The Latest Cyber Scams: Protect Yourself and Your Business
Keeping up with new and emerging cybersecurity scams requires constant vigilance. Scams are continually evolving, as bad actors strive to stay a step ahead of their potential victims. They know the ins and outs of technology, and once they spot a vulnerability, they pounce on the opportunity to steal credentials, money, identities, intellectual property — anything of value. Information is your first line of defense. Understand the risks, put protections into place and know what to do in the event a scammer tries to engage with you. Dr. Trebor Evans, Chief Information Security Officer and Senior Vice President at Dollar Bank, shares three of today’s most common cybersecurity risks, along with tips for protecting yourself and your business.
It’s human nature to try to make things as easy and efficient as possible, but when it comes to protecting your information and accounts, some extra effort can pay off. Once a scammer has access to your username and password, they can wreak all kinds of havoc, from draining your financial accounts to stealing your personal information. The following best practices can help protect your credentials, accounts and business. Share them with everyone on your team to help them keep their information secure, too.
Use multi-factor authentication (MFA) wherever possible. If a scammer manages to get hold of your username or password, MFA can stop them at the gate. MFA is technology that requires multiple methods of authentication (proof of identity) for successful login. For example, after inputting your username and password, a site will send a one-time passcode (OTP) to your phone that you must enter before being granted access. This provides an extra layer of protection. Beware of OTP scams, however: Scammers will try to intercept OTPs through social engineering ploys. If anyone asks you to share your OTP, no matter who the caller or texter says they are, don't do it.
Make every password unique and when you change it, change it significantly. It’s hard to remember a lot of passwords. That’s why so many people use the same password across accounts. Huge mistake. If a cybercriminal figures out one of your passwords, they will try it across a myriad of accounts. If you’re using it in multiple places and not using MFA, they can get easy access to each of those accounts. When a change of password is required, use one that’s strong and unique; don’t change just one or two characters to make it easy to remember. Once a password has been cracked, malicious actors will try many close variations to see if they can uncover the new one.
Be safe about jogging your memory. Though it can be difficult to remember many different passwords, resist the temptation to store your credentials in your browser. Always answer DON’T SAVE when the message “Save (or Update) login for this site?” pops up. There are safer ways to remember your password — namely, by creating a passphrase to help you remember or using a reputable password manager to help you generate and store strong passwords. If you choose the latter, be sure to keep your master password in a secure area in case you ever forget it.
Phishing and Smishing
Phishing isn’t new to the cyberthreat scene. Scammers have long been sending emails posing as reputable companies or individuals to deceive recipients into clicking malicious links. Those links may trigger ransomware downloads or take their victims to fraudulent sites where they are asked to provide passwords, account numbers or other confidential information. What’s new about phishing and its text counterpart, SMS phishing or "smishing," is that perpetrators have improved their craft so it’s increasingly difficult to discern whether a message is legitimate or not.
Scam emails and texts used to be fairly easy to spot: Misspellings, poor grammar and outrageous claims were red flags that someone was trying to swindle us out of something. Today, they can be quite convincing in their appearance and messaging. One of the red flags to look for is a sense of urgency. For example, a message instructing its recipient to send a payment immediately plays on that person’s desire to be responsive, particularly if it appears to be from their manager or a high-level executive within the company. Another warning sign is messaging that focuses on a hot-button issue of the day. COVID, the war in Ukraine, student debt relief — fraudsters know how to bait their messages with topics of concern and reel their victims in by appealing to their emotions or sense of responsibility.
Phishing and smishing continue to be two of the easiest paths for bad actors to get into a company and do harm. All you need is for one employee to click on one malicious link. Teach them to be wary, and to slow down and evaluate each message and its source before they respond. If it looks or feels wrong, it’s probably wrong. They should verify the sender through another channel — e.g., call and ask their boss if they actually sent the request — before taking any action. If the message turns out to be fraudulent, other employees should be made aware of the scam so they don’t fall for it, and the email address from which it came should be added to the company’s email blocklist.
Ransomware attacks continue to be a serious threat to individuals and businesses. In this cyberattack, ransomware is introduced into the computer potentially through clicking on a bad link in a phishing email or unauthorized access. Once triggered, it spreads and locks victims out, demanding a ransom for data decryption.
Protecting against ransomware requires these important actions:
Stay current with hardware and software updates. Updates often include security patches to address vulnerabilities that may have emerged since your last update. They help secure your system against illegitimate access so that ransomware attackers can’t get in to download malicious programs.
Regularly back up all critical data onto an external hard drive. Having a backup is vital to protecting your data in the event of a ransomware attack. A backup on the same computer or to an external drive that is always connected won’t help; if the computer gets hacked, you won’t have access to the data or the backups. Use an external hard drive that automatically backs up your files, or be sure to plug in periodically and manually back them up. Some people choose to store their backups in the cloud. That’s a good option, too, as long as you have the right controls in place — namely a separate login and MFA.
Protecting yourself and your business from cybercrime comes down to building your awareness of the latest ploys and putting protections into place to thwart them. Stay informed and never let your guard down.
Dollar Bank offers your business a broad range of fraud mitigation products designed to protect your accounts from unauthorized transactions, including fraudulent checks and electronic transactions. Our treasury management experts are here to help. If you'd like to discuss solutions for your business, call 1-855-282-3888, Monday - Friday 8:30 AM - 5:00 PM.
This article is for general information purposes only and is not intended to provide legal, tax, accounting or financial advice. Any reliance on the information herein is solely and exclusively at your own risk and you are urged to do your own independent research. To the extent information herein references an outside resource or Internet site, Dollar Bank is not responsible for information, products or services obtained from outside sources and Dollar Bank will not be liable for any damages that may result from your access to outside resources. As always, please consult your own counsel, accountant, or other advisor regarding your specific situation.
Posted: October 05, 2023