Feb 26

Industry Insights

How to Spot and Prevent Cyber Scams

Cyber scam

When it comes to protecting yourself and your business from cyber scams there’s no “one-size-fits-all” solution. As new devices and technologies are adopted into a business the opportunities for cyber-attack become greater as entry points increase. To effectively protect the valuable information that motivates cybercriminals, it’s important to understand the different types of attacks.

Understanding the Warning Signs of Modern Cyber Scams

Cybercriminals use a wide variety of tactics to gain access to a device or network and attempt to extort money or steal valuable information. Social engineering is the art of tricking people into handing over confidential information such as passwords or banking details.

Here are the 6 most common cyber scams in use today:

Phishing Scams

Phishing attacks are an all-too-common occurrence in both corporate and personal networks. They happen when a criminal sends a communication (email, phone call, text, etc.) pretending to be someone else to extract or access credentials, personal data, or financial information about the targeted individual, or sensitive information related to the organisation for which the target works. 59 %of all successful ransomware infections are transported via phishing scams. Here are a few things to be aware of to help you better recognise these malicious scams:

Check contact names: Use caution if you receive communications from a source you don’t recognise that asks you to take an action, like providing personal information or signing into a website. Most, if not all, companies will never prompt you for your information via email or text. When someone does, this should be considered a red flag that they’re not who they say they are. Check their email address or phone number and compare it with the person or organisation they claim to be associated with for inconsistencies.

Look for misspellings and poor grammar: Professional organisations take the time to read their communications over before sending. Oftentimes, phishing cybercriminals do not. If you receive a message from a supposedly trusted source that includes typos, poor grammar or bad punctuation chances are it’s a scam.

Look for aggressive behaviour: If the subject matter and language of a message is overly aggressive, it is likely a scam. Have you ever seen an email in your SPAM folder saying something similar to, “Urgent! Your account is X days overdrawn Contact us IMMEDIATELY”? The goal here is to make you uneasy, panic and take the action the scammers want. Instead, check with the party they claim to represent before taking any immediate action.

Spear Phishing Scams

While phishing attacks are sent in mass and offer relatively easy-to-spot, spear phishing is highly targeted and much more sophisticated. Spear phishing scammers conduct in-depth research about their victims and take the time to understand their organisation, colleagues, interests, etc. to boost their chances of success. To better protect yourself from spear phishing, consider the following:

Verify the source of the email: If you receive an email from a trusted source but find it suspect or off topic again using aggressive wording or requesting access to confidential information contact the source using an alternative contact channel such as a phone call or text incase the source’s mail account is compromised.

Use discretion when handing over information: While it sounds simple, if users weren’t willingly handing out their information phishing wouldn’t be an effective scam!

Maintain good security hygiene: When you practice basic security hygiene, you deny scammers many of the common attack vectors they use to infect your machines and gain access to your information or organisation’s network. The implementation of simple, everyday habits can go a long way toward preventing scams being successful.

Baiting Scams

Baiting scams, as the name suggests, aim to bait unsuspecting users into performing a certain action like downloading a virus or entering personal information in exchange for the “bait.” This bait can be anything from free anti-virus software or movies users can download, to physical bait such as a USB drive left out for a victim to find and plug into their machine. While this type of scam can take many forms, the end goal is always the same: luring users to install something malicious. To protect yourself and your organisation, pay attention to these common indicators:

Beware “free” deals: As the old saying goes, “If it sounds too good to be true, chances are it is.” Many cyber scammers will attempt to lure victims in with promises of free downloads, free shipping, free subscriptions, etc. So, be sure to not only double check the source and read the fine print of any agreements but also do some background checks on the organisation making the offers.

Avoid unfamiliar external flash drives or hard drives: Baiting can be done digitally or with physical drives that install malicious software. Make sure you know the owner of the drive before you connect it to your machine.

Tech Support Scams
As the name suggests, scammers will pose as tech support employees, either working for a victim’s organisation or for an independent service in an attempt to gain access to personal information. Like the other scams listed here, success or failure is dependent on the victim falling for a social engineering attack. It’s important to watch out for some of the tell-tale red flags:

Lookout for unsolicited messaging: Rarely, if ever, will tech support reach out to “check in” or offer to fix your computer. If a tech support worker or company is reaching out to you via a popup ad, unsolicited email or phone call or through social media, it is likely a scam. Legitimate companies have established processes in place to update your products and services, such as published patches and updates or ways to address issues that are built directly into the solution itself.

Avoid installing anything from an unknown source: Unless it comes directly from a source you trust, downloading anything from the web comes with the inherent risk of infecting your machine. Like baiting scams, cybercriminals will often attempt to offer “free security scans” or “computer clean-ups” which then infect the victim’s computer with malware.
Lookout for actors who want remote access to your device: Remote access allows real tech support teams to “take over” a machine remotely to fix it. However, the same technology can be used to quickly access personal information on your device. If a source you’re unfamiliar with asks to gain access to your device, steer clear and report to your IT department.

Accessing Mobile Devices
Mobile devices are also being increasingly targeted by criminal scams. Fake applications used to mine for data or ransomware are widely available, especially for Android operating systems.

Avoid malware masquerading as legitimate applications and updates: A growing number of fake applications are available from third-party app stores (e.g. Apkmonk). In addition, implants and updates that exploit applications and devices such as crypto jacking malware are also commonplace. Also be wary of apps requesting unneeded permissions (e.g. Device Admin and SMS exploits, etc.)

Use secure WiFi: Be mindful of free WiFi. Public spaces and shops offering free WiFi connections are common locations for man-in-the-middle attacks where criminals will often broadcast the availability of WiFi services and then use them to capture data. When using public WiFi, use VPN connections and avoid sensitive transactions. Many mobile apps are also programmed to automatically connect to known connections, so cybercriminals often use common WiFi SSIDs, such as “Home Network” to trick devices into automatically connecting without requiring any user input.

Accessing IoT Devices
IoT devices are also an increasingly popular attack vector. Many IoT devices are easy to exploit, have a persistent Internet connection and use powerful GPU processors making them ideal for crypto mining and DDoS exploits.

Update credentials: The most common exploit strategy is to simply attempt to connect to an IoT device using its default username and password. Whenever possible, change the password on your routers, smart TVs, and home entertainment systems regularly.

As people continue to adopt more and more devices that connect to a network the risk of falling victim to a scam increases. Becoming aware of the common cyber scams targeting people today and recognising the tell-tale signs of those scams, will help safeguard your valuable information and networks.

Talk to us at Novi for advice on Cyber Security strategies and solutions.