In previous editions, we discussed the various forms of Phishing Attacks ( https://univista.com/posts/when-in-doubt-throw-it-out-e-g-delete-move-to-trash/ ) cybercriminals employ to take advantage of individuals and situations. These include: Phishing Emails, Spear Phishing, Whaling Emails, Vishing/Smishing, Angler Phishing. For a review of these techniques, please click the link above.
We frequently highlight new scams on UniVista’s Corporate Facebook page. If you haven’t taken the opportunity to “Follow UniVista” at https://www.facebook.com/weareunivista, we highly encourage you to do so.
We wanted to wrap up this segment on cybersecurity scams with an easy to remember tip. Firstly, human-error is the weakest link for cybercriminals. Avoid just “clicking on things”. It’s always important to be on guard. You’re more vulnerable when you’re tired, frazzled, or distracted by work. It’s times like these that we need to be most vigilant.
Volume and Credible Looking Attempts – Don’t take the bait!
Cybercriminals will send texts and emails with phony links that can not only cause a data breach but can also have many significant financial and legal consequences. One technique is Prompt Bombing; in this scenario a message is sent multiple times, with a simple somewhat familiar clickthrough link, for example, from your bank, Amazon, eBay, etc. Cybercriminals repeatedly send these malicious links with the hopes that if you receive something multiple times, and it looks somewhat familiar, you will just naively click on it to make it go away. This scam is often done very late at night when an individual is likely tired, not at their peak performance and/or is awoken by their phone dinging on their nightstand, generally when their guard is down. A good way to prevent this is to simply keep your phone in another room and/or turn certain notifications off, or put your phone on “do not disturb” mode at bedtime.
Another popular scam that also is used by the aforementioned “Prompt Bombing” scenario, is Impersonating Credible Sources. In this scenario an email or text is sent from a “trusted source” that has very similar looking url’s to the original to click on. These often mimic your credit or banking institutions, Amazon, Microsoft, etc. Names that seem fine at first glance, but are just not quite right: “Faceboock”, “Micros0ft”, “Wells Fargoo”, etc. Usually, these are pretty easy to spot – unless you’re distracted and reading through things quickly. The malicious link provided takes an unsuspecting victim to a “fake page” that resembles that institution’s/organization’s real page. Often the fake page attempts to obtain the victims information, like passwords and account numbers, to gain access with later.
Again, human error is typically an organization’s weakest link. Unfortunately, individuals fall victim to these scams when they are distracted and trying to multi-task. It’s best to make it a personal policy to never review or act upon these types of emails when you are busy doing other things.
If you have any questions on cybersecurity or how to keep your organization safe, please don’t hesitate to contact UniVista. Additionally, for those of you who have a UniVista Support Agreement, we offer regular cybersecurity training.