One day last year, a political figure called me and said she was concerned about his browsing history because she had received an email saying that if he didn’t pay $2,000, everything would be exposed. I assured this person that it is a scam and the hackers really don’t know your browsing history.
They just assume you wouldn’t want it to come out and exploit that fact. Hackers perform this type of online extortion and other similar types every day.
In another hacking attempt, someone called the office the other day asking for help attaching photos to an email. We get all kinds of weird technical requests in our business, but this was an immediate red flag.
Election period:Dos and Don’ts for Nonprofits During Election Season | Notes on non-profit organizations
The person said they got an email from their boss (hackers posing as the boss) asking for staff gift cards and they went out and bought them. Then the boss sent her another email to scratch the backs of the cards and send them the codes. If she had, they would have been another victim of this joint gift card scheme.
Luckily, by calling us asking for help attaching photos, we were able to inform her that she was about to get scammed and stop communicating with the hackers.
Defend against pirates
What about the threat where you receive an email with a dropbox claiming to be full of resumes (it really does contain ransomware), or another email asking you to wire some money somewhere referencing a real project (hackers searched for you on social media – this is called social engineering) you are working on?
How about a request to confirm your password by re-entering it in a link? Or how about a text to claim your free iPad, but what it really loads on your phone is keystroke tracking software (my mom fell in love with this one, well done MG)?
These are all different forms of hacking and I bet you’ve seen one, if not more, in your business or home.
This summer I spoke to the Tallahassee Chamber of Commerce (with Eddie Gonzalez Loumiet of Ruvos/Launch Tally) as well as the Wakulla County Chamber of Commerce and several other groups about these attacks, the cybersecurity in general, and how to stop them in their tracks. .
There are tools to stop Business Email Compromise (BEC) attacks, tools such as Endpoint Detection and Response (EDR) solutions, as well as advanced threat protection options (Isolation Products and patching), two-factor authentication, password managers, redundant backups, and cyber insurance to help you fight hackers.
We did something different at the Tallahassee Chamber event, we didn’t just talk about cybersecurity. We also did a real-time exercise and test by scattering some USB sticks outside of our meeting. The USB drives were loaded with fake malware that our team added to them.
If you picked one up and plugged it in, you’ll see a screen saying you failed a cybersecurity test and don’t put random USBs in your computer. If this were a genuine hacking attempt, you could expose your entire organization (and your personal information) to malware, keystroke tracking software, or ransomware.
These types of tests are next level and you should consider doing them at your desk with an email phishing simulation and cyber trainings. Although the defensive tools are better than ever, a gullible person could still destroy your office. These tests therefore deal with gullible/weak links in your team.
Beware of fake phone calls
Also, remember that hackers always use phone calls to try to get you. Impersonate “Dell” or “Microsoft” and ask for your credentials to run an “update”. It happens all the time, don’t fall for it, and yes, they can even spoof the caller ID making it look like they are that company.
Note that these companies never call you for anything, in fact good luck getting them on the phone when you need them. Ignore them. The same goes for bogus calls from the IRS or FBI or anyone asking for your personal information. Trust but verify.
The cyberwar continues, we have had huge victories putting hackers out of business in many countries and we have also suffered huge losses (see Colonial Pipeline). In short, the war is far from over.
We all need to do our part to make sure our business, our family, our state, and our nation stay safe. To that end, every time you turn on your laptop, desktop, tablet, or mobile device, know that you are entering the battlefield.
In the cyber-battle, you can be a victim; part of the problem or a fighter and part of the solution.
Blake Dowling is CEO of Aegis Business Technologies, host of the Biz & Tech podcast, author of the book, Professionally Distanced, and a regular speaker on cybersecurity in Florida. You can reach him at [email protected]
Never miss a story: Subscribe to the Tallahassee Democrat using the link at the top of the page.