Disasters and other big news events are “triggers” that move hackers to action.
Even before Hurricane Harvey’s wind died down, hackers already set up bogus charities to take advantage of people wanting to help the relief effort. Hackers even created websites and social media profiles to further their credibility.
Most people don’t know that cybercriminals are trend watchers. They’re “dark marketers” paying attention to major current events.
News aggregate sites like Reddit, Quora and Google Trends show current events state-by-state or nationally. These tools allow hackers to create phishing and phone scams related to those events.
Cybercriminals consider small businesses low hanging fruit and it’s why their attacks on small business keep increasing.
In spite of more robust security budgets, big business also suffers under the weight of cybercrime.
Equifax, one of the largest credit reporting agencies in America, recently dropped a bombshell that millions of Americans on 143 million Americans that an authorized third party gained access to their customer’s names, dates of birth, Social Security numbers, addresses, and in some cases, credit card numbers. It was a major score for cybercriminals!
Street value of hacked emails is high. Profits are made by selling off SSNs and drivers licenses for as much as $20 a piece to other hackers. Multiply that times millions and hackers had a big payday!
Most likely the victims in the sale of Equifax “spoils” are already being contacted in phishing emails, phone and other scams.
Using Equifax as an example again, an attack could look like this. You receive a phishing email that appears to come from Equifax saying, “Your data has been compromised. Go ahead and click this link (or it may be an attachment) and we’ll be able to tell if you’re one of the 143 million who was impacted.” So, you click on the link and the hacker is in your system working its way to your sensitive data.
In a hacker phone scenario, the call might sound like this, “Hey this is Ben from Equifax and we’re doing a double check to be sure your information is protected. But, first I’ll need to make sure it’s you. Can you give me your social security number and birthday?”
Other big news events like the death of a celebrity, a compelling human interest story, new disease breakthroughs and holidays like Christmas are just a few of the many opportunities hackers take to enter you system. They just need “one” person in your company—it doesn’t matter what their position, to give them access. Once inside, a hacker can move laterally across your network.
It can’t be emphasized enough, training your employees on email security should be one of the first goals for hacker prevention.
If you’re considering managed IT services, EO Johnson Locknet® has an affordable product for employee training on internet security that has proven to be quite valuable to our small business customers. (Their employees really like it too.)
Remember when your parents said don’t talk to strangers? The same advice goes for opening unfamiliar emails. Considering the sophistication of hackers, sorting out legitimate charities can be just as difficult.
Watch for indicators like:
For verification, check with third parties like Charity Navigator or Guidestar to confirm that the charity you’re considering is legitimate. You can also see if they’re registered with your state through the National Association of State Charity Officials.
We couldn’t be more happy to be part of Homeland Security’s efforts to get the word out on cyber security this month.
Most of the small businesses we serve are built by people who had a dream, put in the hard work and provide excellent service to their customers. Thinking ahead of cybercriminals keeps their momentum going! It’s what we do.