Since it was first documented in 1989, ransomware has only become far more severe, ruthless, and, most of all, prevalent. Let’s review some important statistics to remember if you are to understand ransomware and, even more importantly, avoid its impact on your business.
We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.
I was talking to some colleagues the other day about cybersecurity and its relationship with modern everyday scams, like phone scams and similar things. In my opinion, it’s worth bundling these two topics together, and we found some interesting statistics that we’d like to share.
Cybercriminals fight dirty, whether it’s attacking small businesses, large enterprises, or individuals who just want to watch Netflix. It doesn’t matter who you are or what you do for the community; you’ll always be a target for hacking attacks. To save time and effort, hackers will use low-tech attacks and social engineering attacks to target individuals. Hackers aren’t developing new threats all the time; if anything, they largely use existing exploits, purchasable software, and social engineering to take advantage of people.
It is so important to keep your business secure nowadays. Statistics show this to be the case. Don’t believe us? We can share a few of these stats and explore what they mean, just to prove it.
Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.
There is no denying that Quick Response codes—better known as QR codes—are a handy little invention. Just a few years ago, many businesses heavily adopted these contactless communication tools, allowing customers with a smartphone to access menus, documents, and more with ease. Having said that, we unfortunately can’t deny that cybercriminals are taking advantage of how handy QR codes are, too.
Phishing is a common issue that businesses of all kinds can experience, whether they are a small startup or a large corporation. Hackers are always trying to extol information from your employees, including account credentials, remote access to your systems, and in some cases, funds directly from a bank account. It’s up to you to teach them how to identify and respond to phishing attacks.
You know the old phrase, “A chain is no stronger than its weakest link?”
It’s a pretty good idiom, but when it comes to cybersecurity, I think the idea is worth revisiting. It’s not that you aren’t as strong as your weakest link, or in terms of cybersecurity, it’s not that you aren’t as secure as your most vulnerable endpoint…
You are less secure the more users you have.
Phishing is a remarkably dangerous tactic used by hackers to take advantage of those who might not be quite as in-the-know about security practices. Phishing attacks can be carried out against both businesses and individuals alike, and due to the many different forms these attacks can take—including email, text message, and even fraudulent websites—they can be quite problematic.
Phishing has become one of the great problems for technology users in the 21st century. The ironic part of the whole thing is that it has taken a good old-fashioned social engineering scam to make today’s robust information systems less secure. Phishing is the predominant way that hackers and scammers gain access to the systems they target. Today, we’re going to spell out what to train your employees on to help them identify phishing attacks.
It doesn’t take much to get us to start ranting about the dangers of phishing, and it’s a topic that we won’t stop talking about for some time. Unfortunately, phishing comes in enough forms that it isn’t always so simple to spot. For this week’s tip, we just wanted to run through the different formats phishing can take, focusing on how to identify each type.
It’s the holiday season, and you know what that means: lots of gift-giving and online shopping. Regardless of what you and your family celebrate this holiday season, you should be prepared to handle the influx of phishing attacks which always surface around this time every year, including both the usual methods and the more sophisticated ones.
We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.
How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.
When cybercriminals use phishing scams, they aren’t using advanced technologies to crack their target’s digital defenses. Instead, they hack users by exploiting the assumptions, bad habits, and ignorance of the target to get them to release sensitive information.
Attackers circumvent cybersecurity measures by sending messages purporting to be from an authority figure or trusted contact, thereby convincing the user to undermine their protection. A notorious example of phishing is the email from the persecuted royal family, known as the "Nigerian Prince scam."
Imagine for a second the surprise you would have if you tried to log into your computer and you were presented with a message telling you that your files have been encrypted and that you need to pay in Bitcoin before the clock runs out or you will lose those files forever. Then you noticed the clock clicking down. Would you panic? You probably would. That is ransomware, a particularly ugly malware that could cost you everything.
According to the National Cyber Security Centre, a government security organization based in the United Kingdom, a hacking group known as “APT29” (also referred to as “the Dukes” or “Cozy Bear”) has actively targeted the research centers conducting research into developing a COVID-19 vaccine. These claims have been supported by both the United States’ National Security Agency and Canada’s Communications Security Establishment.
You would think that since millions of phishing attacks are ignored, set to spam, and actively mitigated each month, that there wouldn’t be such a desperate effort to educate people about the signs of phishing attacks, but the fact remains that it only takes one successful phishing attack to compromise an entire workstation, network, or computing infrastructure.
Today, everyone that works for your company will need to be able to spot and report a phishing attack. Doing so can sometimes be extremely difficult if the spammer does his/her homework. Consider using and teaching these tips to keep your business from being a victim of a phishing attack.
First, it will help to briefly review how each attack works.
Imagine if you tried to log into your computer, only to be presented with a message that your entire computer had been encrypted, and that (unless money is transferred to the perpetrator, often through cryptocurrency, within a period of time) the contents of your device will be wiped. This is precisely the experience of someone victimized by a ransomware attack.
Remember those old scams, where the target would receive an email from some nobility or long-lost relative that asked for a sizable loan or investment (all to be paid back with interest, of course)? These are phishing scams, known as such because the scammer responsible simply distributes a message and waits for someone to take the bait. As time has passed, these schemes have become much more effective - and harder to spot.
Cybercriminals have taken to pairing these attacks together to help them take advantage of as many targets as possible. Let’s run through a fairly typical scenario that someone using both may subject you to, and how you can spot these kinds of joint efforts.
Let’s say you open your business email to find a message that appears to come from the Microsoft Support team - which, unnoticed by you, actually reads “Micrrosoft Support” in one or two places. According to the email, there’s a hugely serious security issue affecting systems across the board, which is why Microsoft is supposedly sending out these emails, with the necessary fix bundled in as an attachment.
Trouble is, this isn’t actually a fix to an issue - it’s actually an executable file that installs ransomware when you try to apply the “security fix” and creates a huge problem.
This is exactly why these two distinct attacks combine so well… by incorporating phishing strategies into the distribution of their ransomware, a cybercriminal has the ability to boost how successfully their ransomware can infect the users that are targeted.
There are assorted warning signs that a message is a phishing attempt that you should always keep an eye out for in order to protect your business. For example:
There are many other steps you need to take to protect your business from these insidious threats - from keeping a comprehensive backup to user training to applying spam filtering to your email. Coleman Technologies can help you implement them - give us a call at (604) 513-9428 to get started.
News & Updates
Contact us
Learn more about what Coleman Technologies can do for your business.
Coleman Technologies Inc.
20178 96 Avenue, C400
Langley, British Columbia V1M 0B2
Operations Center
6600 Chase Oaks Blvd, Suite 100 Plano
TX 75023
