It may come as a surprise that scams and phishing emails are on the rise amid COVID-19. Even during these difficult and challenging times, the bad guys are out there to take advantage of the situation. While many get set up to work from home, cyber criminals are looking for vulnerabilities to collect personal, business and banking information.
Phishing is the technique cybercriminals use to gain access to your information. They use links or emails to trick you into giving them your details or downloading malicious software, known as malware, or ransomware. Some of the most common scams today are emails or texts pretending to be a fundraising effort, government program providing relief or delivery companies. While many of these phishing attempts might seem obvious, there are many others that are not.
Knowing the latest hacking trends and asking your IT team questions about cyber-security are great steps in protecting yourself. There are other things you can do too. By knowing your role, identifying common threats and spotting red flags, you can further increase your safety and protect your personal or business information.
Understanding Your Role in Cybersecurity
Cybercriminals know that there is an unprecedented number of people working from home, and that some of these people may be using laptops or home computers without the same security screens as their office computers and networks. These weak points in the system are an easy way in. But, in order to get hacked or scammed, you will likely need to give them access or information first. That’s why you play a major part in keeping your personal and business information safe.
Three Popular Business Hacks
Phishing emails are the most common vehicle for a hack. However, emails aren’t the only way scammers or hackers try to trick you. Websites, video conferencing invites, text messages, shareable files and social media posts are just some of the other ways you can let the bad guys in. Knowing how to spot these attempts is the first step in staying protected.
- Downloading Files: Emailing a PowerPoint presentation or Word document to a colleague is something we do all the time. But, did you know that cybercriminals can hack computers through specially crafted files? They attach these files to spam emails. This is called spear phishing. It happens when you download a file that looks safe but isn’t. When you open the file, you are asked to download or enable content. Once you do, you let in malware and give attackers access to your computer and files. Don’t trust suspicious files. Call the person you are expecting a presentation or file from and verify it first.
- Text Message: Bad guys don’t just target your laptop or desktop. They target your smartphone too. Ever received a text message from a number claiming to be the government, a bank or an app? These texts usually say something along the lines of “Urgent: Please click on the link and install the update”. These messages almost always contain a shortened web link. Don’t click it! This is a huge red flag. If you follow the link and install anything, you could be installing malware and giving hackers control over your camera, microphone, location, contacts, Cloud drive and more. Delete these kinds of text messages. Check the app store or company’s website for updates and only download them from verified sources.
- Video Conferencing Links: If you’re working from home, you’re likely using Skype, Zoom, WebEx or some other web conferencing software to hold meetings and keep up with teammates. But beware - these platforms can be hacked and are being used in phishing attempts. Hackers may send you a meeting request with a fraudulent URL to join a meeting. The meeting invite is crafted in a way to look like it is coming from a teammate or a client. If you click the link you may be brought to a fake web conferencing site that looks legit, but it’s not. You may be asked to download a software update - don’t! These downloads are a trap to have you install malware. Protect yourself from hacks like this by updating to the latest version of the video platform from an official company website, ask your IT team to protect your video conferencing platform with a firewall, and check that your calendar reminders are the real deal by asking the person who set it up.
Spotting Red Flags
If it seems fishy, then it probably is. Know how to spot red flags in malicious emails by checking the…
- “From:” and “To:” address: Check the sender’s email in the “From:” line and who this email has been sent to in the “To:” line. If you don’t know who this email is coming from or the people who it has been sent to, then it’s a good indication that it could be an attempt at your data. Furthermore, if you’re being addressed generally to like “Dear customer.”, etc. then there is a good chance this is an email sent out to more than one person.
- “Date:” line: Was this email sent during business hours? Or, was it sent at 3:00 AM or on the weekend? We all know people who work on the weekend or who send emails after hours. However, emails sent at odd times and dates could indicate that these emails might be a hack attempt.
- “Subject:” line: If you received an email from an organization that you do not do business with or do not have any products or services with, then this might not be legit. Even if you do conduct business with this company, there might be something lurking in the links or other clues you can find that this might be an attempt to hack.
- Embedded links and URLs: Always hover over the links in the email before clicking them. Does the destination URL match the destination site you would expect? If the link is shortened or directed to an unfamiliar domain, this is a red flag.
- Content of the message: What is the content of the email and what it is asking from you? If there is a call to action urging you to click a link or open a file, think twice. This link or button can be fashioned to take you to a site or directly download malware or ransomware. All caps emails, spelling mistakes or overly enthusiastic emails would be a red flag and sign that this might not be something you want to open as well.
Increasing your security awareness to stay safe
Even if you think you have a good handle on cybersecurity, consider asking your IT team questions about the latest threats. Seek information and gain advice on cybersecurity to ensure you're properly protecting yourself, and your business. Knowing your role, identifying common threats and spotting red flags are all great ways to stay secure, and stay safe.
At Envision Financial, we like to ensure that you have the tools and resources to stay aware and keep cyber security top of mind to protect you banking information. Here are some other helpful links: