According to the report by Wombat Security, 76% of companies were targeted by phishing one way or another in 2017. Meanwhile, the number of attacks increased by 80% as compared to last year. These include virus propagation, attempts to compromise personal data and steal companies confidential information. Cyber criminals strive to get access to the information in order to use it for blackmail or to steal money. Ruslan Yusufov, Director for Special Projects at Group-IB, spoke of the methods to protect yourself from criminals online at the conference “HR&Finance: Changing Business Together”.
Do Not Open Suspicious Letters
Example: company employees receive an email allegedly sent by HR Director:
“Dear Colleagues, please find attached the bonus information”. This is followed by another message from the same address some time later: “Please, do not open the previous message, it was sent by mistake”. Certain company employees would open the “bonus” email out of curiosity and the computer connected to the common corporate network will get infected.
The virus may be hidden in an ordinary link or in the email received from a phisher posing for a representative of a certain company. Including your own. Always pay attention at the correct spelling of the link or email address. For instance, a hacker’s address may contain similar symbols that look alike or have a single letter that differs from the corporate address of the company that was supposed to send the email. I guess there is no need to recall the story of the cryptoware that infected over 100 companies̆ across the world within two hours after the launch of the attack.
Another example: this May, Group-IB identified a targeted attack on the banks by notorious Cobalt group. The employees of the company that was attacked received an email
from the European Central Bank containing a link to the document in .doc format allegedly describing financial risks. In order to download the letter, the recipients had to follow the link that would infect the employee’s computer. The phishers targeted bank employees in Russia and CIS countries and admittedly, employees of financial institutions abroad. The hackers’ objective was to get access to the banks’ internal systems (card processing, ATM control systems or Bank of
Russia Client’s Computer Workstations), secure control over these systems, and syphon off the money.
Protect Your Smartphones
Oftentimes, our smartphone knows more about us than we think it does. It stores the information that we would not even remember. For example, a forwarded image of your girl-friend’s bank card (needed an urgent transfer), a password for the corporate social media hastily recorded by an employee (sent it while on vacation), and any other data. All this apart from the things you definitely know since you use a mobile banking system and most probably, more than just one system.
Every app or service must have a unique password and the password for a different app or services should never be the same. Use complicated passwords that contain letters in different cases, numbers, and special symbols. Let me repeat it again: use different passwords for social media, email clients, and user accounts. Otherwise, if criminals get access to a single user account, they will get them all.
It is just enough to recall the situation when the accounts of popular online stores’ loyalty programme participants, payment systems, and betting companies were hacked. Overall, dozens of companies were hit by phishers, including such companies as Ulmart, Biglion, Kupikupon, PayPal, and many others. A total of about 700,000 user accounts were compromised and 2,000 of them were offered for sale by the hackers at a price from $5 per account. It turned out that criminals were collecting compromised user data from a variety of online services on hacker forums and used special software for an automated search of passwords for user accounts on the online store’s website.
Cyber criminals benefited from the fact that many web visitors use the same login\password combination for multiple resources. If the logins and passwords worked at the website of the store under attack, the user account would get hacked. The criminals checked the bonus balance and sold the compromised user accounts at a price from $5 per account or 20-30% of the nominal account balance at hacker forums. Subsequently, the “buyers” used them to pay with bonuses.
Two-factor authentication is yet another powerful method to protect against cyber threats. If you use an iPhone, make sure that you turned on two-factor authentication on Apple ID. It is the user account that is usually hacked in order to download a copy of your phone and get access to all personal data and passwords of yours, including bank cards if you use e-wallets.
Android is equally vulnerable: 348,600,000 rubles were stolen using Android-Trojans just over the last year. This is 471% more compared to last year.
Try not to use public Wi-Fi, as it represents yet another tool to access your data.
Reinstall the Router Firmware
In order to do that, access the router in the browser (enter the login and password, most probably, they are the original admin/password, it is unlikely that you changed it), log in, and update. Why would you need to do that? You can go to website and learn about everything Shadow Brokers group stole from the U.S. intelligence services using this method. The U.S. intelligence’s special viruses and programmes became public and two months later, we learned about Wannacry – a malicious racketeer software infecting computers operated by Microsoft Windows. Why did Shadow Brokers publish these data? This was their promotion: look how much we have stolen, we have already publicised a part of it and we are intending to sell the rest.
Attend to Others as Well
Monitor your family members’ presence in the Internet. Remember: whatever gets online, will stay there. This concerns your pictures, statements, comments, etc. Definitely explain to your family members how important it is to control everything they do online. Your acquaintances’ or family members’ online activities may also affect your own reputation, while your family computer, or rather your personal information on this computer, may be used by criminals to squeeze money.
Subscribe to our publications
We write only about the most important. You will be the first to know about economic events that affect your business, how to reduce costs, optimize the company's operations and make the right management decisions without immersion in operational processes.
Subscribed
