Cyber Security Month week 3: Avoiding cyber fraud and scams

Each week in October, we’re blogging about the importance of cyber security – both personal and business – to coincide with European Cyber Security Month (ECSM). ECSM runs in tandem with the US National Cyber Security Awareness Month (NCSAM), both dedicated to raising awareness of the importance of good online security practice. You can read the first two blogs in our series below:

• Week 1: Personal cyber security hygiene
• Week 2: Digital skills and education

The week 3 theme is dedicated to helping both businesses and consumers understand how to spot and prevent cyber scams, with a particular focus on protecting your finances. Technology has advanced and changed the way we manage and spend our money; 51% of consumers prefer online to in-store shopping (EmpathyBroker), and the use of online banking has almost doubled from 35% to 69% in ten short years (Statista).

But as technology makes our lives easier, it makes us vulnerable to hackers. Cases of telephone bank fraud – also known as vishing – are well-documented, yet banks are still forced to warn their customers via emails, app alerts, text messages and even television advertising that, should they receive a call from someone purporting to be from their bank, to never give out details.

It’s a lesser-known fact that this social engineering trick works both ways. Fraudsters can now call your bank and pretend to be you very easily, rather than the other way around. How can they do that? Simple online research. We came across a two-minute video that shows just how easy this is to do with minimal details and a little background noise…

But it’s not just your personal finances that criminals will target. Businesses are a goldmine for fraudsters – even smaller businesses with modest turnovers. In fact, cyber criminals would use the fact that you don’t consider your business big enough to be hacked against you.

CEO fraud (or ‘whaling’) and social engineering are some of the most dangerous and most effective ways a hacker can target your business. By posing as your CEO, or perhaps another member of your senior management team, or even a colleague in your finance team, hackers can extort thousands by using the inherent trust you have in your colleagues.

These attacks use similar tactics to personal bank fraud, using the internet to find details on the person they aim to impersonate. When hackers use vishing tactics to execute these attacks, urgency is incredibly effective. Think about it; if you received a call from your CEO insisting that you needed to make an urgent transfer, you’d be likely to action it, wouldn’t you?

Email spoofing is also an effective method, and the telltale signs of a spoofed email are getting harder to spot. Hackers tend to closely replicate a business email address – such as using a c instead of an o, a lowercase l instead of an uppercase i, and so on…) – and might not sound exactly like your colleagues, although thanks to their online research, they can probably do a pretty good job of it. Quite often, these requests will be urgent if it’s regarding a money transfer. If the hacker is phishing or targeting you with malware, there’s probably a suspicious attachment or link somewhere. Never open any attachments you weren’t expecting, and always hover over any links to ensure they’re genuine. Our blog exposing email spoofing goes into this in further detail.

If you’re looking for more information on these particular types of attacks, take a look at some of our dedicated blogs:
Phishing, vishing and smishing
CEO fraud, also known as whaling
How to spot spoofed emails

To better protect yourself and your business from cyber scams, you might be interested in some of our other security blogs:
• The worst cyber security practices and how to avoid them
• How to create a truly strong password
• Key cyber fraud statistics
• Typosquatting – why misspellings could lead to malware
• The most successful phishing emails and how to avoid them