Arming yourself starts with knowing what to look for. Here are the most common forms of cyberthreats:
Social engineering fools people into sharing personal information with someone they believe is a known, trusted individual. These attacks may be made through any person-to-person channel emails, texts, instant messages, social media messages, and phone calls. Often, they are the bearer of, or the precursor to, another attack vector. Common forms of social engineering attacks include:
- Phishing — an attack designed to steal user data, such as login credentials or account information. This may be via email, instant message, text message, social media, or phone, and can appear to be from a friend, colleague, supplier, or other legitimate source.
- Business email compromise (BEC) — a form of phishing in which an email appears to come from a trusted source such as a regular supplier, attempting to convince an employee who has access to company funds and to transfer money into a bank account controlled by the attacker. This may appear to be an overdue invoice with a request for urgent payment to the “updated” account number listed on the invoice.
- Phone call scams — often reliant on scare tactics, these calls try to finagle personal information or money out of the victim. For example, a phone call purporting to be from Microsoft, saying there is a problem with your computer and asking you to give the help desk representative remote access. Or a call saying that your grandchild is in jail and you need to provide your bank account details to wire money for bail.
Ransomware attacks block users from accessing company systems, holding data hostage until a ransom is paid. The attack is made via malware, which encrypts the victim’s files so that only the attacker has access. This malware is typically delivered via a phishing attack, as a link within an email, text message, or IM which, when clicked, infects the victim’s computer or phone.
Corporate account takeover involves an attacker stealing employees’ business login credentials to break into the company’s bank account. Once in, they can initiate fraudulent transactions such as ACH or wire transfers, into accounts specifically set up for this purpose and then typically closed immediately afterwards, before the fraudulent activity is discovered.