There are many types of cybercrimes in the world, including social engineering, email phishing, spear phishing, whaling, malware, and multiple brands of ransomware attacks. The most common for small businesses are phishing and ransomware.
Phishing is the fraudulent practice of sending out mass emails claiming to be from a reputable company or person to convince individuals to reveal personal information, such as passwords and credit card numbers. Phishing tactics have existed for over 20 years, and every year they become more convincing. The best phishing emails resemble links from sites that users are on every day, like Amazon, Dropbox, and Gmail. The more convincing these attacks become, the greater chance you have of becoming an unsuspecting victim.
A more specific type of phishing attack is “whaling”. Like phishing, a “whaling attack” or “whale phishing” is a form of email trickery that typically targets high-profile employees, such as CFOs, CIOs, and CEOs. Since these individuals hold higher positions within a company, they’re more likely to have access to sensitive information. The goal of a whaling attack is to ultimately manipulate the victim into authorizing a wire transfer to the attacker. It may also include infected hyperlinks or attachments infected with malware to solicit information. These attacks are often more difficult to detect due to their level of personalization in the email and may even appear to come directly from the CEO.
Now that you are familiar with phishing and whaling attacks, here are 7 best practices to spot them:
- Look at the sender’s email address – The email address can be spoofed to look like someone you know. It could also be one that has a different country’s domain on it.
- Look at the subject line – Does it create a sense of urgency? These are typically viruses. Does it have 1 word that appears to be a response like “Re: Document”? This is also an obvious sign of a virus.
- Look at the body of the message – If the sender is a recognized sender, does it follow their normal emailing criteria? Does it have a salutation? Is it directed to you specifically, or is it generic (Hi vs Hi Adam)? Does it have a signature for the person who sent it? Does it match the name of the person you identified in the email address above? Does it have the company’s contact information and/or graphics that you’ve been accustomed to seeing if you’ve received mail from them before?
- Look at the content of the body – Is it just asking you to open a file or go to a website link? Does it have ‘syntax’ gone wrong (for example, does it finish with </html1 – this is a huge giveaway that it’s a virus or worm.)
- Look at the direction of the message – Does it ask you to open the attached file? Does it create a sense of urgency? With viruses, the purpose of the body is to entice you to open the attachment. A common cyberattack method is to instill a sense of fear and urgency.
- Always check the grammar and spelling of the email – The majority of these emails originate from places other than the U.S. The creators are usually not native English speakers, resulting in misspelling or punctuation errors.
- When in doubt, ask- If you are unsure about an email, reach out to the purported sender for clarification. There is no harm in double checking.
Another common type of cyberattack used to target small businesses is ransomware. Ransomware is a type of malicious malware that threatens to publish a victim's data or eternally block access to it unless a ransom is paid.
Cybercriminals have become more strategic and direct in their methods, with creative ransomware attacks on the rise. The most common form of delivery is through some sort of phishing attack. Malware can do many things on your device, but the common action is encrypting user files. After getting access to the victim’s files, the goal is to manipulate them into paying the attacker a ransom, usually through bitcoin, in order to receive their information and data back, decrypted.
Most importantly— do not under any circumstances— pay the ransom. There is no guarantee the attacker will decrypt the files upon receiving payment. They may just take the money and run. Instead, contact your IT provider to stop the malware from spreading and help restore your files.
Ransomware attacks come in many different shapes and forms. Provided are a few of the most common attacks and how they infiltrate your network:
- WannaCry-This type of ransomware is spread through the Internet using an exploit vector named EternalBlue, which was leaked from the U.S. National Security Agency.
- Locky- A common attack that is spread via an email message disguised as an invoice.
- Cerebr- This brand of attack targets cloud-based Office 365 users and uses an elaborate phishing campaign.
- Jaff- A Jaff attack is spread using malicious PDF or WSF files that have an embedded doc file, which downloads an encoded executable file or program.
- Cryrar/ACCDISA- This unique ransomware attack uses a legitimate executable RAR archiver file to place the victim’s files in password-encrypted RAR-sfx archive.
- Spora- USB drives are used to spread this attack while simultaneously encrypting files.
- Purgen/Globelmposter- This ransomware attack starts by encrypting various files and appends any number of various extensions to the name of each encrypted file.
- Shade- When a device is infected with Shade ransomware, its desktop background announces the infection and instructs the victim to access a .txt file for details. The .txt files generally includes an email address and instructions on how to send a ransom payment.
- Crysis- This cyberattack can encrypt files on fixed, removable, and network drives by using strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.
It’s not just email, phone calls, and links you should worry about; social media has become the perfect hunting ground for cybercriminals looking for vulnerable targets. Phishing and scams run rampant on social media; experts estimate that 600,000 Facebook accounts are compromised every single day. By securing your passwords and setting up security settings like two-factor authentication, you can be one step ahead of the game.
Cloud Backup and Security
Most people think about ransomware as a security issue, but that’s not entirely accurate. Ransomware makes backup and security inseparable. It won’t matter if you’re a victim of ransomware if you’ve lost all your data. It is important to move to a digital cloud service for storing business-critical data and documents. Moving your information into the cloud may seem complex, but it’s quite simple and secure.
Besides the obvious security reasons, digital access to files allows for seamless collaboration between departments, interconnecting devices, and improving remote work capabilities. Making this switch now may mean you can maintain basic operations and reduce downtime in the event of a disaster. Cloud backup services also allow you to keep your records digitized and offsite, which ensures access and keeps backups safe and secure.
The traditional practice of storing physical hard copies has become antiquated, not only due to the amount of space needed to store them but also the possibility of destruction. In the event of a natural disaster like a flood, fire, or tornado, those files would be lost forever.
Switching to cloud backup services eliminates the risk of losing important data permanently and allows you to plan for data recovery in the event of a disaster. It’s important to proactively create a recovery time objective (RTO).
After a disaster or disturbance, a company will experience a period of downtime. It’s important to know how long your company can be down to avoid a break in business continuity and resume operations. With a cloud-based storage system, the digitized files can reduce the risk for small businesses.
However, simply switching to a cloud backup service is not the answer to everything. You are only as protected as the safeguards put in place by your provider.
When you analyze your Managed Services Agreement, ask yourself these questions:
- Will your data be protected if it gets deleted, damaged, or destroyed?
- Is your service covering all your compliance needs?
- Does this service protect against ransomware?
- Is there flexibility if migration is needed down the road?