As if the pandemic has not been trying enough for CEOs, business owners and other high-level executives, now comes the news that cybercriminals are targeting them more aggressively with phishing scams and other nefarious schemes. Trend Micro reports that they have been following an evolving phishing campaign where cyber criminals are targeting C-Level corporate leaders with emails containing fake Office 365 password expiration reports. The recipients are encouraged to click on the embedded link if they want to continue to use their same password. The attackers use this compromise and the victims’ account credentials to further their scheme and add more high-level victims to their roster. Hackers are aggressively on the prowl. We have seen huge surges in blackmail, re-directing payments to hackers’ bank accounts, stolen e-Checks and much more.
We have written many times about what we can do to help mitigate these types of attacks. In many cases, it boils down to firming up a weak human leak. As our toolboxes become filled with additional means to fight cybercrime, cyberattacks are becoming more sophisticated to skirt around those tools. The best offense to combating cyberattacks is a proactive defense.
Training – Educate Yourself & Your Staff – C-suite executives must undergo cybersecurity training to recognize fraud and help them develop awareness, understanding and preparedness. Not sure where to start? Ask TNTMAX or you IT provider, they will be able to point you in the right direction. Hackers target decision makers because the people under them usually follow their directives without question. Read articles, take online quizzes, familiarize yourself with cybersecurity best practices – and the techniques that cyber attackers use.
Passwords & MFA – Passwords alone are no longer good enough. You must include a second factor of authentication, like a multifactor authentication (MFA) app on your cell phone or your cell phone number. The combination of something you know – your password – and something you have – your cell phone – make it much more difficult for hacker to gain access to your online account. Use a strong and unique password for every login. Have a hard time recalling passwords? You can use a passphrase. The more nonsensical the better but make sure it is memorable to you. Ex. PinkDogs4ShouldDrive5YellowCars6. Use a secure encrypted password safe to keep all your passwords secure. Do not save them on your computer in Excel or Word.
Email Protection Awareness – since this is how cyber attackers are largely targeting c-suite executives, you need to develop strong email analytical skills.
- VERIFY USING TRUSTED SOURCE – If you receive an email with an attachment or an embedded link, call the sender using a phone number you know and trust to verify that they sent the email. Do this even if you know the sender and/or are expecting an email from them. Do not click on any links or open any attachments until you confirm it is from them.
- NOTIFY / DELETE – If you do not know the sender and you suspect it could be malicious – contact your IT department immediately and follow their instructions. If an IT Department is not an option, delete the email.
- AUTHENTICATE – Domain names and email addresses can be spoofed (faked) to look exactly like one you know, or they can be created to look very similar to a domain or email address you are familiar with. Be sure to look at them carefully for any possible discrepancies.
- VERIFY – If you get an email from a client asking you to update any type of information (i.e., banking, shipping, wiring instructions), call the client/vendor/friend using a known trusted phone number you have for them to verify before you update anything.
- GET IMMEDIATE HELP – Contact your IT department immediately if you clicked on a link you should not have or if you notice any strange behavior on your computer. The sooner you report an incident, the sooner your IT team can begin to lessen any potential damage. TNTMAX recommends that you power off the computer if you cannot reach your IT team right away. This will help to keep any potential malware from doing its dirty work behind the scenes.
According to CSO Online,
- 94% of malware is delivered via email.
- Phishing attacks account for more than 80% of reported security incidents. This is the method used to gain access your system and then malicious software is installed, like a key logger or remote access backdoor, which allows the hacker to take control.
- 60% of breaches involved vulnerabilities for which a patch was available but not applied.
CSOOnline.com – Top cybersecurity facts, figures and statistics – March 9, 2020.
Cybersecurity awareness training needs to be a priority for every level of the company. It starts at the top and does not skip anyone along the way. All a hacker needs is to find one weak user to gain access to your company.
You can never be too prepared to fend off a cyberattack. Knowledge and training are the best weapons – along with the help of your dedicated IT professionals. At TNTMAX we make it a point to stay on top of cybersecurity awareness best practices. Train staff members at every level to spot phishing scams, cyber-attack mechanisms and other means cyber criminals use to stage an attack. This pandemic has been hard on our employees and our businesses, do not make it easy for cybercriminals.
Frederic Farcy, President