Hackers Are Increasingly Targeting People Through Their Phones

Hackers Are Increasingly Targeting People Through Their Phones

We do so many things on our smartphones: We stay in touch with friends and colleagues, we do our banking, we look for work, and so much more. Unfortunately, while phones have made it easier than ever to go about our everyday lives, they also offer another way hackers can reach us by gaining access to our money and private files. While hacking may look different than it did when home computers first became commonplace, some old school tactics are still in use alongside the new and insidious approaches hackers use to gain unauthorized access to our devices. Even if you are pretty tech-savvy, you may be inadvertently exposing yourself to risk.

Hackers target our phones for a wide variety of reasons, but there are steps you can take to protect yourself. If you think you have been hacked, please read our blog post: Hacked? Here’s What to Know (& What to Do Next). To help safeguard your smartphone as well as any networks it connects to, you and your team should be reviewing your security practices regularly.

Why Hackers Target Phones

Blonde woman reading her phone while holding coffee
According to the Pew Research Center, 81% of Americans use smartphones. This ubiquity partnered with the fact that many shopping apps (particularly Android apps) contain high-level security vulnerabilities. Many apps also transmit unencrypted user data, making smartphones easy targets for hackers.

To Steal Your Money or Financial Information

Ransomware attacks aren’t limited to desktops and laptops. A ransomware attack could paralyze your phone, keep you from accessing critical files, and allow unauthorized users to access sensitive personal data. The basic anatomy of a ransomware attack involves hackers tricking users into downloading malicious software (malware), which they use to take control of the device and lock users out. The hacker then threatens to delete critical files or release private information unless the user agrees to pay the ransom. While some users may be tempted, paying the ransom doesn’t guarantee you will regain control of your device or your data.

In one case, a third-party Android app promised users it would optimize their system, but instead stole money from their PayPal accounts. This wasn’t technically a phishing attack, since the login process was legitimate, but once users logged in malware initiated the automatic PayPal transfer. Other hackers target victims’ wallets by tricking them into downloading fake mobile payment apps. Once victims have entered their payment information, the hacker can do things like empty your bank account or charge purchases to your credit card.

To Eavesdrop on Your Phone Calls

While phone calls may seem old fashioned to some people, the truth is we talk about a lot on the phone. Even if you don’t use your phone to stay in touch with loved ones or discuss sensitive business information with colleagues or clients, you may have to call your bank or the government to access services. During calls with your bank, you will likely discuss your banking details, and calls to the government will inevitably require answering verification questions and confirming your social security number.

There is currently a flaw (called SS7) in the US cellular exchange that allows hackers who know a target’s phone numbers to listen to calls, read text messages, and view user’s locations. Even though US agencies have known about this issue for some time, they have yet to take action to address it, leaving American’s phone privacy at risk.

To Blackmail You

Blackmail is nothing new, but the tiny computers we carry around in our pockets contain more personal information than our desktops and laptops do, making them tempting targets for hackers.

A typical blackmailing hack may go something like this: The hacker obtains some personal information on the victim that is already available on the black market, likely as a result of a previous, unrelated breach. They use this information to trick the victim’s phone company into believing they are the user and convince the company to transfer the victim’s number to a new phone owned by the hacker. When phone companies transfer numbers, they often transfer all the information on the old phone as well, which hackers can then use to blackmail their victims. In order to regain access to their personal files, victims may feel pressured to give in to the hacker’s demands or pay a ransom.

To Mine Cryptocurrency

Any computing device, including smartphones, can be hijacked by hackers and used to mine cryptocurrencies such as Bitcoin. This attack is referred to as cryptojacking. For more information on cryptojacking, and what steps you can take to safeguard yourself, please read our blog post Cryptojacking: Because Every Currency Needs to Be Protected.

To Gain Access to Your Company

Even if hackers target your phone, you may not be their primary target. A large percentage of office workers are currently working from home, which means many of us may be using our personal smartphones for business purposes. While working in a BYOD (bring your own device) exposes companies to risk providing work laptops and work smartphones for every employee may be cost-prohibitive. Fortunately, there are steps companies and workers can take to safeguard their devices and the company network. For more information, please read our blog post, Keeping Your Network Secure in a Bring Your Own Device World.

Just For Fun & Fame

While many hackers are motivated by financial gain, some hack others for entertainment or to gain fame in hacker circles.

Cybersecurity Steps You Can Take to Protect Yourself

Combination lock sitting on a cell phone

Stay Away From Third-Party App Stores

One of the easiest things you can do to protect yourself is to avoid third-party app stores; only download apps from trusted sources such as the Apple app store or the Android app store. However, hackers and other malicious actors have been able to penetrate these platforms as well, and some rogue apps have slipped through, so while this rule will reduce your odds of downloading a malicious app, it doesn’t completely eliminate risk.

Keep an Eye on Your Settings

Checking your phone’s settings can help you spot suspicious behavior. If your phone seems to be chewing through its battery more quickly than usual or appears to be running more apps than you currently have open, it may indicate a hacker has downloaded and is running a malicious app on your device without your knowledge.

Wait Before You Download

While you may be tempted to download that shiny new app as soon as it launches, waiting can help you ensure that new apps are free of serious security flaws. Waiting also gives developers a chance to issue patches to address any issues that do come to light.

When in Doubt, Don’t Click

Whether you are using your smartphone, desktop, or laptop, if you:

  • Encounter a suspicious site
  • Are sent a suspicious link
  • Stumble across a sketchy looking popup
  • Notice that there are apps on your phone you don’t remember downloading

You should stop using your phone until you can get some answers. If you think you may have been hacked, you should contact your MSSP right away for advice and next steps.

Proximity Tracing & You: What to Expect as the World Returns to Work

Proximity Tracing & You: What to Expect as the World Returns to Work

COVID-19 has had a profound effect on our society, affecting our health, our work, and our overall well-being. Proximity tracing aims to help track the spread of this virus and use this information to limit future infections.

What is Contact Tracing?

Contact tracing, also called proximity tracing, is, at its core, detective work. Trained medical professionals interview individuals who have contracted a contagious disease to determine who they have recently been in contact with.
This information is used to inform individuals who may have been exposed so they can take steps to prevent the disease from spreading further. In some cases, such as COVID-19, this involves going into isolation. Contact tracing also provides medical professionals with information on how different diseases are spread, which they can use to help the general population flatten the curve using measures such as social distancing.
Contract tracing has been successfully used before to help curb infection rates during the 2003 SARS outbreak and the Ebola outbreak of 2014. It has also been used to track other diseases such as tuberculosis.

Why Contact Tracing Apps Are So Important


Though medical professionals have been using contact tracing for years, COVID-19 has put a spotlight on this important medical investigative tool. To help flatten the curve, Apple and Google are working together to create a cross-compatible contact tracing app.
An app would allow contact tracing to happen automatically, which means that medical professionals would no longer need to conduct lengthy interviews and contact each potentially infected individual.
This app, and other apps like it, trace contact automatically by recording when two people are close enough to one another for a long enough period of time that there is a significant risk a contagion (such as COVID-19) could pass from one person to the other.
This information is securely stored for a set period and used to alert individuals if they were in close contact with someone who has now tested positive so they can take appropriate steps.

Mitigating Potential Privacy Concerns

Tracking people, even if it is for the benefit of public health, raises privacy concerns. To protect user identities, these apps don’t rely on GPS data or other personal information and don’t reveal any identifying details. Instead, the app simply tells the user that they have had contact recently with someone who has now tested positive and should take precautions such as getting tested and self-isolating.

How Contact Tracing Apps Work

The apps work like this: once you download the app (and ensure your Bluetooth is turned on), the phone sends out a message with pseudorandom gibberish every few minutes. This information is picked up by other phones nearby that also have the same app or a compatible app installed. The pseudorandom nature of these messages means they don’t use GPS and don’t contain any personal information that could be used to identify the user specifically.
So, how can the app trace contact if it doesn’t have access to any identifying details or GPS information? The phone both sends out messages and listens for messages from nearby phones. If 2 phones with the same app, or compatible apps, stay close to each other long enough for possible transmission to occur they exchange their respective strings of gibberish.
Each phone then remembers all of the messages it sent and received within a set period (such as 2 weeks). Then, if one user gets sick and tests positive for COVID-19, they can tell their phone to check it’s send and received messages against a hospital or other health authority database.
The database then uploads and stores all of the gibberish messages from the infected person’s phone. Other users’ phones check their own received messages periodically against this database. If the same gibberish message is found in both the database and a user’s list of received messages, then the app knows the user may have been exposed to the virus. The app then alerts the user, who can then self-quarantine to prevent further spread.

What if Not Everyone Has the App?

The more people who use compatible tracing apps, the better since that means more potentially infected but asymptomatic people can be warned and self isolate before infecting others.
Infectious disease epidemiologist Cristophe Fraser and his colleagues at the University of Oxford have predicted how using an app could help stem the spread of the virus. Their model found that if about 56% of the population (or about 80% of all smartphone users) used either the same app or compatible apps the rate of infection would go from a reproduction number (R0) of 3 (roughly where it was at the beginning of the epidemic) to less than 1 (which is well below the necessary threshold for containing the outbreak).
The Oxford team’s model is based on several assumptions that need to be taken into account:

  • It ignores the use of widespread social distancing rules, which have had a large hand in reducing infections even without contact tracing.
  • It assumes that individuals over 70 continue to self-isolate, severely limiting their chances of getting infected or spreading the disease.
  • It assumes that traditional contact tracing measures are not being used in tandem with the app.

However, if even a few users download compatible tracing apps, infection rates go down. And as usage rates increase, infection rates will decrease.

What Should I Expect When I Return to Work?


Post COVID-19 workplaces will likely look very different from what we are used to, and will likely adopt many of the safety measures essential businesses have already put in place.
Contact tracing will likely become standard practice, with organizations either insisting their employees either use approved contact tracing apps or other methods of electronic contact tracing and share the collected data with their employer.
Good contact tracing methods will be valuable both to track the potential spread of infection between employees as well as the spread of infection from employees to visitors or customers or vice versa.

Working from Home Becomes the Norm

Many organizations will rethink the need for employees to come to the office every day. They may begin by asking employees to self-isolate at home for 14 days if they have had contact with an infected person within the last 2 weeks or have recently traveled outside the country.
Companies may also encourage employees to work from home whenever possible. This will reduce the number of people in an individual workplace on any given day and will likely reduce the demand for office space.

Increased Safety Measures

Temperature checks at the beginning of shifts will likely become the norm, and individuals with fevers will likely be sent home or otherwise denied entry to the building. Organizations that work with the public, such as retail stores, may also prohibit customers from entering if they have a fever.
Employees may also be required to wear PPE (such as facemasks) either at all times or when social distancing isn’t possible (such as when riding the elevator). Employers will have to either provide workers with PPE or set guidelines to ensure that the PPE employees bring from home offers adequate protection.

Facilitating Social Distancing

Social distancing is likely here to stay. Workplaces may adopt electronic social distancing practices, like the social distancing necklaces used by one Italian museum. Necklaces, bracelets, lanyards, or other wearable social distancing devices will buzz, flash, or emit a noise when 2 wearers get too close to one another.
How we move about our workplaces will also likely change as employers may also choose to designate set entrances and exits and make hallways one way to better facilitate social distancing.

Rethinking the 9 to 5 Workday

In workplaces where working from home isn’t an option, or isn’t an option for everyone, employers will likely choose to stagger shifts to limit the number of individuals in the workplace at one time.

Changing Workplace Layouts

What the workplace looks like will also change. Employers may rearrange workstations to ensure their workers can safely practice social distancing. This will likely include ensuring workers remain 6 feet apart, moving away from open-plan offices, and potentially limiting the number of employees in the building at one time.
Common areas, such as lunchrooms, will likely be reimagined or closed entirely. Spacing tables farther apart, staggering breaks, and increased cleaning between breaks will all likely be required to ensure these common areas can be appropriately sanitized, and employees can sufficiently social distance.
Workplaces in the post-COVID-19 era will likely look very different than they did just a few short months ago. Even once a vaccine is developed and made widely available, how we trace and fight disease will be forever changed as apps make it easier than ever to trace contact between infected individuals and potentially infected people.

The Ultimate Guide to Cybersecurity in the Healthcare Industry

The healthcare industry continues to lag behind on cybersecurity, even as it is increasingly targeted by cybercriminals.
Why is that, and what can you do to better protect your organization in 2020?

The True Cost of Healthcare Cybersecurity Breaches

When most of us think of organizations being hacked or breached, we think of sensitive data being leaked, causing profits to plummet, or vital documents being held hostage until a ransom is paid. However, when it comes to the healthcare industry, often the true cost of an attack is much more than just money.

The Cost to Patients

Ultimate Guide to Cybersecurity in the Healthcare Industry
The inability to access medical records, lost productivity as systems are down, and money paid to cybercriminals all have a real impact on the health and wellbeing of patients. One famous healthcare-focused cyberattack, the 2019 ransomware attack on the Grey’s Harbor Community Hospital and Harbor Medical Group, forced the hospital and the medical group’s clinics to revert to paper medical records and affect backups. Though most records were recovered, it still isn’t clear if some medical records were permanently lost.
A breach can also damage the relationship between the patient and their doctor, as many patients may avoid seeking medical help if they are worried cybercriminals or other unauthorized users may access their private medical information. These emotional consequences can seriously damage the health and wellbeing of patients and make it more difficult for doctors to rebuild patient trust and ensure their patients are getting the care they need.

The Cost to Medical Science

Depending on the nature of the breach, valuable research data and intellectual property may be damaged or lost, which can delay research into life-saving treatments. That sort of research is invaluable, and its loss can have devastating consequences for the health and wellbeing of potentially millions of people.

The Unique Challenges of Healthcare-Focused Cybersecurity

Research has shown that the healthcare industry is a prime target for medical information theft at least in part because it lags behind other industries in securing its vital data. So why does this industry, whose assets are crucial to human health and wellbeing, lag so far behind?
To begin with, so much of what hospitals do relies on the internet, from patient test results and medical records to the various machines and technologies used to provide patient care. While this interconnectedness is excellent for data integration, patient engagement, and clinical support it also means that a ransomware or other attack can spread quickly between vital systems, accessing patient data and other highly sensitive information, hijacking medical equipment to mine cryptocurrencies, or shutting down entire hospitals or hospital networks until a ransom is paid.

Not All Software Can be Patched

One of the unique challenges of healthcare is that there is a wide mix of equipment. While some equipment is cutting edge, many pieces of healthcare technology still in use were made by companies that are no longer in business or run on old software that has gaping security holes that can’t be patched. That means that even if vulnerabilities are known to exist (which isn’t always the case), there may not be a way to fix them.
The obvious answer would be to move away from outdated software and equipment with known vulnerabilities, but that is easier said than done. While a small or even medium-sized business could handle a temporary shutdown to migrate the entire network over, hospitals and other healthcare facilities don’t have that luxury: the entire system needs to be running 24/7/365.
Shutting down older equipment and transferring all of the data stored on the network can also be incredibly costly. The ability to patch and update software both extends the lifespan of current equipment and reduces costs.

Human Error Can Expose Patient Data

On the data privacy side of things, recent research from the JAMA found that most breaches in medical settings were triggered by unauthorized disclosures or employee error. When multiple shift doctors, nurses, and specialists need to be able to quickly and easily access sensitive employee data, it increases the odds of one person making a mistake that could leave this data vulnerable.

The Biggest Cybersecurity Threats to be Concerned About in 2020

Ultimate Guide to Cybersecurity in the Healthcare Industry
There are a few threats that healthcare providers should be particularly concerned about in 2020. If you are unsure what steps you can take to improve your organization’s cybersecurity posture, please speak to your MSSP (Managed Security Services Provider).

Ransomware

Ransomware was a huge problem in 2019, particularly for healthcare providers, and it is likely only going to get worse. Unlike some other businesses, healthcare providers aren’t able to pause operations to try and get their files unencrypted to avoid paying the ransom. And while some businesses can carry on even if they are unable to recover a few encrypted files, sometimes even a single unrecoverable file, such as a patient’s electronic file or test results, can have disastrous consequences for the health and wellbeing of patients.

Unsecured Medical Devices

Businesses in a variety of industries, including the healthcare industry, have enthusiastically adopted a wide variety of Internet of Things (IoT) devices. In fact, some reports speculate that from 2019 and 2024, we will see a combined annual growth rate of 27.6% for healthcare IoT devices.
However, in 2019 the FDA warned that a cybersecurity firm had identified 11 vulnerabilities that could allow hackers to control medical devices remotely. That report has likely prompted many healthcare providers to take a closer look at their current cybersecurity postures. Hopefully, that focus will continue in 2020 so that these and other vulnerabilities can be addressed.

Unsecured Electronic Health Records

Electronic health records have made it significantly easier for both healthcare professionals and facilities to access patient files, though this system does come with special cybersecurity considerations.
Though there are already privacy laws in place to safeguard sensitive patient data, these laws were mostly written with people in mind, not software. That means that many of these systems remain vulnerable to exploitation by cybercriminals, since the software that many of these systems run on or interface with may have been written in a time before the IoT. Depending on when the software was written, the company may not be around to issue software updates and patches, and even if they are, the software may not be compatible with many necessary cybersecurity updates.
Hopefully, findings like the FDA report mentioned above will encourage the companies that design electronic health record systems to evaluate their software critically so that it can be modified to better safeguard patient data.

How Can Healthcare Organizations Improve their Cybersecurity Posture?

Every organization is different and has slightly different cybersecurity needs. As such, the first thing any organization should do is sit down with their MSSP to identify their cybersecurity needs and create robust yet flexible cybersecurity protocols.
Organizations should also work with their healthcare-focused MSSPs to identify credible threats and create tailored response plans to address those threats. These response plans should be designed to minimize or even eliminate damage to critical systems and help safeguard both vital infrastructure and sensitive data.
To help you get started, please review our blog post Cyber Hygiene 101: Basic Steps to Keep Your Company Secure.

Cybersecurity for the Manufacturing Industry, What You Need to Know Now

The number of cyberattacks continues to rise every year, and industries that have traditionally been insulated are now more likely to be targeted than they were in the past. As smaller manufacturers aim to stay competitive, many are moving away from analog processes and going digital. While this can be a great way to increase productivity, it can also leave unprepared businesses vulnerable to cyberattacks.
Fortunately, there are a few things businesses can do to help improve their cybersecurity posture. This can include working with experts to evaluate their current defenses, addressing potential vulnerabilities, and investing in employee training.

Is the Manufacturing Industry at Risk?

According to the United States Department of Homeland Security, based on the number of reported cyber attacks, the manufacturing industry is the second most frequently targeted industry in the United States.

Why is the Manufacturing Industry Being Targeted?

Smaller manufacturers are more likely to be targeted than their larger counterparts because cybercriminals often view them as easy entry points into larger manufacturing chains.
Unfortunately, there is still a common perception in the small business community that smaller organizations are too small to be targeted when, in fact, these businesses should be extra vigilant.

What Can I Do to Protect My Business?

Cybersecurity for the Manufacturing Industry, What You Need to Know Now
There are a few steps you can take to improve your current security posture so you can fend off attacks. However, even the best cybersecurity defenses aren’t completely protected from vulnerabilities, so you should also have protocols in place so that all stakeholders (including management and employees) know how to respond if an incident occurs.

Evaluate Your Current Defenses

Before you can improve your current defense systems, you need to know what your current shortcomings are. A full audit can help you catalog your current defenses, but if you really want to figure out where your weak spots are, you may want to consider a pen test.
A pen (penetration) test involves hiring an ethical hacker to stress test your current defenses. They target your current defenses in an effort to break in and take detailed notes about what strategies they tried and how effective they were. Once the test is done, the ethical hacker sits down with you to review their findings and make suggestions.

Address Potential Vulnerabilities

Now that you know where your potential weak spots are, you can take steps to address them. Most small and medium-sized manufacturers don’t have the resources to support full-time in-house cybersecurity teams, which is why more businesses are choosing to outsource their cybersecurity.
By choosing to work with a cybersecurity company, you can enjoy 24/7/365 monitoring and support. Your cybersecurity experts can help you audit your current defenses, address potential vulnerabilities, create robust yet tailored incident response plans, and help with employee training.

Create Robust Incident Response Plans

It’s always good to have a backup plan. When it comes to cybersecurity, you should always have detailed, robust, and flexible incident response plans in place in case of a cybersecurity attack. These plans should cover potential incidents, identify how a potential threat is detected, and make sure every key player understands their role.

Keep Your Software Up to Date

Keeping your software up to date is one of the easiest steps you can take to help safeguard your company’s digital assets. Whenever a software company discovers a bug or vulnerability in their product, they release patches to fix the issue. However, companies can only take advantage of patches if they update their software.
Unpatched software is particularly vulnerable because software companies announce the patches, and the bugs or vulnerabilities they are designed to fix, which means that cybercriminals now know where to focus their hacking efforts.

Keep an Eye Out for Trouble

You can’t adequately protect your digital assets if you don’t know what threats are out there. Managed threat intelligence lets you keep an eye on your entire operation, alerts you to suspicious activities, and confirms threats quickly so they can be addressed.

Invest in Employee Training

Cybersecurity for the Manufacturing Industry, What You Need to Know Now
Even the most robust and well-crafted cybersecurity plan is useless if it can’t be implemented effectively. Employees need to understand why cybersecurity is critical and what role they play in safeguarding the company’s digital assets. New employees should be provided with cybersecurity training as part of their onboarding process, and all employees can benefit from annual refresher training.
You may also want to consider running tabletop scenarios. Tabletop scenarios are similar to fire drills: They allow your team to practice responding to potential threats in a no-stakes environment. The facilitator poses a scenario, and your employees work together to address the situation and minimize or even avoid disruption and damage. Once the scenario is finished, your team sits down and reviews their findings, identifying gaps in your current protocols or employee knowledge so that they can be addressed.

Conclusion

Cybercriminals are increasingly targeting the manufacturing industry, and smaller manufacturers without robust cybersecurity protocols in place are particularly vulnerable. Investing in good cybersecurity is an investment in your business, and MSSP experts are here to help you every step of the way.

How Fear Motivates People to Click on Spam

Fear is one, if not the most, powerful motivators for action. It’s a profoundly primal instinct designed to protect us from harm by searing bad experiences into our memories so that we can avoid them in the future. Spam relies on the instinct of fear to get otherwise rational people to act irrationally. Many data engineers are actually trained on the tactics that scammers use to trick their victim into clicking on malware.

How is Spam Related to Fear?

Spam accounts for 85% of all email sent and received globally on a given day, and refers to any unsolicited and unwanted communication, usually email, that is sent out in bulk. Though most spam aims to sell unproven, ineffective, and possibly dangerous products and services to gullible consumers, a small percentage aims higher.
These spam emails, such as phishing emails or malicious links or attachments, usually utilize fear tactics to gain information related to usernames, passwords, or banking information from unsuspecting readers.

How Does Fear Make Spam Effective?

How Fear Motivates People to Click on Spam
Fear makes us deeply uncomfortable and can override even our most rational instincts. Scammers and other cybercriminals know this, which is why they play on our fears to manipulate us into doing what they want.

How Spam Sparks Fear

Most of us strive to be good, so when even the most rational among us receive an email saying there was a billing error or that we owe unpaid taxes, our fear response kicks in to respond. The same thing happens when we’re told our computer is infected with malicious software, or that we are suspected of being connected to some illegal activity, and the police are on their way to arrest us unless we “click the following link.”
Even seemingly positive spam emails play on our sense of fear of missing out. After all, if we aren’t willing to help a wealthy Nigerian prince gain access to his vast fortune, he will just ask someone else for help, and we will miss out on the generous reward. This holds true for spam emails selling a “miracle cure” since missing out on a “miracle cure” motivates the fear of poor health down the road.
All of these scenarios spark fear of consequences or fear of missing out, priming us to act.

Spam Positions Itself as the Solution

Once the scammer has frightened us, they swoop in and offer a solution. Often it’s something very simple and straightforward, such as clicking a link, downloading a file, or responding to the email with personal information. After all, it’s in the scammers’ best interest to make it as easy as possible for you to hand over your money or personal information.
Once the action is complete, the reader is compromised, and the scammer has all or most of the information they need to harm the reader, either by stealing money from their accounts or using their credentials for nefarious purposes.

The Anatomy of a Spam Email

The Headline

The average spam email follows a fairly predictable format. The headline is usually phrased to invoke a sense of urgency and trigger our fear response (such as “Payment Declined – Immediate Update Required” or “Re: Claim Office”, which makes it look like someone is responding to an email you sent them.) The email headline may also be worded to suggest that the reader is the one in the wrong (such as implying that a payment is past due, or that this is a final payment notice).

The Sender’s Address

The sender’s persona typically falls into one of two broad categories: They are pretending to be someone authoritative that you trust (such as an Apple employee who wants to help rectify your payment problem) or someone you know (like a co-worker who needs some information from you).

The Body of the Email

In the body of the email, the message of fear really takes root. The reader is typically told that something has gone wrong (or that a once-in-a-lifetime opportunity has presented itself) and that they need to take action to either fix the problem or reap the rewards. In the above examples, a declined payment will likely require the reader to input their “correct” or “updated” banking information so that the payment can be processed or their reward can be sent, or provide other personal information.
The scammer may even ask you to help them perpetuate the scam by having you respond to them and forward the email to your contacts. This not only gives them access to your bank account or other personal details but also makes their original email seem more legitimate to your friends or co-workers by having it come from someone they trust.

The Goal of Spam

The goal of most spam is to scare us into acting quickly by instilling a sense of urgency and triggering a fear response. This helps ensure that the reader acts before they have rationally considered the email, and asked themselves important questions such as who sent it, why they are sending it, and what risk they take in responding to the email.

How Can I Protect Myself Against Fear-Motivated Spam?

How Fear Motivates People to Click on Spam
One of the easiest things you can do to help protect yourself from email spam is ensure that you have robust spam filters installed. These filters can prevent the most obvious spam from getting through to you or your employees.
Next, you should always take a close look at the sender. Is this someone you can trust? If you aren’t absolutely sure the sender is trustworthy, then you should reach out to them via a communication channel (such as calling your friend or contacting the company’s support line directly) to verify. This is particularly true for unsolicited emails or emails that are formatted so that they appear to be a response to an email sent by you.
Finally, you should evaluate each email carefully. Look for obvious red flags. These include:

  • Typos in the sender’s address, such as “[email protected] (Note the extra “p” in the domain name). However, DNS spoofing allows scammers to masquerade as legitimate companies, so make sure you look at the whole email address, not just the domain name.
  • The form of address. Does the sender address you by name, or simply call you “customer” or “friend”?
  • Embedded links with strange URLs. To assess a URL, hover over the text without clicking so that you can see the actual address. If the link appears suspicious, enter it into your browser directly instead of clicking on the embedded link. Spam emails often include spoofed links that are designed to look like they originate from reputable sources.
  • Bad spelling, grammatical errors, and typos. This may indicate that the writer has a poor grasp of English, or that the text was translated using a translating app such as Google Translate.
  • Suspicious attachments. If a suspicious email includes attachments, verify why they are there and what they contain when you contact the sender.
  • Offers that sound too bad (or too good) to be true. Apple isn’t going to brick your iPhone over a billing error, and even if that Nigerian prince is real, he has no reason to share his vast fortune with you just because you forwarded his chain email to all your friends and family members.

Spam doesn’t look like it is going anywhere soon, so we need to take steps to safeguard ourselves and our businesses from cybercriminals. Learning to identify spam can help, and remember: when in doubt, don’t click.

COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks)

COVID-19 is changing the way society handles a lot of things, including how we work. As companies rapidly shift to remote workplaces, we can expect there to be a few hiccups along the way. In response to this lack of preparedness, cyber-criminals are increasingly taking advantage of the chaos COVID-19 has caused. Fortunately, there are concrete steps you can take to safeguard your network and digital assets while supporting a remote workforce.

Why Telecommuting, Video Conferencing, & Remote Work Are More Important Than Ever

As companies shut their physical offices and mandate that employees work from home, telecommuting, video conferencing, and remote work are becoming vital tools that businesses need to be able to leverage effectively to stay in business. In some cases, employees who have been told to self-isolate or live in states such as California and Illinois (which have ordered all residents to shelter-in-place), working from home is the only option.
Video conferencing, in particular, has become the lifeblood of many businesses as suddenly far-flung workforces work to stay connected. From important meetings to social situations (such as having lunch as a group), videoconferencing allows businesses to maintain a sense of community and ensure that workers can connect with one another to complete their tasks and achieve their goals.

The Hazards of Remote Work

COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks)
Bad actors may try to take advantage of the chaos that suddenly pivoting to a remote workforce can bring. When employees work from home, they may be using inadequately protected devices or unsecured internet connections. They may also be more likely to share files over the cloud or send attachments over email.
As the number of emails increase, as employees work hard to keep everyone up to date and in the loop, employees may be less likely to catch suspicious emails (such as phishing scams). If they do suspect something is fishy, they may not know how to properly report it now that they can’t just walk over to the IT department.
It doesn’t help that cybercriminals are taking advantage of the COVID-19 pandemic to spread malware, even going so far as to impersonate trusted organizations such as the WHO and the CDC in an attempt to get unsuspecting users to download malicious files or click on dangerous links.

Safeguarding Your Business From Bad Actors

Fortunately, there are several steps you can take to help safeguard your company’s infrastructure and digital assets.

Implement Good Security Protocols

Without the implementation of robust security protocols in place, your chances of detecting, defending against, and mitigating the damages caused by a cybersecurity attack are very slim. By comparison, the way you would mark emergency exits, practice fire drills, and post evacuation plans in prominent locations to safeguard your employees in the event of a fire, you also need to be prepared to confront and deal with cybersecurity attacks quickly and effectively.
You should work with your cybersecurity provider to ensure that your incident response protocols are up to date and review your protocols with your employees. Depending on your organization’s unique cybersecurity needs, you may need to work with your provider to update or adjust your protocols and policies to ensure that they continue to meet your needs as you switch to a remote workforce.

Smart Data Management

As employees work from home, more information is likely to be shared among them using email, instant messaging apps, and the cloud. Smart data management strategies allow you to ensure that private or sensitive company information isn’t able to be shared with unauthorized users, and also helps ensure that employees can access the information they need to complete their work.

Protect Your Devices

COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks)
As workforces leave centralized locations such as offices and disperse to their homes, it is more important than ever to ensure that all of your endpoints are protected.
Depending on your company’s current BYOD (bring your own device policy), you may need to consider what steps you are going to take and insist your employees take, to safeguard digital assets and infrastructure accessed from personal devices. At the very least, employees should ensure they have firewalls installed and that their antivirus software is up to date. You may also want to consider providing employees with secure connections and VPNs.

Secure Connections & VPNs

Secure connections and VPNs (Virtual Private Networks) can allow your employees to access company files and networks securely.

  • Secure connections refer to connections that are encrypted using one or more security protocols to ensure that data flowing between two or more nodes is secure. The purpose of secure connections is to prevent unauthorized third parties from accessing sensitive data and prevent this data from being viewed or altered by unknown parties. To safeguard data, secure connections require users to validate their identity.
  • VPNs, on the other hand, are used to create private networks using public internet connections. VPNs are designed to mask your IP (internet protocol) address, making the user’s online actions virtually untraceable.

Though COVID-19 will, eventually, come to pass, it will likely leave a lasting mark on the world. By making smart investments in your infrastructure and data security now, you can not only safeguard your employees and your company now but help future proof your business.