Cybersecurity Awareness Training Impacts Organizational Resilience Cybersecurity [...]
We are all aware these days of how cautious one must be when it comes to electronic communications of any kind. Con-artists, or confidence artists (the term “artists” used very loosely in this case) or con-men (confidence men) seemingly lurk around every cyber (and even actual) corner to trick you by getting you into their confidence (hence the term) in order to get you to click on a link in an email, open a malicious attachment, or otherwise respond in some fashion that aids them and costs you something in return. Modern confidence crimes are getting more elaborate and ambitious.
Here’s a list of some of the latest scams and con-man trickery going around the cyber-sphere and business web:
- Spearphishing. We all know about email phishing scams, that try to get you to click on or reply to things like fake invoices or security updates, but many are still unfamiliar with spearphishing, which targets a specific person with far more personalized communiques that resemble, most often, a real company e-mail, or even a fake voice mail (a variant known as vishing) that appears to be from a boss or other department head or manager, and which tricks you into sending company documents or other sensitive data to the con-man’s email address or fax, or whatever other destination for the purposes of fraud.
- Fake invoices. These are typically sent to accounting departments and resemble invoices from companies the recipients normally do business with, with the unfortunate result that accounting generally just pays it. You may want to change up how you receive or authenticate invoices, such as move to a secure cloud connection where your accounts payable associates have shared access by way of 2FA or MFA (two-factor authentication or multi-factor authentication) if you have experienced the fake invoices scam, or just want to reduce your chances of it.
- Malware-infected USB drives. This is a new-fangled scam that entails the infection of a USB drive with some kind of malware variant such as spyware or ransomware, then leaving it on the ground for unwitting passers-by to pick up and plug into their computers, hoping to enjoy someone’s important data. Instead, what you will likely get if you fall for this confidence trick is, at best a malware program you will have to call an IT specialist to remove, or, at worst, a ransomware exploit that completely shuts down your computer and encrypts your files in lieu of payment. Another, more malicious variant of this is a USB “Kill Stick” that, when plugged in, will reportedly melt down and destroy everything stored in your computer’s hard drive, and very quickly, too. According to Hot Hardware, it can melt-down “just about any consumer or commercial device with a USB port in a matter of seconds.”
- False impersonation. This one is as old as the hills, but is still a perennial favorite of con-men everywhere. Some are getting so bold as to walk right into offices and pretend they are the representative of a company or a vendor the target company does business with. Always authenticate, verify, and make sure you identify unexpected visitors as who they really claim to be!
Tips for avoiding confidence scams:
- Never click on links embedded in emails.
- Make sure all financial accounts utilize two-factor authentication.
- Be leery of unannounced or unexpected “slick talkers” who claim to be an associate who needs access to someone or something you have not been made aware of. Authenticate!
- Implement employee training on confidence scams like the above-mentioned ones, in order to eliminate behaviors that aid con-men in their schemes.