Who could have predicted that in September of 2021 we would still be dealing with the uncertainty of COVID? Unfortunately, in addition to the health pandemic, COVID is contributing to a cyber pandemic. In fact, by the end of this year it’s estimated that damage from cybercrime will cost $6 trillion; double the $3 trillion spent in 2015. And by the end of 2025, estimates place the expense of cybercrime to be more than $10 trillion.
Cybercrimes, like most crimes, are opportunistic and the pandemic was a perfect storm of opportunity. As more workers went home to work remotely and most companies not having the security infrastructure in place to manage the increased security concerns cybercrime grew rapidly.
According to an article published by IDAgent, phishing attempts have increased by more than 660% since the beginning of the COVID pandemic. That’s a staggering statistic! But why such an explosive increase? It’s a risk and reward game. Criminals seek the greatest opportunity for making the most money at the lowest possible risk.
So, cybercriminals focus on phishing and smishing to bait consumers into providing them with personal information.
Phishing is a cybercrime term that describes how criminals pose as legitimate institutions or a trustworthy entity/individual to trick you into providing sensitive data such as login IDs and passwords. Phishing emails are a great way for hackers to gain access to your system. 90% of incidents that end in a data breach begin as phishing emails.
Smishing is a cybercrime term and it’s the same threat as phishing except the cybercriminals are using text messages sent to your smartphone instead of sending emails. As more workers are using their personal devices such as smartphones, cybercriminals can access your business network by installing malware on the users phone.
Brand recognition is the most common way cybercriminals entice consumers to click on links and gain access to your system through attached malware that asks for ID and password input. We are still amid a pandemic and cybercriminals could be using brands such as WHO (World Health Organization), CDC (Center for Disease Control), and local health departments to lure consumers. In addition, cybercriminals bait the consumer by sending them a text message containing a false sense of urgency. Examples include unknown service charges, erroneous bank transactions, invoices or online purchases, cash prize winnings, and suspended account reactivation notices.
How do you protect yourself and your business? Educate yourself and employees.
Phishing and Smishing quick tips to help you avoid falling victim to these techniques whether at home or the office:
- Verify the source of the email by checking the ‘From’ field to validate the sender. Phishing emails will appear to send you an email from a trusted source but in reality, they are spoofing the “from” address. What does that mean? The name of your contact shows as it always does in the “from” field however, when you hover over the name or you see it in the preview pane of your inbox the email address associated with the contact is not the actual email address.
- Pay very close attention to the domain name of the websites you visit or that are revealed in embedded links in communications you receive.
For example, www.microsoft.com and www.support.microsoft.software.com are two different domains. (and only the first is real).
- Be sure to report all suspicious emails to your information technology support.
- NEVER open email attachments that end with: .exe, .scr, .bat, .com or other executable files you do not recognize.
- Beware of “unsubscribe” – cybercriminals are using this to gain access as well. It is easier to delete the e-mail than to risk security breaches.
- NEVER click embedded links in messages without hovering your mouse over the link first to check the URL and verify the domain is safe/secure.
- Do not respond or reply to spam in any way. Delete the message and then delete it again from your deleted folder.
- Do not click on links sent to you via text message
- Don’t reply to the text message or call the number– Often, scammers don’t know if the numbers they’re using are actually active. Providing a response to the message will verify to them that the number is indeed active, leading them to continue and potentially increase the number of scam messages you’re receiving.
- Call the company directly- if you are receiving a text message from a well-known company or a company you are doing business with and there is concern, please call the company directly instead of clicking on the message or calling the number in the text. Call the customer service number of the company.
OIA is dedicated to providing you with risk management solutions to protect your agency. If you have any questions or concerns, you can reach Jodie Shaw at firstname.lastname@example.org or 614-552-3036.