Cyber Fraud: Knowing the Threats and What You Can Do About It
Every once in a while, some of our employees will get an email that appears to be from the managing partner here at LFL Veritas. The email might say something as simple as, “Are you in today?”
The email looks legitimate and has our logo, but when you hover over the links and look at the email address, you see that the email is fake. In this case, a hacker is most likely trying to see if an employee will respond as if the email is real so that person can be targeted with a scam or cyber attack.
One of our clients, who was closing on a home in another part of the country, received an email from her attorney to wire her $50,000. She was expecting that email, so she wired the money.
She soon realized that her attorney’s email was hacked. Her attorney wasn’t someone who she interacted with on a regular basis and the request seemed legitimate under the circumstances. Fortunately, she was able to recover most of the money but, in most cases, payments can’t be traced.
These are two examples of how easy it is to commit cyber fraud, which is any type of fraud that involves the use of computer technology and the internet. Here are several other techniques used by hackers that make life miserable.
Common Cyber Fraud Techniques
While sophisticated software and attack techniques are often used to perpetrate fraud, most hackers simply send email and attempt to trick people into sharing network login credentials, bank account numbers and passwords, Social Security numbers, intellectual property, and other sensitive data.
These are phishing scams. The examples we mentioned previously are spear-phishing scams, which target small groups or even individuals.
Hackers either sell that information to the highest bidder or pose as a legitimate individual to make purchases or withdraw money. These are examples of identity theft, a popular form of cyber fraud.
Criminals might also use phishing scams to get people to click links and open documents that automatically download malware onto their devices. This allows hackers to move through the network undetected as they look to compromise valuable data assets.
As we discussed in a previous post, phishing scams that involve hackers posing as IRS agents have become common. Recipients will be threatened with legal action or even jail if they don’t send money immediately to pay a tax-related debt.
There have been cases of fraudsters posting non-existent items for sale through an online platform. The price is always way below market value. To seem legitimate, the criminal will ask you to wire money to a third-party payment provider.
Have you ever used a charging station in a public place? Hackers will install malware or spyware in USB ports to disable your device, hold it ransom, or access all of its data and content, from contacts and emails to bank account numbers and GPS locations. They can even use this technique to listen to your calls and access your camera.
Social media sites such as Facebook and professional networking platforms such as LinkedIn have become hotbeds for cyber fraud. Criminals will create fake accounts that mimic actual users. Then they’ll attempt to connect with their contacts and get those people to provide them with personally identifiable information.
Another major problem is software piracy, which is the intentional or unintentional use of software without proper licensing from the vendor. According to the 2018 BSA Global Software Study, 37 percent of all software in use is unlicensed, and there’s nearly a one-in-three chance that companies will encounter malware when they install unlicensed software. Malware in unlicensed software can provide hackers with unlimited access across a corporate network.
What You Can Do About Cyber Fraud
First and foremost, train your employees to spot the warning signs. Implement a policy that explains what to do if cyber fraud or other criminal activity is suspected. Make sure this activity is reported internally and then to the proper authorities.
Of course, you can’t rely solely on responsible employees to prevent cyber fraud. Keep your security software up to date. If in-house security expertise is limited, partner with an outside consultant or managed security services provider to make sure your defenses are sound. A vulnerability assessment will often reveal that a company is more susceptible to cybercrime than they realized.
Ultimately, every company should operate under the assumption that a data breach is a matter of “when”, not “if”. In addition to beefing up your defenses, create an incident response plan that enables to you to minimize the impact of cybercrime and fraud.