Cybercrime – How You Can Protect Your Business Now
At SiDCOR, it is important to us that we help small to medium businesses grow into their potential – to do this they need to be protected. Recently there has been some cybercrime activity that has impacted a few of our clients or their networks.
We have identified two of the most common types of scamming that could impact your business, identity theft and phishing:
1. Identity Theft
Identity theft occurs mostly through ‘hacking’ where the scammer gains access to your information by exploiting security weaknesses on your computer, mobile device or network.
How does this work?
Hacking and Identify theft can happen in many ways:
- Payment redirection scams – if you are a business, a scammer posing as one of your regular suppliers will tell you that their banking details have changed. They will provide you with a new bank account number and ask that all future payments are processed accordingly.
- Exploiting security weaknesses – weaknesses can include reused and easily guessed passwords, out of date anti-virus software, and unsecured Wi-Fi and Bluetooth connections.
- Once the security weaknesses have been identified they can hack into your computer through methods such as viruses, spyware, ransomware and Wi-Fi eavesdropping.
Once scammers have hacked your computer or mobile device they can access your personal information, change your passwords, and restrict access to your system. They will use the information they obtain to commit fraudulent activities, such as identity theft or they could obtain direct access to your banking and credit card details.
They can also pretend to be you sending emails to your staff, customers or clients asking them to transfer funds or requesting further details.
How can you protect yourself?
- Change passwords regularly and choose passwords that would be difficult for others to guess.
- Don’t use the same password for every account and don’t share them with anyone.
- Secure your networks and devices with anti-virus software and a good firewall.
- Avoid using public computers or Wi-Fi Hotspots to access or provide personal information.
- Implement a two-step verification process in your business. When anyone is asked to provide personal details or transfer money by email they must provide the information and verify the request over the phone with the person who has sent the email. This way you know it is authentic.
What is it?
Attempts by scammers to trick you into giving out personal information such as your bank account numbers, usernames, passwords and credit card numbers.
How does this work?
A scammer contacts you pretending to be from a legitimate business such as a bank, telephone or internet service provider. You may be contacted by email, social media, phone call, or text message. He/she then asks you to provide or confirm your personal details. Here are some examples the scammer might use to illicit your information:
- say that the bank or organisation is verifying customer records due to a technical error that wiped out customer data.
- ask you to fill out a customer survey and offer a prize for participating.
- alert you to 'suspicious activity on your account'. You might be told that a large purchase has been made in a foreign country and asked if you authorised the payment. If you reply that you didn't, the scammer will ask you to confirm your credit card or bank details so the 'bank' can investigate. In some cases, the scammer may already have your credit card number and ask you to confirm your identity by quoting the 3 or 4-digit security code printed on the card.
Phishing messages are designed to look genuine, and often copy the format used by the organisation the scammer is pretending to represent, including their branding and logo.
If you provide the scammer with your details online or over the phone, they will use them to carry out fraudulent activities, such as using your credit cards and stealing your money. Some of the companies that they pretend to represent include Apple, Telstra, Australia Post and any of the major banks.
How can you protect yourself?
- Do not click on any links or open attachments from emails claiming to be from your bank or another trusted organisation and asking you to update or verify your details – just press delete.
- Do an internet search using the names or exact wording of the email or message to check for any references to a scam – many scams can be identified this way.
- Look for the secure symbol. Secure websites can be identified by the use of 'https:' rather than 'http:' at the start of the internet address, or a closed padlock or unbroken key icon at the bottom right corner of your browser window.
Never provide your personal, credit card or online account details if you receive a call claiming to be from your bank or any other company. Instead, ask for their name and contact number and make an independent check with the organisation in question before calling back.
Want to read more insights from SiDCOR? Click here.