Disasters are Prime Time for Cybercriminals.
How to Think Ahead.
By Ben Potaracke
Disasters and other big news events are "triggers" that move thislink(oritmaybeanattachment)andwe'llbeabletotellif
hackers to action. Even before Hurricane Harvey's wind died
you're one of the 143 million who was impacted." So, you click
down, hackers were already setting up bogus charities designed to
on the link and the hacker is in your system working its way to
exploit good people wanting to help the relief effort. They even
your sensitive data.
created web and social networking sites to further their credibility.
In a hacker phone scenario, the call might look like this, "Hey
Thinking ahead means understanding how hackers find their
this is Ben from Equifax and we're doing a double check to be sure
victims.
your information is protected. But, first I'll need to make sure it's
Most people don't know that cybercriminals are trend watchers.
you. Can you give me your social security number and birthday?"
They're "dark marketers" scoping out major events that fill your
Other big news events like the death of a celebrity, a compelling
thoughts. News aggregator sites like Reddit, Quora and Google
human interest story, new disease breakthroughs and holidays like
Trends show current events state-by-state or nationally ­ allowing
Christmas are just a few of the many opportunities hackers take to
hackers a steady stream of opportunities to create phishing and
enter your system. They just need "one" person in your company
phone scams related to those events.
­ it doesn't matter what their position ­ to give them access. Once
inside, a hacker can move laterally across your network.
It can't be emphasized enough, training your employees on email
security should be one of the first goals for hacker prevention.
Think ahead to build the best line of security defense.
Remember when your parents said don't talk to strangers? The
same advice goes for opening unfamiliar emails. Considering the
sophistication of hackers, sorting out legitimate charities can be
just as difficult.
Watch for indicators like:
· Signs of a `sound-alike' of a reputable charity.
· Refusing to give information on how your donation will be
used.
Thinking ahead means never saying, "It won't happen to us."
· Having no proof of their tax-deductible status.
Cybercriminals consider small businesses low hanging fruit and
· High pressure tactics to push for your donation.
it's why their attacks on small business keeps escalating. In spite
of more robust security budgets, big business also suffers under the
· Asking for cash only donations.
weight of cybercrime.
· Offering guaranteed winnings in exchange for your
Equifax, one of the largest credit reporting agencies in America,
contribution.
recently dropped a bombshell on 143 million Americans that an
For verification, check with third parties like Charity Navigator
authorized third party gained access to their customers' names,
or Guidestar to confirm that the charity you're considering is
dates of birth, Social Security numbers, addresses, and in some
legitimate. You can also see if they're registered with your state
cases, credit card numbers. It was a major score for cybercriminals!
through the National Association of State Charity Officials.
Street value of hacked emails is high. Profits are made by selling
off SSNs and drivers licenses for as much as $20 a piece to other
hackers. Multiply that times millions and hackers had a big
Ben Potaracke
payday! Most likely the victims in the sale of Equifax "spoils"
Senior IT Director
are already being contacted in phishing emails, phone and other
EO Johnson
scams.
bpotaracke@eojohnson.com
Emails account for 90 percent of breaches and attacks. Think
ahead about training employees.
Using Equifax as an example again, an attack could look like this.
You receive a phishing email that appears to come from Equifax
saying, "Your data has been compromised. Go ahead and click
18
MBA News | November/December 2017 | www.minnbankers.com

---