In today’s world of cyber dependence, the sharks are circling. Despite firewalls, malware filters and antivirus software, hackers know the tricks that cause you and your team to invite them in to your business… no break-in is required.
These predators appeal to your emotions of urgency, fear and curiosity to convince you (unknowingly) to open the door to your corporate network and steal the data.
The 2016 Verizon Data Breach Investigations report indicated a 12 percent click rate of phishing test emails! I know some legitimate marketers who would swoon at that number. In some situations, the link takes you to a webpage that looks and feels familiar. However, it’s actually a page that collects, and then rejects, each password you attempt to use for login. Hackers then begin testing your email address and passwords across thousands of websites. There may be malicious software on the other end of the link that your antivirus doesn’t recognize yet. Once installed, it’s hacker playtime.
Hackers also use a whaling scam that doesn’t require unauthorized access to your network. They send an email that looks and reads like it’s from the boss or another trusted colleague. The email may ask the individual to wire cash immediately to a vendor to avoid a disaster of some sort or request copies of all employee W-2 forms. The compliant employee jumps into action and rewards the hacker with what amounts to a cash prize – information that’s an easy sell on the dark web.
How can an email look like it’s from the boss but isn’t? Can you spot the difference between these two email addresses?
email@example.com vs. bpatrick@networkaIIiance.com
The first example is correct. In the second I used an uppercase “i” in “alliance” which looks like “II.” If you look carefully, you’ll see a very slight difference in spacing between the two letters. But, who takes the time to do that with every email?
In these scenarios and many others, the human element is always the weakest link. It’s our nature to want to be helpful and keep the boss happy. Hackers have learned how to motivate these emotions and use them against us. To learn more about more threats such as, vishing, pre texting, juice jacking and more, join me at QuickBooks® Connect in San Jose, CA, on Nov, 15, 2017, at 1:30 p.m. for my session, “In the Cloud or Not, You and Your Staff Are the Biggest Security Threat.”