Blog


← Back to BLOG

03
Sep
2020
Cybercriminals Take Advantage of Holidays Such as Labor Day

Cybercriminals Take Advantage of Holidays Such as Labor Day

Posted by Patrice

A phishing scam fools people into handing over sensitive information such as account numbers, passwords, pin numbers, birthdates, SSN’s, email addresses, etc., and other information that will enable them to access your information. The scammer will use the exact same logos, phone numbers, even account numbers that appear on statements or bills to lure you in. The key to avoiding them is awareness. 

Vishing is the phone's version of email phishing and uses automated voice messages to steal confidential information. The term is a combination of "voice" and "phishing."

Scammers are sneaky, intelligent, and will exhaustively research their target

Prior to the pandemic voice phishing, or “vishing,” scams were largely targeted at vulnerable individuals and/or via personal attacks, such as a phone call seeking bank or credit card account information for a “compromised” account, calls from the “IRS” to verify an individual’s Social Security number, or targeted Medicare and Social Security scams.  But now, vishing scams have evolved into coordinated and sophisticated campaigns aimed at obtaining a company’s confidential, proprietary and trade secret information through the company’s virtual private network (“VPN”) with the help of the company’s own employees.  VPNs are widely used in the remote work environment and intended to be a secure platform for remote employees to log into their company’s network from home.

Scammers are sneaky, intelligent, and will exhaustively research their target to get the information they need to pull off the scam.  They use different ways to identify their target such as stalking their virtual social media presence.  From an individual’s various social media profiles, the attackers can learn the employee’s name, location, place of work, position, duration at the company, and sometimes even the employee’s home address.

Next, the criminal will register a domain name, create some phishing webpages and duplicate the look of the company’s VPN login page.  They also have the sophistication of capturing two-factor authentication or one-time passwords, mirroring the company’s own security protocols.

Then, an attacker contacts an employee on his or her personal cell phone and poses as an internal IT professional or help desk employee with a security concern.  They gain the trust of the employee by leveraging the information compiled on that employee in the research phase and convinces them to login into a new VPN link to address a security issue or other IT need. 

And Just Like that!

The attacker sends the unsuspecting employee a link to the fake VPN page, which looks just like the company’s own VPN login site.  The employee inputs his or her username and password into the domain and clicks the login link.  If applicable, the employee also completes the two-factor authentication or one-time password request.  Now the attacker has the employee’s entire suite of credentials and is capable of accessing the company’s databases, records and files to obtain information to leverage against the company for ransom or even in other cyberattacks. As a result, the company’s confidential, proprietary and trade secret information is up for grabs which leads to potentially significant liabilty and security breaches.

Phishing attacks on your business can bring you fines from regulatory bodies like the Health Insurance Portability and Accountability Act (HIPAA) or the Payment Card Industry Data Security Standard (PCI DSS). Investigating the incident and providing compensation to victims of stolen data can run into the millions and can have an impact on the following:

Reputation

Brands are built on trust. The publicity surrounding a serious breach can tarnish a brand. It will change the perception of the brand into one that is untrustworthy for employees, partners, and customers.

Your brand is the foundation of your company’s market capitalization. A phishing attack’s negative effects on your brand can sabotage hundreds of millions in market capitalization.

Intellectual Property

Intellectual property theft is no less devastating. Phishing can compromise trade secrets, research, customer lists, recipes, and formulas. For firms in manufacturing, food, technology, or pharmaceuticals, a single stolen design or patent amounts to millions in wasted research investment.

How to avoid falling into this mess

Companies should continue to engage and train employees on proper network usage, security concerns, and when to call a secure IT number.  Your employees should attend ongoing training as cybercriminals will continue to take advantage of employees.  Companies should regularly remind employees to be suspicious of any request for their logins and credentials (or other personal information) and remind employees where to go and whom to contact if they have any security concerns.

Looking for an IT partner that can help train your employees to spot a phishing scam?  Give navitend a call 973.448.0070. 

Contact us at 973.448.0070

CATEGORIES

TAGS

zoom workplace working remotely working from home website voip training technology sophos solutions solution security scam risk remote user remote access remote policy policies phones phone phishing password mobile microsoft 365 microsoft information technology information security information hipaa employee training email data security data cybersecurity cybercriminals cyber security cyber insurance cyber attack cyber covid-19 coronavirus consulting computer compliance community communication cloud business backup

Archives

Testimonials

  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants

  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance

  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary

  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.

  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics

  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas

  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.

  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing

  • navitend’s approach to customer service is greatly appreciated here.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

    Debbie