Tech security scams have become an epidemic. They're everywhere and every business should be concerned. There's a new scam in the headlines almost daily and that should be enough for businesses to take notice. Every business leader needs to be aware of the latest scams and what the best approach is to thwart them. Below is a look at 4 tech security scams that should be on every company's radar:
The WannaCry attack in May demonstrated the mass damage that Ransomware can cause. Ransomware exploits a vulnerable network, locking up sensitive data and demanding money from users in exchange for the data's release. One of the main takeaways from the WannaCry attack is the importance of updated software. There was a patch released that could have prevented WannaCry from taking hold and many organizations didn't install the update quickly enough. From The New York Times: "The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of groups around the world failed to properly install the fix."
Last April (and truly, every Tax Season), cyber criminals set out to steal W-2 forms from companies across the U.S. This tech security scam is fairly straightforward: they e-mail employees and ask for the forms. By creating mock e-mail addresses that look vaguely similar to those of trusted executives, cyber criminals prey on people's good nature and trick them into sending over sensitive information. Employees should always question requests for sensitive data and verify identities before hitting 'send.' From Inc.: "The decidedly low-tech method has been duping employees from all types of companies--data storage firm Seagate, social media platform Snapchat, payday lender Moneytree, and even Inc. magazine's parent company."
Whether the link comes through an e-mail, social media, or some other referral channel, many cyber criminals attempt to steal personal data through fake websites. These fraudulent pages are set up to look like legitimate sites that an individual or business may use regularly. Users input credentials or payment information and the scheme is rolling. From LifeLock: "Although counterfeit websites can look surprisingly similar to the legitimate sites they are attempting to copy, there are some differences if you look closely enough. First, make sure the web address begins with http:// or an https://. Then look carefully at the company name in the URL."
There are some names in tech that people implicitly trust. Cyber criminals know this and exploit it. In early May, thousands of people received a link to a "Google Doc" from cyber criminals posing as trusted authority figures. It was a phishing scam, looking to lift credentials off of people and gain access to their Google accounts. The familiarity of Google duped people into thinking that the Google Doc was legit. It was a harsh reminder to never take things at face value on the Internet. From Wired: "This phish worked because it tricked the user into granting permissions to a third-party application. This is the future of phishing, and every security technology vendor is ill-equipped to deal with it."