What Costs $2.9 Million Every Minute And How To Protect Yourself From It?

$2.9 million. Hard to believe, but cybercrime costs the global economy $2.9 million every minute (according to the annual Evil Internet Minute report from RiskIQ).

Whether the attacks come from sophisticated opportunists, company insiders, international enemies or amateur hackers, malicious cyber activity has caused companies and businesses disruption to their operations, theft of personal and financial data, loss of productivity, and damage and destruction to both individual and corporate physical and intellectual properties. In February 2018, The Council of Economic Advisors estimated that malicious cyberattacks cost the U.S. economy between $57 billion and $109 billion in 2016.  

Do you remember hearing about the 2017 cyber-attack against Equifax which exposed over 140 million consumers’ personal information? And, how about in 2018, when hackers broke into Marriott’s computer systems and compromised close to 500 million customer accounts? Unfortunately, stories like these are told over and over again, year in and year out. As individuals, we can get smarter and more knowledgeable about what cyberfraud is and therefore, make it less likely to become a target of these attacks.

Social engineering is the act of manipulating or deceiving you to take action that is not in your best interest. The goal is to gain your trust and then exploit that trust by coaxing you into obtaining access to your network or divulging proprietary or confidential information. Although the forms and tactics are different, the main goal is to gain access. Some of the types of social engineering include:

Phishing is one of the most common forms of cyber activity. It includes sending someone an email with an attachment or link and once you hit the link, your computer becomes infected.

Spear Phishing is a targeted form of phishing where the originator uses a personalized message to gain your trust and in turn, access to your systems. The attacker spends time researching a user and its organization’s social media profile and website and then armed with that information, goes in for the attack.

Smishing is a form of phishing that uses text messaging to obtain personal information like passwords or credit card numbers.

Through vishing, your information is compromised when you divulge confidential information over the phone. Often, a scammer will call and mention a problem with one of your accounts. If you call the number they identified and release account numbers, your accounts are now open to fraudulent activity.

Another type of social engineering which involves a physical presence is Tailgating. In this type of attack, the attacker follows someone into a building under false pretenses and then quickly looks for an open computer to steal information.

A USB Attack or a Physical Attack occurs when an unidentified USB drive, which you believe to be from a credible source, is inserted into your computer. The hackers are clever and may even write a word on the drive that entices you to open the file. Once opened, malware, a program that has been designed to damage, disrupt or hack into your device, infects your computer and possibly spreads through your entire network.

Pretexting is another form of cyber activity. In this type of attack, an individual pretends to be someone else and by gaining that trust, they can infiltrate and gain sensitive information from you.

Purplesec, a cybersecurity firm specializing in offensive and defensive strategies, reported that 98% of cyber-attacks rely on social engineering. It is hard to protect yourself from an attack if you don’t know what an attack would look like. Knowing and understanding what social engineering looks like is half the battle. How do I protect myself and my organization from malicious cyberattacks? Some specific things to look for include:

Spelling and grammatical errors – legitimate organizations and companies have dedicated marketing and communication personnel to create, verify and proofread customer communications before it is sent out. If an email contains these types of errors, this should be an immediate red flag.

Verify the sender’s address – often criminals use an email address that closely resembles the one they are trying to impersonate. For example, www.americanexpres.com is missing the second ‘s’ from express.

Unexpected email or suspicious attachment – if you receive an unsolicited email requesting you to open an attachment, it is often a sign of malicious cyber activity. Before you open any attachment or hit any link, you should always verify the authenticity of the email. Contact the individual or organization to verify – don’t respond to the email or call the number listed. Do your own research to locate contact information.

Safeguard your personal information – do not provide personal information in an email or over the phone unless you are certain the requestor is authentic.

Use a secure Wi-Fi – always make sure you are working on a secure network. And if you are not sure, never provide account information, financial numbers or sensitive personal information electronically.

Long hyperlink – if you receive an email with a long hyperlink and little to no further information, do not hit the link. Cybercriminals are counting on your curious nature to open the link.

Generic greeting – if the signature or greeting is generic that should be a red flag to investigate a little further. A trusted and legitimate organization will most likely address you by name and provide their contact information as well.

Install anti-virus software – it is a good business practice to install and maintain anti-virus software and firewalls to reduce some of this unwanted activity. 

Cybercriminals are becoming more sophisticated in their forms of deception and malicious activity. Understanding what fraud looks like in the rising age of digital information is the first step in fighting these fraudulent attacks. Unfortunately, the FBI’s Cyber Division has seen a spike in cybercrimes as both domestic and international hackers are trying to take advantage of Americans moving more activities online. Be cautious in your online activity and verify any suspicious communication you receive.