This quarter's update on cybersecurity from our in-house IT Security expert, Jamie Williams, looks at why clicking on a link or opening a malicious attachment could seriously ruin your week, month or year…
This is all a little doom and gloom – so I apologise in advance.
So, you’ve clicked on a link by mistake and you now suspect it was malware (malicious). You give IT Support a call; they scan your machine; clean anything they find, and you reset your passwords.
Crisis averted? Unfortunately, that isn’t entirely the end of it…
The attacker now has you labelled a “clicker” or someone they deem more easily susceptible to a cyberattack. They’ll have gained some insight into your email setup from the initial click and have a little more information on you than before.
If they think there could be money to be made, they will then start to profile you. They may search social media, (LinkedIn, Facebook, etc.), your company website and the Internet in general, to gain more information about you. Company websites for example, can contain a treasure trove of information listing who’s who – and key personnel, finance directors and managing directors perhaps, often including their e-mail addresses.
Armed with more information, the hackers will try you again and again…and this is what could happen.
1. The attacks will often become far more sophisticated.
You may get e-mails claiming to be from your Managing Director requesting payment if the hackers know you are in the Accounts department for example, or they’ll use you as a gateway to try and gain access to someone higher up in your business, or they’ll simply try and gain access and send a blanket e-mail campaign to all of your contacts to get more credentials for more accounts. The more sophisticated the cyberattacks, the more the e-mails look like they are genuine with only the reply address giving the game away.
We all know our key customers and are familiar with how they send invoices or communication. If you get an invoice from someone, (which perhaps you were expecting), but it looks different from every other invoice they’ve ever sent you – call them and check. Nobody is going to complain that you called to check, as you are protecting them as much as you are your own business. Additionally, if they didn’t send it, you may well have discovered a breach in one of their e-mail accounts and that could potentially save either them or another of their customers from losing money to these scammers.
2. They use your Internet activity to get to you.
Let’s assume there is a photo of you with a new car on Facebook and its set to ‘Public’ – and the attacker has viewed that as well: you might then get e-mails or see adverts posted claiming to have 50% off a main dealer service for your make of car. Your service is due and that sounds great …only it isn’t. (The hacker has basically sent the advert to you and it’s malicious.)
3. You get more Spam
You may notice your Spam levels increase as a result, although this doesn’t always happen at first. This could happen weeks or months later as your e-mail address does the rounds and is shared on databases on the black market along with any other information about you that the attacker has gathered.
4. Your information is shared.
Someone else takes the reigns and will give you a try, (i.e. the attacker has shared your information with another hacker who then decides to use it) and all because of one click that happened weeks or months ago. Filters can struggle if the cyberattack is tailored to you and not a blanket approach. Hackers will often use other compromised e-mail accounts to get e-mails through to you.
Fundamentally, the hackers don’t care who they hurt or whether they are taking money off a company or an individual – they only care about making money and therefore given the opportunity, they’ll happily focus on you as an individual.
The whole process of being hacked is frightening and so the key to avoiding becoming a victim of cybercrime is through training – learning how to evade a cyberattack in the first place. There is also, of course, the huge importance of good mail filtering as well, but nothing is a 100% effective and you are the last line of defence between an attacker and your workplace.
Our brand new guide on 11 SIGNS YOUR BUSINESS HAS BEEN HACKED is just one educational cybersecurity tool from our Resources Section that will help you to spot a potential problem - it’s worth reading, digesting and sharing!
Additionally, if you are looking to do some training online, more and more free training content is becoming available which is great to see, such as this government backed and funded video on how to stay safe online - perfect to share with staff: https://www.ncsc.gov.uk/static-assets/training/top-tips-for-staff-web/story_html5.html
Knowing what to look out for, treating everything as suspicious and, if you are not 100% sure, checking with someone before you click something, will all help you avoid a cyberattack. We’re all incredibly busy, but that extra time spent just checking, can save you months of pain in the long run.
Have a good summer and stay safe!