Over the past couple of years, cyber-crime has become more prevalent on a global scale. There are many tactics businesses can take to prevent ransomware.
Preventing a Ramsomware Incident
+ Does the network require two-factor authentication for all remote access?
+ Is there a secure data backup solution in the event of a ransomware attack?
+ Are the right email spam filters in place?
+ Is there a behavior-based antivirus software to help recognize malware?
What is Business Email Compromise?
Business email compromise (BEC) or “phishing” is a cyber-crime used to gain access to company email. This allows criminals to steal sensitive data and money by impersonating a coworker, manager or other trusted business partner through fraudulent wire transfer requests, fake invoices, or diverting payrolls. BEC emails are default to detect because they usually contain no malware.
Cyber criminals obtain email credentials through social engineering.
Social engineering involves a class of attacks using manipulation to gain access to confidential information or assets. Cyber criminals use this data by deploying malware or holding information in a system hostage.
Here’s How the Threat Actors Work:
Phishing pages: Cyber criminals send a link to a fake login page for a false Office 365 or Google page requesting your credentials that looks identical to the real O365 or Google login page.
- O365 example: An email is received stating Jane Doe shared a file with you. When the link is clicked, it opens a fake O365 login page. When credentials are entered, information is compromised.
- Google example: An email is received that appears to be from Google warning compromised account and passwords need to be changed. The website will provide a link to a fake Google login page where credentials are entered.
Another common way to steal credentials is via “Keyloggers”,” which is a malicious software that secretly captures keyboard strokes. A phishing email may contain an innocent-looking link, but the link is clicked, a keylogger is instantly downloaded and installed. Now, all keystrokes (including passwords and information like personal bank accounts, social media logins, etc.,) are sent to threat actors, including usernames and passwords.
This whitepaper will continue to dive into:
- Protection for businesses and employees
- Email Spoofing and how to best avoid
- BEC attack prevention
- And more ways to help thwart sneaky cyber solicitations
This material is for general information only and should not be considered as a substitute for legal, medical, tax and/or actuarial advice. Contact the appropriate professional counsel for such matters. These materials are not exhaustive and are subject to possible changes in applicable laws, rules, and regulations and their interpretations.