8 MINUTE READ
Cybersecurity Scams Targeting Small Businesses in 2022
With the rise in cyberattacks in recent history, many businesses are wondering what to look out for in the coming year. In 2019, most businesses transitioned to a fully-remote or hybrid working model, putting their systems at an even higher risk for cyber attacks. As of 2022, remote or hybrid models are the new normal for many in a world where cyber security issues are getting harder and harder to detect. There is an overwhelming amount of information available on what to look out for and ways to avoid a security breach. Our goal with this article is to simplify the top cybersecurity scams for small businesses in 2022 and provide proactive steps and key warning signs.
______________________________________
SKIP THE LINE:
1. Account Security Re-Authentication
2. Phishing Links
3. Account Takeover Attacks
4. Data Breach
______________________________________
1. Account Security Re-Authentication/Password Expiration
One of the most common trends in email phishing has been account re-authentication requests. Be very wary of these types of emails. Always ask yourself if it is something that you specifically requested. In the examples below, the user was prompted to click the link to reset their Microsoft password. There are a few key indicators that this email is suspicious. For example, Microsoft is typically connected to business computer logins for users and there will not be an email to reset your password. It will instead come in the form of a pop-up notification on the lock screen or desktop. Additional red flags to look out for include:
- Unknown Email Domains
- Note: If you are viewing an email on a mobile device, always check the sender’s email address and do not rely on the name of the sender.
- Spelling Errors
- Unrequested Password Resets
- Suspicious Links
- Note: Always check links by hovering over them, do not click them until you verify.
- Sense of Urgency Requests
2. Phishing Links
Another example of email phishing is a “document” sent by someone within your network that has been hacked. These can be tricky to spot, as they typically come through as legitimate email domains. The best course of action before clicking on any links is to call the sender to confirm that the document has been sent by them directly. Below, we have indicated a few key warning signs within an example email. Keep in mind, these emails can be formatted for your specific industry. For example, a construction company personnel’s email can be hacked and all of their contacts can be sent an email with a link to a “Request for Proposal”. This type of document is standard from the company, therefore harder to identify as spam.
Key Warning Signs:
- “Secure” Email or Link Identifiers
- Sense of Urgency Indicators (ex. “**NEEDS FINAL REVIEW**”)
- Spelling and Grammatical Errors (ex. “One Drive” instead of “OneDrive“)
- Links – Always verify by hovering your mouse over them, do NOT click until it is verified and examined closely.
- Sender Changes within Body of Email (ex. “sent to you by Marti Bannwarth”, but Marti Bannwarth was not the sender of the email)
If you ever have questions about a suspicious email, send it directly to your IT provider. Do not pass go. Do not collect $200… you get the point.
3. Account Takeover Attacks
Account Takeover (ATO) is the malicious takeover of an account by a hostile hacker. This style of fraud has been growing over the last few years, especially for small to medium size e-commerce businesses. Under most circumstances, these hackers pose as one of your current buyers with the intention of making unauthorized transactions. These attacks can cause mistrust for customers and result in a decrease in sales long-term. There is also a possibility of the hacker gaining access to the sensitive data saved within your site. To reduce the risk of this threat, we always recommend that a business implements two-factor authentication.
Related Article: 3 Steps to Help Secure Your Systems Amid Worldwide Cyber Threats
4. Data Breaches
The average cost of a data breach for small to medium size businesses with <500 employees is $2.98M. Although it can vary greatly based on the size of the business and security breach scope, almost $3M is no small sum to gamble with. Unfortunately, many businesses are seeing this affect their operations in today’s digital world. The first line of defense is a good offense. A strong cybersecurity team, whether in-house or through a managed service partner, is the best way to keep the hackers at bay. Ensure that all systems are secure by putting steps in place for all cloud systems, regular monitoring, and endpoint security protection.
CONCLUSION
The moral of the story? If you see something that looks suspicious, report it to your IT manager and do not click on anything. Even if it is a legitimate link, safe is better than sorry when it comes to the potential for millions of dollars in losses. Antivirus, Firewalls, and well-maintained technology are not a replacement for good cybersecurity training within your organization. Looking to train your team on the latest cybersecurity practices? Let the experts at Ford Office Technologies give you a hand at 1-800-633-3673 or by emailing info@fordtech.com
