How to Avoid the Most Common Cyber Scams at Work

IT security is on many people’s minds these days, especially with high-profile data breaches becoming more common. A lot of people are still not quite versed in how to avoid phishing scams at work, and how to deal with other computer security threats.

Phishing

Phishing is a form of email fraud. The hackers send emails that appear to be from a reputable company, most often a bank or payment processor, to trick people into giving them their account login details. When the victim clicks on the link in the email, they are sent to a fake site. These attacks can be quite sophisticated. A variant is spear phishing when specific individuals are targeted with personalised scam attempts. These are often attempts to get information from your company or employer. The way to protect yourself from phishing is simple: never click on links in email. Instead, go to your bank’s site manually by typing in the URL or using an established bookmark. Phishing emails often tell you your account has been limited or that they need your information right away to ‘verify’ something. If this is true, you will get a message when you go to the site.

It’s vital to make sure that everyone who works for you knows how to avoid being phished. If you do fall victim, you will need to change all of your passwords and will likely have to get a new credit card. Victims should also lock their credit record, at least temporarily.

Ransomware

Ransomware was in the news when the WannaCry malware took down the NHS in 2017. In August 2018, Ryuk ransomware appeared and attacked a number of US businesses, raking in the bitcoin and causing inconvenience and downtime (Ryuk appears to be a targeted attack).

Ransomware may be delivered through a phishing attack, through a hacked Facebook or another messenger attack, or through a compromised attachment. It’s wise not to open attachments, even from people you know unless you were expecting the file. If somebody sends you an attachment, ask if it really came from them, by a means other than email. It is more likely that their email was spoofed than hacked, however. In most cases, it is a good idea to turn off vssadmin.exe on Windows machines. This utility has legitimate purposes, but those are rare, and it is also used to encrypt backups during an attack.

Mobile Malware

Most people now know to run anti-virus software on their computer. Hackers are, however, attacking phones and tablets much more often. Make sure that your employees know to run anti-virus software on their phone and to download apps only from the official app store. Apps in the store are at least somewhat screened and vetted, and while this doesn’t completely prevent trojans, it does help. Rooting malware is the largest threat, as it can get modules into the system files.

In some cases, even a factory reset can’t get rid of the malware. Rooting malware most often shows the user a lot of advertisements. Some other forms of malware use phones as bots to click on ads (as a form of fraud) or hijack mobile banking apps to steal login credentials.

There are a few basic ways to avoid all computer security threats that you should practice and train your employees in:

• Use a strong password, change it regularly, and avoid using the same password on all of your sites. Passphrases are often better than traditional passwords.
• Do not click on links in email, but rather go to the URL manually.
• Do not open unsolicited attachments, no matter who they appear to be from.
• Do not accept friend requests from random people on social media (they may be social engineering scammers).
• Keep all software patched and up to date.
• Run malware protection on all devices, including smartphones and tablets.

If you practice proper computer hygiene, you can avoid many of the current IT security threats and keep yourself and your company safe. This will also make life much easier for your IT department and help you protect your identity at home.