IdentityForce LogoIdentityForce Logo
Protect What Matters Most.
Father and son at computers
Posted on October 14, 2021 by in Employee Benefits, Personal

October may be known for spooky, Halloween-themed frights, but it is also National Cybersecurity Awareness Month – encouraging everyone to focus on the cybercrimes and identity theft that haunt us all.

Why is it important to be aware of the threats that are circulating? Because recognizing the tactics used by attackers and understanding how they work together can help us avoid them.

THE FLOW OF TODAY’S CYBERTHREATS

Cybercriminals use several tactics to access your personal and business data. Increasingly, they’re layering these tactics so one attack strengthens the next.

Three popular cyberattacks illustrate how these tactics feed into each other.

SOCIAL ENGINEERING IN CYBERSECURITY

Among the techniques cybercriminals use to trick individuals is social engineering, which involves deceiving and manipulating people to divulge personal information. Using a variety of tactics, the attackers convince you to drop your guard and share personal information by either giving it to them over the phone, filling out a web form, or downloading malware that gives the attacker access to your system.

There are two primary approaches attackers will take.

  1. Present themselves as a trusted contact – a friend, coworker, or company that you do business with. They’ll often gather personal details about their intended victim from social media to make their outreach more convincing.
  2. Sharing stories about hot news topics that include links to websites that either inject malware or convince visitors to provide their personal information. Last year, for example, as everyone scrambled to get details about COVID-19, criminals created false websites and circulated bogus stories to fill their pipeline with victims. As a result, the FBI reported a 400% increase in cybercrime.

To deliver these attacks, criminals reach victims directly through their primary modes of communications: emails, phone calls/voicemails, and SMS text messages – respectively known as phishing, vishing, and smishing.

WHAT ARE PHISHING, VISHING, AND SMISHING?

While criminals will spoof phone numbers to send SMS text messages or call pretending to be someone you trust, the most common attacks are phishing emails.

The growth rate of phishing has been staggering: Research by Vade found the number of phishing attacks increased by 281% in May. One month later, it grew another 284%.

What is behind this exponential growth? With so many employees working from home – and accessing corporate networks using less-secure home networks and devices – attackers know the weakest link in any company’s defense is the unsuspecting employee.

By fooling one individual, the attackers can:

  1. Get the victim to share personal identity and financial information, such as banking, 401(k), and medical accounts;
  2. Convince an individual to provide login credentials to their employer’s network;
  3. Install malware such as ransomware on the victim’s system.

RANSOMWARE: THE FASTEST GROWING THREAT

Ransomware prevents users from accessing their files – usually by encrypting data – and then demanding the victim pay a ransom to regain access. Increasingly, ransomware attacks also steal sensitive data before encrypting it, and the criminals threaten to publish it unless payment is made.

Ransomware remains the fastest-growing cybercrime, with SonicWall reporting that ransomware attacks in North America climbed by 158% from 2019 to 2020.

Individuals who fall victim to ransomware can lose their precious family photos, important legal and tax documents, and any other file kept on their computer. If the attack also involves the theft of their identity and financial information, they face countless headaches, expenses, and challenges to get them restored.

A ransomware compromise of an individual can also provide access to their employer’s systems – resulting in costly downtime, lost business, and reputational damage. The employee’s productivity is also reduced as they deal with recovering from the attack.

That’s why savvy employers now incorporate digital health and identity protection into their employee benefits programs.

DISRUPTING THE FLOW OF CYBERTHREATS

Since 94% of malware attacks originate from phishing emails, the good news is you can avoid becoming a victim if you know what to look for. These are common clues that expose phishing emails:

Sample phishing email

  • Requests for personal information. Legitimate companies won’t email you asking for your Social Security number, bank account details, or other personally identifiable information (PII). If you want to confirm an offer or alert with the organization, do not reply to the message or use any phone numbers in the email – use the company’s official customer service contact info listed on their website.
  • Suspicious email addresses. Most company emails have a corporate domain, so an email from the sender address “paypal-service@paymenow.com” is not from PayPal.
  • Altered logos and brand images. Companies protect their brands. If an email includes a skewed or out-of-proportion logo, it’s a scam.
  • Misspelled words and poor sentence structure. Companies employ marketing, copywriting, and proofreading professionals, so if an email is littered with misspellings and incomprehensible English, it’s a fake.
  • Non-English fonts in the text. Spam filters will block specific words. To bypass those filters, attackers will spell words using letters from foreign languages that look similar to English but have small differences that are difficult to notice. Watch out for extra dots or hooks on letters that might look like a dust speck on your screen.

Want to see how prepared you are at spotting scams? The American Bankers Association (ABA) has a fun online quiz called Banks Never Ask That that presents six possible phishing scenarios. You then point out if something is suspicious or if the message is legitimate.

DON’T BE HAUNTED BY CYBERTHREATS AND IDENTITY CRIMES

Understanding how cyberattacks work together and evolve is vital to avoid them. Watch our 15-minute on-demand webinar, Haunted by Identity Crime? How to Recognize the Top 5 Fraud and Identity Theft Scams, to learn more about today’s top cyber threats, how they’ll evolve during the next five years, and the steps you can take now to keep them from haunting you.