cybercriminals

Who’s the Phish? Shark Tank’s Barbara Corcoran, it Turns Out


How phishing affects businesses?

Imagine you’re on the finance team for a mid-sized business, with regular duties that include accounts payable. Your boss sends an email instructing you to pay Client XYZ today and includes full wiring instructions, details with what the payment is for, etc. What do you do?

You might send that wire with no questions asked.

Problem is, the situation described above is becoming increasingly common, as Shark Tank’s Barbara Corcoran discovered recently:

“This morning I wired $388,000 into a false bank account in Asia,” the real estate mogul tweeted a couple of weeks ago. Here’s what happened:

Corcoran’s bookkeeper Christina received what appeared to be a routine invoice from Corcoran’s assistant Emily to approve a $388,700.11 payment to a German company called FFH Concept.

The bookkeeper replied asking, “What is this? Need to know what account to pay out of,” and the cybercriminal posing as Emily was able to give a credible, detailed response that FFH was designing German apartment units that Corcoran had invested in. Corcoran does invest in real estate, and FFH is a real company in Germany. (full article)

Poof! Money gone.

Now, in this case, there’s a happy ending, as you may have read a few days later: Corcoran Gets Her $400k Back

That said, such positive outcomes are rare – usually, the funds are not recoverable. Indeed, are you confident you can put the kind of pressure on a bank that Barbara Corcoran can?

And don’t just shrug your shoulders and decide it won’t happen to you. Hackers target smaller businesses precisely because their security is less sophisticated. Plus, scams are like these are pretty slick, as she explains:

“I lost the $388,700 as a result of a fake email chain sent to my company,” Corcoran told the outlet. “It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate.”

How can you avoid such pitfalls?

First, better practices: have a process in place for confirming such requests with your team, usually by a live phone call. It’s time well spent.

Further, train your team to be better at spotting such phishing scams – in this case, there was a missing ‘O’ in the sender’s email address which should have provided the clue.

The best news is this: anti-phishing employee training from Cynexlink is very affordable and provides incredible bang for the buck.

Click here to learn more about the valuable service and don’t get caught off guard – it can happen to anyone!

Read more
Botnet Attack

Everything You Want to Know About a Botnet Attack


It is no secret that botnet attack have become significant security threats but what are they, exactly?

What is a Botnet Attack?

A botnet attack is performed by hackers using a collection of malware-infected devices, often termed as “zombies,” which are being controlled by the attackers. We often think of servers and computers being used in such an attack but increasingly, IoT devices like cameras, thermostats and more can help form botnet clusters.

Threat actors gain access to a device by using particular viruses to weaken the computer’s security system before executing “command and control software” to let them conduct their malicious activities on a large scale.

These activities can be automated to carry out countless simultaneous attacks, paralyzing infected devices for ransom or damage while also disguising their identity via the vast botnet network.

A botnet is used in many cybercrimes such as exploiting and making a financial gain, malware propagation, or just general disturbance of the Internet.

Botnet attacks are launched in many ways, including:

  • Spam Emails

The spamming process can be conducted by posing bots as a content server while others as SMTP servers. A spam campaign includes message templates, a senders list, and a recipient list.

  • Launching a DDOS Attack:

A Distributed Denial of Service Attack (DDoS) is another type of botnet attack launched on a website, company or government. This is conducted by sending many requests for content that overwhelms and shuts down the targeted server or website.

  • Ad Fraud

Cybercriminals can utilize the combined processing power of botnets to run fraudulent advertising schemes to attract clicks to get a percentage of ad fees.

  • Distributing Spyware, Malware, and Ransomware

Botnet attacks are also conducted to distribute spyware, ransomware, and malware.

  • Selling and Renting:

Believe it or not, botnets can be found for sale on the dark web to other cybercriminals to exploit!

HOW TO PREVENT BOTNET ATTACKS?

1. Emphasize Cybersecurity Education

For companies of all sizes, training their people is key. Employees should be trained to report unauthorized emails to the IT team, how to spot phishing emails, not to use public WiFi without using a VPN and more.

2. Keep All Software Up-to-Date

Software patches should always be applied promptly – beyond your browser and operating system, don’t forget to update antivirus protection, too!

3. Spam Filtering:

Email filtering solutions should be enabled to prevent most malicious messages from getting into the email inboxes. The more messages that are blocked, the less risk there is of your staff interacting with a phishing email.

4. Avoid Downloads from File Sharing Networks and P2P

Botnets regularly capitalize on P2P networks and file-sharing services to exploit company networks. Make sure all files are downloaded only from trusted sources and they’re scanned before and after downloading.

5. Control Access

Use multi-factor, risk-based authentication and other safe practices for access controls to prevent a successful botnet invasion on one machine from affecting the entire network.

Read more

What is Dark Web Scanning? Why It Is Important?


Why Dark Web Scanning is So Vital & Affordable?

Are your employees’ credentials – their email addresses and passwords – for sale on the dark web? With a thorough dark web scan by a trusted provider, you can find out.

Because it is often misunderstood, let’s first define exactly what is the dark web.

Essentially, the internet has 3 layers, two of which are used harmlessly every day. The surface web consists of all the websites most users visit daily — the public sites crawled, indexed and rendered easily by common search engines like Google and Bing.

The deep web, level two, is another safe layer comprised of unindexed databases not crawled by search engines, sites like browser-based email accounts or registration-required forums. The deep web is massive, comprising approximately 95% of all internet content.

The third layer, the dark web, is the one we all need to worry about and here’s why: it’s the playground of the lawless.

Dark Web Scan

It frankly doesn’t matter that the dark makes up only a tiny slice of the internet (less than a fraction of 1%), that it can only be reached through a special browser like TOR (The Onion Router) most people have never used or that up to 75% of dark web sites are actually inactive.

What matters is the fact that more than half of all active dark web sites are used for criminal activities. Thus, when a hacker manages to build a list of stolen credentials, the dark web is where he goes to sell that information.

If most internet users never visit the dark web, how can an organization know any if any of its employees’ credentials have been stolen?

Only by using a service like Dark Web ID from Cynexlink can a company discover if any of its user/password combinations can be found online – and if they’re part of the 80,000 new compromises exposed daily.

Importance of Dark Web Scanning?

  • Compromised credentials are used to conduct further criminal activity
  • 60% of employees use the same password for all services such as network login, social media and SaaS business applications, exponentially increasing the potential damage from a single compromised credential – even one that does not originate from within a company network
  • Over 75% of compromised credentials are discovered after the fact – either at the time of breach or when reported to the victim’s organization by law enforcement
  • Size does NOT matter: 43% of online attacks are aimed at small businesses and nearly 70% of SMBs experienced cyber attacks in 2018.
  • Once breached, 70% of companies with fewer than 250 employees were forced offline for a period of time, 37% experienced measurable financial loss and fully 10% were forced out of business altogether

Because over 80% of breaches begin with stolen credentials, real-time monitoring is a vital layer of protection. The good news is this: live, ongoing dark web scanning is a very inexpensive solution that even the smallest companies can afford.

Even better news: we’ll help make it even more affordable by offering one free scan with up to 100 exposed records so you can learn right away if any of your company’s credentials have been compromised.

What are you waiting for? Contact us to learn more about Dark Web ID today.

What do you think? Please let us know by commenting below!

Read more
hacker

How To Protect Your Data From Hackers


Hackers are the digital thieves who illegally get into your network to steal valuable information—financial data, passwords, intellectual property, personal information, or whatever crucial information they can get their hands on.

This data is generally used to steal money from accounts or to set up credit cards, and they may even sell data to your competitors.

In fact, all they need is one account or device to inflict damage. On top of that, they are not easy to stop because they are often located outside the country. They use sophisticated technology to resist law enforcement and get massive amounts of information.

According to one survey, 52% of data breaches are hacking. Hackers attack every 39 seconds, accounting for 2,244 times a day. Another scary finding is that hackers steal 75 records every second.

Don’t think that your business is too small to be attacked. Small businesses are always on the radar of cybercriminals due to outdated security systems and lack a cybersecurity team.

Fortunately, you can minimize or eliminate the risk by taking precautions.

Here are some security tips to protect your business data from hackers. 

Be Careful with Your Password:

Creating a strong password may seem an essential piece of advice, but the fact is that not all users are serious about their passwords. Most users still create secure passwords like ABCD, 1234, or their date of birth.

Such passwords are low hanging fruits for today’s sophisticated cybercriminals. Therefore, you need to create a strong password and change them frequently.

A strong password is a combination of alphabets, numbers, and special characters. Don’t use the same password for all accounts.

Work With the Right ISP:

Make sure to choose the right Internet Service Providers or ISP beyond their cost and speed.

The market is stacked with plenty of ISPs. Go for the one that comes with built-in security features. ISPs have a significant impact on cybersecurity because of their prominent position in the network.

Internet service provider

Limit or Block Access to Unnecessary Sites:

Restricting access to certain websites minimizes the risk of a security breach, so it’s the right thing to make sure only the authorized users get access to specific data.

Similarly, blocking specific sites from being viewed reduces the risk of viruses and spyware injecting sites from being accessed within your network.

Therefore, take the necessary measures to block malicious sites and make sure your security tools like antivirus are upgraded.

password

Use Up to Date Security Programs:

The simplest way to protecting your data from hackers is to update your security software. The constant updates might seem to hassle, but you should stick to them.

Using dated software can increase the risk of being hacked. Upgrades are essential to improve the efficiency of the security tools against the latest malware. Besides, you need to back up your data at least once a week.

Security Program
Protect Your Network:

With an unsecured Wi-Fi network, you are asking for trouble. Hackers utilize a technique known as wardriving, and it’s quite lethal. Wardriving is when cybercriminals equip their cars with high powered antennas and drive around scanning for the vulnerable network. When these hackers find a soft target, all of your passwords, finances, and data are on the risk.

Therefore, make sure to protect your Wi-Fi network and rely strictly on wired networks.

network

Educate Your Employees:

Employee negligence is one of the factors leading to cyber-attacks. For example, your employees can use weak passwords or leave their devices containing relevant data exposed. Or they may open emails that contain malicious links.

This way, they are making your data prone to attack unintentionally. Therefore, you need to educate your employees on cybersecurity. Besides, it would be best if you created formal company data policy, setting acceptable and prohibited online activities for employees. Their email access to personal smartphones via the company’s Wi-Fi should be restricted.

Employees

Conducting regular cybersecurity workshops are also an effective way to keep your staff educated on cybersecurity. If you are small enterprises, you can organize these events together with other local small businesses. Moreover, organizing cybersecurity workshops for your clients can be a great branding opportunity.

Practicing cybersecurity on a daily bases strengthens the security of your organization, eliminates the risk of hackers, and makes your business’s landscape safe and sound.

What do you think? Please let us know by commenting below.

Read more
Cybersecurity training Tips for Employees

6 Cybersecurity Training Tips For Employees


Cybersecurity Training is very important for employees to survive in an industry dominated by growing virtual crime.

Have you read the WEF2019 Global Risks Report?

The report has listed cyber-attacks among the top five global threats over a decade. Data incident has been listed on the fourth spot.

But if you think your organization is too small to be attacked, here is another spooky survey that says that 43% of online attacks are now aimed at small businesses.

Cyber-threats not only destroy your data but also lead to financial losses, tarnished reputations, and downtime.

No matter what the size of your business, you should make your cybersecurity strong; it all starts with your employees.

This is because employees are often the largest security vulnerability.

They can click on malicious links, exposing your information to cybercriminals. They can use infected devices that can inject the virus into your systems. And above all, they can pose as insider threat or your ex-employee can sell your information to your competitor.

Therefore, there is a need for cybersecurity training for your employees which can be built around the key points given below.

6 Cybersecurity Training Tips For Employees

1. Don’t Blame Your Employees:

In the event of a serious data breach, many employers are likely to blame their ill-fated employees that clicked on the malicious stuff. While it’s true they were the ones to get trapped, accusing an individual of lacking the knowledge is a way to avoid the organization’s responsibility to ensure its employees keep its information protected.

The organization should have a plan to ensure their employees have the knowledge they require making the right decision and knowing whom to ask if they have any security-related questions.

You need to be clear about what to do if anyone has security concerns. It prompts you to create the infrastructure required to share new threats as they occur and get everyone involved in data security.

2. Plan and Create a Solid Security Policy:

You need to create and plan a security policy to cover the appropriate topics and secure the use of the company’s system. Make sure your IT security policy covers everything.

Besides, keep it clear and accessible to everyone in your organization. One more thing—your IT security policy should define the roles and responsibilities for control, enforcing, training, controls, and maintenance.

3. Educate on Password Management:

Password Management is a necessary evil for most business owners. With the IT team failing to remind employees, there needs to be a huge change in attitude if you want to fortify your cybersecurity. Moreover, encourage your employees to use strong passwords. This is important because nearly 81% of security incidents are caused by weak ones.

You can simplify their password management by sharing the tips given below:

  • Use a combination of letters, special characters, and numbers. Get creative with passwords
  • Don’t use simple passwords like ABCD, date of birth or house address
  • Don’t share your passwords with anybody
  • Set different password for every device
  • Change your passwords frequently

4. Make it Mandatory for All:

Fire safety isn’t taught to selected employees, right?

Cybersecurity should be treated in the same way. It should be made a top priority and mandatory for everyone. Your employees should be aware of all old-new threats, no matter if they are into accounts, IT or at the front office. Anyone using a computer should be familiar with basic password security and safe internet browsing practices. Share cybersecurity news regularly.

5. Conduct Regular Cybersecurity Sessions:

Admit it. Documented policies are likely to be read once and never looked at again. Therefore, encourage your employees towards cybersecurity with frequent seminars and quick bursts of training. It will keep them informed, engaged and interested.

These small cybersecurity sessions can be built around the use of passwords, safe use of devices and other security concerns. Make sure to test their knowledge regularly. For example, you can check if they are practicing essential cybersecurity protocols. Do they follow the guidelines? Testing their knowledge and vigilance from time to time is important.

Practice this mock drill:

Send them a fake email to see how many clicks it will get. The results can be shown in the seminar or training session, without revealing the names of the employees who clicked these fake phishing emails.

6. Train Employees to Recognize Phishing Threats:

As we have reviewed, some of the vicious cyber-crimes are caused by human error. Cybercriminals can trick the users into something malicious by using fake email addresses and domains. For example, they might pose themselves as a reputed bank in their emails asking for personal information or bank account details.

In this scenario, employees are required to be taught how to identify such malicious links.

Bottom Line:

There are many more tips on cybersecurity training. However, practicing these key measures will provide overall protection to your data. With improved cybersecurity, you can minimize the risk of cyber-threats across your organization.

It not only secures your system and data but also adds to the reputation of your organization.

What do you think? Let us know by commenting below.

Read more