It’s hard to know who to trust nowadays. And what’s harder, is understanding the consequences of trusting the wrong person. As we are entering the holiday season, I thought it fit to alert you to a few common schemes and scams that cyber criminals use especially during the holidays. Here are six common scams that can compromise your business during the holiday season.
- Ad Poisoning—cybercriminals continue to fool ad agencies that they are legitimate advertisers. Criminals poison the ad pool by linking to nefarious websites that then can easily install malware and viruses on your network. This is a common delivery system ransomware viruses, like CryptoWall.
Solution—Here are a few things I recommend you doing to help keep the bad guys out of your holiday cyber shopping:
Disable Adobe Flash on your computer—or if you are a video fiend, set the Adobe Flash plugin to “click-to-play” mode to block automatic infections.
Keep up-to-date with all security on your operating system.
Download and install an Ad Blocker that blocks pop-ups from displaying in your blocker automatically.
If you have a network and are worried about vulnerabilities from team members, you can get rid of Flash altogether or deploy blockers using a group policy.
- Phishing on major retail sites—Cybercriminals have also been attacking users on Amazon and other large retail platforms with phishing campaigns making false claims that accounts have been hacked. These notices typically appear in email around holidays when spending is high. Other phishing attacks take advantage of people’s charitable spirit during the holidays—so be careful when responding directly to charity email campaigns.
What the scammer wants—your payment card information and security details.
These scams emphasize the urgency of responding immediately to avoid some consequence.
Solution—If you see emails like this, your spam filter might not be filtering spam email effectively. Delete the email. My rule is If you’re in doubt, throw it out! If it was really important, you will get a follow-up email and most likely a phone call.
- Ransoms—Cyberhacking targets valuable data of one sort or another. Personal data such as credit card and user information are typical targets of hacks and can lead to ransoming. Think of the Ashley Madison attack earlier this year. If you have compromising information online, hackers are likely looking for a way to take advantage of it.
Solution—Avoid keeping valuable or compromising data in insecure places. I never keep trusted data on other networks than ones I have control over. Understand that whatever you put out on the net—especially things that your future self-regrets having put online—anticipate that it may eventually resurface.
- Facebook—While many of us, including myself, frequently visit Facebook, scammers are frequenting it too. One popular ‘opportunity’ scammers have taken advantage of trusting Facebook fans, exploiting them to install Facebook add-ins that are not legitimate. A recent scam had gotten many Facebook users to install a dislike button in their profile, unsuspectingly installing malware instead.
Solution—Review your network security policies regarding social media. Consider stricter policies on social media on computers connected to your network or at least restrict installations of plug-ins.
- Executive Email Scams—A recent FBI report highlights the 270 percent spike in victim cash losses from over a thousand US companies, totaling 179 million dollars in business email compromise (BEC) scams. In BEC scams, scammers phish specifically for executives and CEOs, drop a Trojan and gain 24/7 access to their inbox. This gives a cybercriminal access to monitor email accounts for months until the right conditions for a scam reveal itself. They then pounce by sending out emails from something that looks like the CEO’s address to take advantage of a situation for financial gain (the business’ financial loss).
Solution—if you are an executive you need to be extra careful to avoid spam emails and phishing expeditions. Make sure you have strict spam settings and be careful when opening email from unrecognized sources. I err on the safe side and throw out emails from unrecognized sources.
- Refunding scams—Many criminals are turning to the refund scam business. These scams sell some product or service and then soon after a sale send refund checks—sometimes these scammers send emails or mail to encourage you to cash a check even if you never had a relationship with them. These scams can compromise your financial accounts.
Solution—Check credentials of businesses before making a transaction and be wary of companies that after a payment, come up with excuses to refund your money. This is often a red flag that something is not right.
An even better solution to resolving problems with cyber scams is to take preventative actions to be sure that scammers don’t find vulnerabilities in you or your team. Our state-of-the-art fitSecure-fitSentinel security package gives you just the protection to prevent financial and data losses this holiday season. Feel free to give me a call if you want to find out more about ways to better secure your business network.
