Ukraine-Related Cyber Scams Target Home Users In Wilkes Barre & Scranton
Experts anticipate a series of Russia-Ukraine war scams to hit personal and professional targets in the coming months. Discover how to better defend yourself and your Wilkes Barre or Scranton business below.
Since Russia invaded Ukraine, cyber warfare has been on the rise.
That’s why our very own Michael Pickreign recently appeared on WNEP to share a few critical tips for securing your home workspace against Russian cyber scams and phishing in general.
What Is Phishing?
Phishing is an attack method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites, or include malware as an attachment.
In light of the Russian invasion of Ukraine, hackers are now sending emails related to the war to trick recipients into sharing private information and transferring funds. Scams may ask you to donate to the war effort, or sign a petition—but in reality, they will just make you a victim.
Why Is Phishing Dangerous?
First of all, it’s prevalent. At the start of last year, Google had registered 2,145,013 phishing sites, a drastic increase from 1,690,000 the year before.
“In the last 18 months, the threat level has risen so dramatically,” says Michael.
Furthermore, the average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents is that you get desensitized to the whole thing.
Lastly, the fact is that Wilkes Barre and Scranton businesses aren’t learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years, and by 47% in the first quarter of 2021 alone.
“This is the new organized crime of our generation,” says Michael.
How To Identify A Phishing Email
Before even taking a look at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big name company—but talk is cheap. It’s much more difficult to spoof an actual domain name, and so it’s more common to see domains that are closer, but not 100% correct. If it seems fishy, it probably is.
Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
Spelling and Grammar
Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer”—this allows them to use the same email for multiple targets in a mass attack.
Urgent and Threatening
If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.
What’s The #1 Way To Protect Against Phishing?
Cybersecurity Training is by far the most effective way to defend your organization from phishing. This method recognizes how important the user is in your cybersecurity efforts.
A comprehensive cybersecurity training curriculum will train users to ask important questions about each and every email they receive:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
- Does anything seem “off” about this email, its contents or sender?
The right training services will offer exercises, interactive programs, and even simulated phishing attacks to test your staff on a number of key areas:
- How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
- How to use business technology without exposing data and other assets to external threats by accident.
- How to respond when you suspect that an attack is occurring or has occurred.
Your staff can have a significant effect on your cybersecurity—either they know enough to keep your assets secure, or they don’t, and therefore present a serious threat to your security.
4 More Ways To Boost Your Cybersecurity Right Now
Multi-factor authentication (MFA) is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are.
Make sure you have MFA enabled on every possible account—remote users, email, VPNs, password managers, etc.
Patch & Update Your Systems
Patch management is a simple yet critical part of effective cybersecurity. If a software provider releases a security patch, it’s not something owners and managers can wait to address—it needs to be installed right away to ensure systems aren’t vulnerable to a cybercrime attack.
Make sure to apply patches to your operating systems, web browsers, line of business apps, and anywhere else they may be available.
Manage Strong Passwords
Don’t let a simple password be the reason your Wilkes Barre or Scranton business gets hacked.
It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters.
Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack.
These programs store all of your passwords in one place, which is sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.
4. Backup Your Most Important Files Right Now
Make sure you have at least one full backup of all your data set aside. Update it on at least a daily basis, and perform regular tests to ensure you can access your backup and that it is complete.
Don’t Become A Victim Of The Cyber War
In the end, the key to phishing methodology is that it doesn’t rely on digital security vulnerabilities or cutting edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place.
Michael is the President and owner of tech42 LLC. He has more than 20 years of cross-discipline experience in the information technology industry, and has worked both as a network engineer and software developer. He is a passionate student of the interaction between technology and business and leveraging that knowledge to help tech42’s clients achieve both technology and business success.