During an otherwise-normal day, you’re sitting at the computer, minding your own business, just trying to get those last-second edits done to the sales report you have to deliver in the morning. Your notification chirps and you see the company has emailed you. Almost by reflex, you open the email to see if it might contain something that demands your immediate attention.
Cybercrime is just that simple.
The simple act of opening an email these days has become a lot riskier thanks to a cyber hack called spear phishing, one of a family of variations that are more sophisticated versions of phishing which has been around for a while. Where phishing was generally built around an online offer and distributed to many people at once, spear phishing leverages something called social engineering which allows criminals to tailor the message more specifically to the you.
For instance, where phishing might have dangled a too-good-to-believe price on wine, spear phishing will include a variety of wine you have purchased or attach someone’s name to make you think a friend recommended you to receive the email. Hackers have also developed ways to nail down your workplace, job title and other details to make the scam look even more like a legitimate email. Other scams will bear the logo and likeness of well-known companies, such as Google instructing you to change your password or a utility needling you to confirm account information.
Once you click on it, you’ve cracked a door for the criminals to enter and look around via malware, an umbrella term describing software designed to cause all sort of havoc, from corrupted files to spyware which allows a criminal to see everything you do to ransomware which shuts down your machine until you pay up. In some cases, the cybercriminal will look to attack you individually, steal your personal information and drain your bank account, but more commonly they are using you as a portal to much bigger prey.
Let’s say a criminal wants to break into First Global Megabank, its billions of dollars in customer accounts and millions upon millions of files containing customers’ personal information. The hacker can try to find a way past FGM’s extremely sophisticated firewalls and other online protections, or they can target one employee with access to the bank’s network working from home on their personal laptop, bleary-eyed from not yet having had their morning coffee. Well, which one would you go after first?
Ideally, the end user would slow down and detect the subtle irregularities between fake emails and real ones, but this is easier said than done. Not only do we all get distracted from time to time, but the crooks have become so good at this, even cybersecurity experts have a hard time telling a phish email from a legitimate one. You don’t get to be the number-one cybercrime tactic in the world (representing 22 percent of global cyber-attacks in 2019) for nothing.
Phishing is a big problem that continues to grow, but there are some relatively simple steps anyone can take to protect themselves. The most obvious is installing software that sniffs out the phishy from the authentic email or notification. When choosing a high-speed internet provider, make sure to research what kind of security package comes along. Kinetic Secure not only offers top-of-the-line virus protection, but identity theft protection is also available, providing assistance to you in the event of a breach.
A secondary firewall is multi-factor authentication, a set of information needed to access accounts once the password has been breached. This could be a personal question such as “What is your favorite movie?” or it could be fingerprint or facial recognition. Either way, multi-factor authentication makes it much harder for criminals to advance should your password be compromised.
And finally, experts say backing up information is also a wise idea, taking critical information to the cloud or to external media such as a stand-alone hard drive. These options provide an easy-to-use and a generally cost-conscious way to recover from a breach.