X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

common scams

The risks organizations face from cyber threats are at epidemic levels.  The threats are sophisticated, attack your weakest links (your employees) and are continuing to evolve at an alarming rate.  Here are some of the most effective cyber scams EDTS Cyber sees facing organizations today. 

Email Account Compromise:

Email account compromise is on the rise, primarily because of the ubiquitous nature of email communication and the volume of sensitive information that continues to be shared within.  From new account credentials to money transfer information, email is an easy target for hackers.  Account compromise typically happens when an employee is tricked into providing credentials through a malicious link, or an attachment that installs a keylogger (malware that steals your credentials).

Once the bad actors have your credentials, we are seeing them access your email account and set up rules to forward and/or delete your incoming email.  They immediately start spamming your contacts with a similar malicious email to steal their credentials.

Not only are you compromising any confidential/private email in your inbox, but you are also jeopardizing your friends, family and business contacts . . . and made to look foolish at the same time.

In cases where the account compromised belongs to an administrator, the bad actors will attempt to hijack your network, email server and/or your cloud tenant.  These extreme cases cause much more severe business interruption when the bad actors change all of your passwords, lock out your employees and use your resources for their own gain.

Lay in Wait:

Closely following email account compromise are attacks where the bad actors realize you are a valuable target.  In several cases, we have seen accounting, financial and legal organizations are the victim of financial fraud when a bad actor compromised an account, noticed the nature of the business, and then simply wait for the right time to pounce. 

As soon as an employee communicates financial transaction information (by email), the bad actor intercepts the email, substitutes their own financial information, and intercepts the transaction. 

Drive-By Downloads:

Several vulnerabilities exist that are associated with internet browsers involving unsafe plug-ins to saved passwords, allowing malicious sites to cull information and/or inject malware onto your systems.  These vulnerabilities, when paired with loose (to nonexistent) web browsing restrictions in your office, allow bad actors to take advantage of your weakest link, your employees.

Unsafe Mobile Practices:

Given the ubiquitous nature of mobile devices and the wealth of information stored on them, it should be no surprise that they are prime targets for bad actors to steal your information.  From malicious apps that allow unrestricted control of your mobile device to unsecured data and devices to unsafe wireless habits, mobile devices are an easy target.

Most users are unaware of the ease in which a bad actor can set up “free” wireless networks that watch every byte of traffic that passes over it.  Any credentials, private information or corporate secrets are instantly exposed without the user suspecting a thing.

Phishing:

Phishing continues to be the greatest threat to organizations because it attacks your weakest link - your employees.  Phishing emails have achieved a level of artistry in effectively teasing and taunting our employees to click on a malicious link or open a malicious attachment.  Research confirms the bad actors understand human behavior and know when to catch people off-guard, and which emails are most likely to encourage someone to drop their defenses to execute their malicious payload.

Research also shows that security awareness training programs are effective in modifying user behavior; surprisingly many businesses are still not taking advantage of this low cost, highly effective, risk-reducing measure.

Register for this June 28 webinar on MSSP vs In-House vs MSP !

Delano Collins, CISSP, CISM, CASP, C|EH

About the Author: Delano Collins, CISSP, CISM, CASP, C|EH
A native of Augusta, Georgia, Delano Collins is the Chief Information Officer of EDTS, LLC, a managed IT services, advanced infrastructure, and business continuity solutions and EDTS Cyber, a solutions provider specializing in 24/7 cybersecurity monitoring, audits, assessments, incident response and forensic investigation. Under his leadership, EDTS Cyber was most recently awarded the “Award of Excellence” by SC Cyber.With a background in the banking industry, and more than 25 years of experience in technology, Delano has spent his career specializing in cybersecurity, compliance and network design. Since joining EDTS more than 12 years ago, he has demonstrated a passion for security, innovation and strategic thinking that has helped EDTS remain among America’s preeminent technology solutions provider since 1999.His certifications include being a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker, EC-Council (CEH) and CompTIA Advanced Security Practitioner. Passionate about the need for cybersecurity awareness and education within the business community, Delano has published articles in CIOReview and Business Solutions, and serves on two Technology Advisory Boards for area schools.
Read more posts from Delano Collins, CISSP, CISM, CASP, C|EH ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL