From the Tallahassee Democrat
I had a political figure call me up one day last year and tell me they were concerned about their browsing history as they got an email saying that if they did not pay $2,000 dollars it would all be exposed. I assured that person it was a scam, and hackers really don’t know your browsing history.
They are just assuming you would not want it revealed and are preying on that fact. Hackers conduct this and similar kinds of online extortion every day.
In another attempted hacking incident, we had a person call the office the other day asking for help with attaching pictures to an email. We get all sorts of odd tech requests at our firm but this was an immediate red flag.
The person said she got an email from her boss (hackers impersonating the boss) asking for gift cards for staff and she went out and bought them. Next the boss sent her another email to scratch off the back of the cards and send them the codes. Had she done so, they would have been another victim of this common gift-card scheme.
Luckily by calling us asking for help attaching pics we were able to advise her she was about to be scammed and to stop communicating with the hackers.
Defend against hackers
How about the threat where you receive an email that has a drop box attachment claiming to be full of resumes (it really contains ransomware), or another email asking you to wire money somewhere referencing a real project (the hackers have looked you up on social media – this is called social engineering) you are working on?
How about a request to confirm your password by re-entering it into a link? Or how about a text to claim your free iPad, but what it really loads on your phone is key stroke tracking software (my mom fell for this one, way to go MG)?
These are all various forms of hacking and I bet you have seen one if not more of these examples in your business or home.
This summer I spoke to the Tallahassee Chamber of Commerce (with Eddie Gonzalez Loumiet of Ruvos/Launch Tally) as well as the Wakulla County Chamber of Commerce and several other groups about these attacks, cybersecurity in general, and how to stop them in their tracks.
Tools for business
There are tools to stop business email compromise (BEC) attacks, tools like EDR solutions (end point detection and response), plus there are advanced threat protection options (isolation and remediation products), two factor authentication, password managers, redundant backups, and cyber insurance to help you fight hackers.
We did something different at the Tallahassee Chamber event, we didn’t just talk about cybersecurity. We also did a real time exercise and test dispersing some USB drives outside of our meeting. The USB drives were loaded with fake malware that our team put on them.
If you picked one up and plugged it in you would be shown a screen that says, you have failed a cybersecurity test and to please not put random USB drives into your computer. Had this been a real hacking attempt you could put your entire organization (and your down personal info) at risk to malware, key stroke tracking software or ransomware.
These types of tests are next level and you should be thinking about conducting them at your office along with email phishing simulation and cyber trainings. While the defensive tools are better than ever before, one person being gullible could still take your office down so these tests address the gullible/weak links on your team.
Beware bogus phone calls
Also, don’t forget, hackers also still use phone calls to try and get you. Pretending to be from “Dell” or “Microsoft” and asking for your credentials to run an “Update.” This happens all the time, do not fall for it, and yes, they can even spoof caller ID by making it look like they are indeed that company.
Note to you, those companies never call you for anything, in fact good luck getting them on the phone when you need them. Ignore them. The same goes for fake IRS or FBI calls or anyone asking for your personal information. Trust but verify.
The cyber war wages on, we have had some huge wins putting hackers out of business in many countries and we have also had some huge losses (see Colonial Pipeline). Bottom line, the war is far from over.
We all need to do our part to make sure our company, family, state, and nation stays safe. To that end every time you turn on your laptop, desktop, tablet, or mobile device know that you are stepping on the battlefield.
In the cyber battle you can be a victim; part of the problem or a fighter and part of the solution.
Blake Dowling is CEO of Aegis Business Technologies, the host of the Biz & Tech Podcast, the author of the book, Professionally Distanced, and a regular speaker on cyber security in Florida. You can reach him at email@example.com