From the board level to engineering and sales, bright young minds and seasoned veterans alike are prime targets for cyber security intrusion. It’s not just people who hate computers or new users; the manipulative social science behind many cyber-attacks far exceeds the digital hacking methods that most people think of when they hear hacking. Is your Los Angeles business at risk?
To understand your data risks as a professional and to achieve peak cyber readiness, consider a few of these phishing, hijacking, and new art of the con methods in the digital world.
Phishing Continues To Evolve
Phishing, spear phishing, whaling: three terms that cover the rising intensity and specificity of con-artists in the digital era. The methods continue to change, the core concept for safety is simple: trust, but verify.
Phishing and similar attacks are achieved by fooling the victim into thinking they’re working with a trustworthy individual. This can mean anything from opening an attachment from someone pretending to be your investor to paying an invoice from someone pretending to be a vendor.
Verification is the obvious answer, but verification isn’t easy. Successful phishing attacks rely on increasingly deceptive mimicry and urgency, and the most potent phishers use a mix of old and new techniques.
Consider a company full of people with at least some internet knowledge–the near future, with Gen X and Millennial-aged professionals in leadership and Gen Z disrupting markets with startups. Digital common sense says to not respond to spam and to verify the address of an email, but what if the fake is really close? Not all companies employ LA IT professionals that can help establish protocols to know what is safe.
If your Accounts Payable department receives emails from XYZ Heavy Industries in Los Angeles for real purchases, how do you know what their real email is? Have you spoken with them in person? Do you know their system administrators or their mail exchange administrators? Do they use personal emails, or multiple emails from @XYZHEAVYINDUSTRIES.net?
Phishers can make fake email accounts that are a letter off, or may use ASCII or Unicode characters to fool the untrained eye. Some email services may detect those questionable practices, but what if an employee ignores the warnings? What if the email comes from XYZHeavyInvoices.net and your team hasn’t been burned by fraud before? Someone may take the bait.
These issues can be prevented by designing filtering and verification within your business. Utilizing a system that only allows emails from verified address to reach certain accounts can protect your team from fraud and tip off newer or inexperienced tech users. Seeing a phisher fail in the real world is better training than slideshows and online learning modules if you’re fortunate enough to emerge unscathed.
Phishing And Fast-Paced Business
You need to act quickly! This deal won’t last, and the market is ripe for the picking!
Urgency is a great marketing technique because it plays on the emotions of people looking for a deal. It’s also completely valid, as many small opportunities can come and go with great returns.
Cyber security attacks play upon the social science behind urgency just as much as legitimate and illegitimate marketers do on a daily basis. If a broker contacts you with a cheap sale, an innovative technology, or a chance to move in on an emerging market, you’re in a space of power and vulnerability at the same time.
Professionals acting on behalf of larger businesses may be looking at such deals every day. They’re individuals who may have huge corporate funds at their disposal if the deal is great for their team. Targeting these professionals rather than sole-proprietors is a great opportunity for theft because of their willingness to part with discretionary funds or entire project budgets.
Phishing isn’t just about buying into a potentially fake deal. When a professional arranges a meeting with a potential partner, they could be building a phishing profile. From the start, phishers will have a name, contact information, and voice of a professional.
Through discussing the deal, social engineers can pick up speech patterns, habits, hobbies, and other details that could help them scam someone else. They could scam the professional’s company, a company partner, clients, or even rivals who are known to steal ideas from the professional.
It’s all a big observation game, and you can’t prevent all information from be leaking. If you’re paranoid enough, even the CEO could be phishing! What matters is that you perform due diligence with a few steps to reduce fallout from cybercrime:
- First names or aliases only. Phishers could be building a directory of people in the business who respond. Don’t make it easier to track down professionals, their departments, project, and responsibilities. Use throwaway or burner accounts that don’t tie directly to the professional.
- Confirm your reward. They’re making the offer to you. If you can’t see the goods, keep it to first name or alias basis.
- Meet a real person. It’s harder to pull a scam if the other party can bring in the authorities. Make sure you have someone to sue.
The digital front is rife with challenge, and there’s no shortage of threats. While securing your data through anti-virus suites is important, be sure that your business can challenge and authenticate outsiders digitally and physically. Contact a cyber security professional to discuss other aspects of protecting your digital resources.