A recent scam attempt on a BPM client was thwarted thanks to swift action and application of best practices.
October is Cybersecurity Awareness Month, a campaign first launched by the National Cyber Security Alliance and the U.S. Department of Homeland Security in October 2004. And it could not come at a more critical time.
Online reports suggest U.S. companies are expected to endure as many as 100,000 ransomware attacks in 2021, each demanding an average of $170,000.1 Still, many business leaders remain unaware that the parties behind these scams are no longer individuals in their basement or overseas trying to scam consumers out of our money. Today’s cybersecurity criminals conduct their scams like a business, often with teams of programmers or call centers as well as a complex network of individuals that they leverage to transport money or stolen goods while masking their identity.
A Case Study in Phishing
It was in the context of this evolving cybersecurity environment that a BPM Tax client recently received a suspicious-looking email asking them to send money to a supposed BPM account. Luckily, the client observed that something was fishy about the message and called their BPM Advisor, who confirmed the account was fake and that the email was a scam attempt. After a thorough investigation, it was apparent the client had been the subject of an attempted phishing scam. The term “phishing” refers to a common cyberattack strategy whereby the hacker spoofs a call, email or other message to make it appear to come from an authentic source.
How to Avoid Getting Scammed Online
With this recent attack purporting to come from a BPM representative, we are sharing the following best practices with our clients and friends of the Firm to help protect yourself, your customers and your assets:
1. Be sensitive with regard to email communication dealing with financial transactions.
For instance: Do not accept last-minute changes to money transfers. This is an indication you may be the subject of a classic hacker scam.
While most companies have relatively advanced security protocols in place to prevent their email system from being hacked into, individuals are not typically as vigilant. Hackers can take advantage of this hole in your security net by purchasing credentials on the dark web and then trying them out on your business’ systems, particularly your email. Once in, they will wait and monitor your email communication until they see an opportunity. Often, what they are looking for is a request for money.
2. To add more protection to your email account, enable multifactor authentication for your account.
This second factor can be either a text message or a code generated by an authenticator app installed on your phone.
3. Consider using a password manager.
A password manager is an application that will allow you to save your password in one central location. More importantly, it will automatically generate a random password for each set of credentials and then save them within its system. This means you do not have to memorize an ever-growing number of passwords or take the risky approach of re-using passwords from system to system.
4. Use a unique password for each app or website you create an account with.
This is one of the few security measures that you have complete control over. In general, you cannot control the security of each and every app or website you use. Hackers will take advantage of this, breaking into weaker online systems, stealing the username and passwords they find, and then putting them up for sale on the dark web for other hackers to use on whatever business they are trying to break into. If you use a password manager, however, you can ensure that each password is unique — so even if one does get compromised, the problem is much more manageable. Just throw that password away and generate a new one and you are all set.
When using a password manager, make sure you enable multifactor authentication on your password app.
Discover Comprehensive IT Security Solutions From BPM
Let our professionals be your eyes and ears against the bad guys. Our IT Advisors bring decades of experience serving companies of all sizes. Whether itis our Security Operations Center, comprehensive penetration testing support, or general IT assistance you need, we are here to help you transform your business while ensuring you stay prepared for the unexpected.
Stay Informed With BPM Educational Content
Register for our next cybersecurity webinar, “Top Cybersecurity Threats Facing Nonprofits,” hosted by BPM’s Information Security Assessment Services Leader David Trepp, now. Or view our back catalogue of cybersecurity thought leadership, webinars and other educational content on the BPM website.
Additionally, stay tuned for a formal announcement of our Q1 2022 cybersecurity webinar, in which leaders from our IT Security Advisory, Managed IT, and Information Security Assessment Services practices will host a collaborative demo detailing just how easy it could be for someone to take over your network.