and network systems are in control of a bad actor and you are faced with ransom demands.
Best Practices:
Be vigilant when surfing the Internet to ensure that websites are legitimate and from trusted sources. 1st Step: Pay attention to the domain name and check it. Scammers can make small changes to the company’s official name via spelling modifications like using “0” for ‘o”. Review the website address bar to verify the site. When you check the URL and be sure it starts with “https” (and ends with “s”) as opposed to unsecured websites, which start with “http”.
Never enter personal information on websites that are unsecured. Some browsers warn you of suspicious or unsecured websites. Legitimate companies have developed websites with grammatically sound content. Red flags to watch for include grammar or spelling errors. To mitigate potential attacks to your computer network, also be sure you have intrusion detection, anti-virus and anti-theft software in place and practice regular backup protocols. And only use a secure Wi-Fi with security protection software in place.
Important note: Don’t use open or use publicly accessible Wi-Fi when working on your laptop or any other technology device. Use a VPN.
3. Man in the Middle Scam:
Hackers find alternative ways to infiltrate and gain your data. In one scenario, you are working from home and decide to use your personal email in order to save time. Since your personal email is not encrypted, a hacker is able to access your emails. And this allows the hacker to obtain Personally Identifiable and other sensitive data. The hacker is then able to use this information for identity theft against your clients. Impact: you are faced with a potential third party liability claim.
Best Practices:
Companies will customarily use VPNs, Two Factor Authentication (2FA) and/or Multi Factor Authentication (MFA) alongside additional security in order secure their networks. Use protected networks when working from home. A great way to ensure protection is to be sure that your user name and password(s) are not easy to figure out by a hacker. Update your passwords regularly. Use passwords and user names that consist of a complex combination of letters, numbers and symbols. Avoid using common names and numbers. Because most scammers know that people repeat passwords, don’t repeat passwords across sites.
4. Texting Scam:
You receive a text message on your mobile phone that appears to be a support agency claiming to have sent you relief funds. This is a texting scam called “smishing.” Smishing is a blending of “SMS” (short message services, better known as texting) and “phishing.” When cyber criminals “phish,” they send fraudulent emails that seek to trick the recipient into opening a malware-laden attachment or clicking on a malicious link. Smishing simply uses text messages instead of email.
Best Practices:
Protect yourself, and don’t click on a link. Verify the sender and conduct research. You can copy the link or website address of the organization in question directly into your web browser and examine it so you can ensure it is legitimate. If you were not expecting the text message, it is most likely not real and is an attempt to infect device with malware and hold hostage to your device. Don’t reply and delete it immediately.
5. Phone Scam:
You receive a call on your phone and the caller tries to sound official, and is soliciting donations. Some scammers try crack your vulnerability by using current events or during from a crisis by offering loans, supplies or incentives.
Best Practices:
There is a form of social engineering fraud or scam called “vishing” and this is the fraudulent practice of making phone calls or leaving voice messages claiming to reputable. The scammer does so to induce individuals to reveal personal information, such as bank details and credit card numbers. Hang up and call the organization or charity directly to verify the validity of the call before providing any information. This extra verification step will help to protect you from financial loss.
When working from home consider these additional ideas:
- Implement a plan in case of a technology scam or cyber-attack. Conduct regular security audits and tests on your computer and systems.
- Mute or shut down any digital assistants such and apps that collect voice data.
- Don’t copy work-related information to personal technology devices
- Protect your privacy while video conferencing using platforms like Zoom or Skype by making the meeting private and update these apps so you can ensure you have the best security controls. Use the device security settings and become familiar with options.
- Don’t let family members or friends use your company equipment
- If you own or lead a business, make sure your company has cyber liability coverage in place.
- All of these items help you to understand and avoid 5 common cyber scams