Sebastien Lahtinen, co-founder of thinkbroadband.com
The internet has undoubtedly brought the world closer together, but it has simultaneously provided an easy means for cyber criminals to steal valuable assets or commit other criminal offences.
There are many different types of online scams, from ransomware and phishing emails to banking scams and fraudulent purchase receipts. Unsurprisingly, businesses are continuously targeted due to the sheer amount of capital the attacker could potentially gain access to if successful. This year has already played host to the ‘bogus boss’ scam, which saw an accountant tricked into transferring £372,000 of its client’s money into foreign bank accounts. This followed a barrage of emails and calls convincing them the client was buying another business in such a short space of time that the agent was unable to sit back and question the validity of the communication.
A business is only as secure as its weakest link which is why it’s vital professionals at all levels are aware they should look out for the following four elements to safeguard against cyber attacks.
- Unexpected contact – Although not all unexpected contact from third parties is dangerous and should be expected in the business world, if there is any doubt regarding the authenticity of the contact then proceed with caution
- Call to act now – Scam messages will almost always be accompanied by an urgent call to action and warnings that failing to respond will result in severe consequences; such as network disconnection or legal action. It’s unlikely such a tone would be taken by a legitimate organisation, unless the business is aware of an ongoing issue, such as chasing late payment
- Buying your confidence – Scammers will attempt to use supposedly private information, such as employee details or account numbers, to give professionals a false sense of security. Be cautious – this may have been acquired through nefarious means
- Requesting an action – All cyber criminals have an end-goal and this will be evident in the communication. Whether it’s visiting a website which opens a business up to vulnerabilities, letting them control a device remotely or simply inputting account details, doing so can directly result in criminals gaining access to business finances
Although staying vigilant will protect against the most common forms of cybercrime, more sophisticated attempts to gain access to sensitive business data can be more difficult to spot. Unfortunately, it is often these attacks which result in the most disastrous results for businesses across the globe, but most are completely avoidable.
Top tips to beat online scams
- Don’t trust the ‘caller ID’ information – although many will use the number displayed on a phone to authenticate the caller, faking this display is actually much simpler than many assume. Professionals shouldn’t assume their bank is calling, just because a mobile display says so. Similarly, creating fake email addresses isn’t complex and can catch out those not paying close enough attention to their inbox
- Never visit a website, install software or call a number provided in an email or during a cold call – Many scams will rely on the target visiting a website which has been infected with malware or enables them to take remote control of a device. If the contact is legitimate, its validity should be confirmed on the provider’s website
- Alternate devices following suspicious contact – When receiving a call on a landline, the call doesn’t necessarily instantly disconnect when the user hangs up. After a suspicious call, the criminal may be attempting to track future calls so using a work mobile afterwards will increase security levels
- Microsoft won’t call following error reports – Many con artists attempt to gain trust by claiming to be from Microsoft to discuss error reports they’ve received. However, almost all professionals will have experienced an error report at some point and Microsoft wouldn’t respond over the phone, this is a malicious attempt to gain access to a device remotely. The same is true of internet service providers, only the smallest would even contemplate calling to offer advice on removing a virus from a device
- Be wary of friends asking for money online – If friends, family or even colleagues ask for money in an email or over text message, always confirm this request is legitimate either over the phone or face to face to ensure they haven’t been hacked. Doing so will ensure “bogus boss” attacks won’t begin to plague businesses
- Bank staff will NEVER ask for a pin number – Regardless of the issues at hand, a bank will never ask a customer to reveal their pin number in person, over the phone or on email. Any correspondence claiming to be from a bank which requests this information is fraudulent, as is any offer to send a courier to pick up a bank card
With so many different ways for cyber criminals to target businesses in the modern age, it’s vital professionals are fully aware of the potential dangers of the online world and ensure they are as secure as possible. Passwords should be frequently changed, not duplicated throughout the office and high-level anti-virus software in place on all devices to block malicious attacks.
However, to truly secure a business against cybercrime, it’s vital all employees are fully trained in all aspects of cyber security to ensure they think twice before clicking on potentially harmful links or forward dangerous emails. The IT team isn’t always on hand to provide consultancy on how best to deal with questionable communication which is why training is so pivotal. Business leaders will have peace of mind that employees are aware of how to avoid the most common cyber attacks, which will go a long way to ensure companies don’t damage their profit margins and reputations by falling foul to cybercrime.