Cybercriminals are targeting small businesses with increasingly sophisticated attacks. “Corporate account takeover” is a form of identity theft of a business. Criminals phony emails pretending to be someone you know to trick you into clicking on links or attachments that can lead to malicious software being installed on your computer. Once this happens, they will ask you to enter credentials where they will gain access to your email account. At that point, they will send emails to the bank appearing to be from you to initiate ACH and wire transactions.
Companies of all sizes are being targeted by criminals through business email compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee often a senior executive or someone who can authorize payments and instructs others to transfer funds on their behalf. According to the FBI’s Internet Crime Complaint Center, over $10 billion has been lost by victims in the U.S. due to these scams.
“Any business that conducts transactions overseas or regularly performs wire transfers should stay alert for these scams,” said Certified Information Security Manager Margo Leiter. “Companies can protect themselves and their employees by using alternative communication channels to verify any large transaction requests and by educating their employees on potential red flags of fraud.”
Stop Ransomware Before It Stops You!
Ransomware is a type of malicious software that encrypts files, preventing access until a demanded sum of money is paid in exchange to unlock files. Individuals and businesses have become targets in this growing online fraud.
While monetary losses to individuals and businesses can be excessive, businesses have more to lose, since cybercriminals can gain access to clients’ personal information and extort money from them as well as the business. Fraudsters can buy a kit on the dark net for about $175 and charge a business a ransom of approximately $84,000 per attack.
Certified Information Security Manager Margo Leiter offers nine tips for consumers and businesses to help prevent ransomware attacks.
Tips for consumers:
• Don’t click. Visiting unsafe, suspicious or fake websites can lead to the intrusion of malware. Be cautious when opening any email with attachments or links you are not expecting, even when you recognize the sender. When in doubt, throw it out!
• Always back up your files. By maintaining offline copies of your personal information, ransomware scams will have a limited impact on you. If targeted, you will be less inclined to heed threats posed by cybercriminals.
• Keep your computers and mobile devices up to date. Having the latest security software, web browser and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you’ll receive the newest fixes as they become available.
• Enable popup blockers. To prevent popups, turn on popup blockers to avert unwanted ads, popups or browser malware from constantly appearing on your computer screen.
Tips for businesses:
• Educate your employees. Employees can serve as a first line of defense to combat online threats if properly trained to recognize malicious emails, websites and online ads. A strong security program paired with employee education about the warning signs, safe practices, and responses aid tremendously in preventing these threats.
• Manage the use of privileged accounts. In an effort to limit your network’s exposure to malware, restrict users’ ability to install and run software applications on network devices.
• Have a plan. Determine how you will keep the business running in the event of an attack. Teach employees what to do, such as unplug from the internet immediately. Law enforcement doesn’t recommend paying the ransom as this encourages criminals to continue. Routinely back up and store the data on a separate device or offline in order to access it in the event of a ransomware attack.
• Protect your systems. Keep antivirus, anti-malware, and firewalls up to date and patched. Conduct regular scans. Hire a security professional.
• Report ransomware. Contact your local FBI field office immediately to report a ransomware event and request assistance. Visit https://www.fbi.gov/contact-us/field to locate the office nearest you.
Cyberattacks are becoming more and more sophisticated and common. According to the 2019 Norton Cyber Security Insights Report, 152 million U.S. consumers were victims of cybercrime – more than half of the country’s adult online population – with losses totaling nearly $11.3 billion. Wauchula State Bank is highlighting ways to help consumers protect themselves against online fraud.
“The internet is home to some of the most notorious fraudsters,” said Certified Information Security Manager Margo Leiter. “As consumers become more and more active online, they must take steps to protect their information from cyber thieves, including establishing strong network passwords and making sure to connect to secure websites.”
Leiter recommends the following tips to help keep your information safe online:
As of January 2020, there were approximately 246.3 million mobile internet users in the United States, accounting for 87 percent of the population, according Statista, a provider of market and consumer data. Review 42 reports that the average user will tap, swipe, and click their phone 2,617 times a day and spend 171 minutes a day on a device.
According to a recent study by Javelin Strategy & Research, identity fraud reached $16.9 billion in 2019. As identity fraud continues to be a major threat, Wauchula State Bank is offering tips to help consumers proactively protect their information from identity thieves.
The arrival of hurricane season in the midst of the COVID-19 pandemic requires us all to be doubly vigilant. You’ll be hearing a lot about hurricane preparedness when it comes to protecting yourself and your loved ones in terms of shelter, safety and supplies. Researchers are predicting 19 named storms this year, and FEMA (Federal Emergency Management Agency) has posted some important operational guidelines on its website (fema.gov).