Phishing attacks are the most common cybercrime attack for one reason…they work. Every day, over 3.4 billion spam e-mails reach unsuspecting users' inboxes. Phishing e-mails have held the top spot as the most frequent form of attack for years because they're easy to implement, easy to scale and continue to fool people. AI tools like ChatGPT are now making it even easier for cybercriminals to create e-mails that look and sound like they're coming from humans instead of bots and scammers. If you're not careful, the effects of phishing scams can be detrimental. Since it's Cybersecurity Awareness Month and phishing e-mails are one of the top causes of attacks, we created this simple guide to help you and your team successfully identify phishing e-mails and understand why it's so important to do so. What can happen? Here are 4 significant dangers associated with phishing attacks: 1. Data Breaches Phishing attacks can expose your organization's sensitive information to cybercriminals. Once your data is exposed, hackers can sell it on the dark web or hold it for ransom, demanding thousands, millions or even more for its return - and they likely won't return it anyway. This can result in financial and legal repercussions, damage to your reputation and loss of customer trust. 2. Financial Loss Cybercriminals often use phishing e-mails to steal money directly from businesses. Whether it's through fraudulent invoices or unauthorized transactions, falling victim to phishing can have a direct impact on your bottom line. 3. Malware Infections Phishing e-mails can contain malicious attachments or links that, when clicked, can infect your systems with malware. This can disrupt your operations, lead to data loss and require costly remediation efforts. 4. Compromised Accounts When employees fall for phishing scams, their accounts can be compromised. Attackers can then use these accounts to launch further attacks or gain unauthorized access to sensitive company data. And the list goes on. However, there are actions you can take to prevent becoming the next victim of a phishing attack. Here is the S.E.C.U.R.E. Method you and your employees can use to help identify phishing e-mails S - Start With The Subject Line: Is it odd? (e.g., "FWD: FWD: FWD: review immediately") E - Examine The E-mail Address: Do you recognize the person? Is the e-mail address unusual? (e.g., spelled differently) or unknown (not the one they usually send from)? C - Consider The Greeting: Is the salutation unusual or generic? (e.g., "Hello Ma'am!") U - Unpack The Message: Is there extreme urgency to get you to click a link or download an attachment or act on a too-good-to-be-true offer? R - Review For Errors: Are there grammatical mistakes or odd misspellings? E - Evaluate Links And Attachments: Hover over links before you click them to check the address, and do not open attachments from anyone you don't know or weren't expecting to receive mail from. It's also important to have a cybersecurity expert monitor your network and eliminate e-mail spam before your employees can make a mistake. Make sure you're taking proper precautions to protect your network. These phishing attacks work and happen all the time. We don't want YOU to be the next victim. If you need help training your team on cybersecurity best practices or implementing a robust cybersecurity system, or just want a second set of eyes to examine what you currently have in place and assess if there are any vulnerabilities, we are ready to help. Call us at (207) 300-2300 or click here to book a call with our team.
National Public Data confirmed in September 2024 that a hacker has compromised the personal records of millions of individuals. The information exposed includes the names, e-mail addresses, mailing addresses, phone numbers and even Social Security numbers of up to 2.9 billion people. Here's what you need to know. What happened? National Public Data, a consumer data broker that specializes in providing criminal records, background checks and other forms of data to private investigators, consumer public record sites, human resources, staffing agencies, the government and more, was hacked. The incident is believed to have started in December 2023 when a third-party bad actor attempted to gain access. In April, a cybercriminal named "USDoD" posted the stolen data online in a popular criminal community. On August 6, the stolen dataset resurfaced, this time posted for free to several breach forums for anyone to access and download. The sensitive, personally identifiable information released included names, addresses, phone numbers, e-mail addresses and Social Security numbers for millions of people, some of whom are deceased. The data also contained previous addresses and, in some instances, alternate names. The official data breach notice that was filed in Maine indicated that 1.3 million records may have been breached; however, some lawsuits are suggesting as many as 2.9 billion records have been exposed. As the investigation continues, many cyber experts are finding that some of the data released was inaccurate, and aside from the Social Security numbers, most of it is already public and easy to find online. So why is this breach dangerous if the information can be found with a quick Google search? There are several reasons to be concerned. Having all this critical information in one place makes it easy for criminals to use the information needed to apply for credit cards and loans or open new bank accounts. The information included, such as childhood street names or the last four digits of your Social Security number, are often answers to security questions and can help hackers bypass authentication and access your private accounts. Some cyber experts are suggesting watching for a surge in phishing and smishing (phishing over SMS) attacks as well. Can you be affected even if you've never heard of National Public Data or purchased data from them? Yes! Just because you haven't interacted with them doesn't mean other organizations, businesses, landlords, etc., haven't leveraged their resources to dig up information on you. What should you do to protect yourself? Step 1: Check to see if your data has been exposed. You can use tools like https://npd.pentester.com/ to find out if your information has been compromised. If so, it's important to take immediate action. Step 2: Request a copy of your credit report and then freeze your credit. One of the best ways to protect your identity is to freeze your credit and set up alerts. This prevents criminals from opening up new lines of credit in your name. To do this, contact all three major credit bureaus - Equifax, TransUnion and Experian - and request a freeze. The process is free and should take you less than 10 minutes per site to complete. If there are others in your house over the age of 18, it's a good idea to freeze their credit too. Anyone with a Social Security number is vulnerable following a breach of this size. Once you have a copy of your free credit report, review it for anything that you didn't authorize. Don't forget to set up alerts and review your credit regularly. Step 3: Watch out for phishing scams. As mentioned, many cybercriminals will try to leverage this information to scam you through phone calls, text messages, e-mails and even social media sites. Be cautious! A data breach is devastating for everyone involved - the business hacked and the customers or employees whose data is leaked. As a business owner, it is your responsibility to make sure you are taking the highest precautions to protect your business and its data. If you want to do a full assessment and find out if any of your information has been leaked or if your network is vulnerable to a breach, we'll do a FREE Security Risk Assessment. This deep dive into your network will provide you with a blueprint for security steps to take. To book yours, call our office at (207) 300-2300 or click here .
Spooky season is here and you can finally feel good about buying the Halloween candy that has been on the shelves since July 5 th . It ALSO means the biggest online shopping day of the YEAR is just weeks away: Cyber Monday. Unfortunately, it's also open season for cybercriminals. Now that's scary . Because preparation is the best prevention, we're covering the six most common shopping scams this time of year and how to avoid them. It's Open Season For Shopping Scam Thanks to cybercriminals, what should be a season of festive shopping is now dangerous for consumers. According to the Federal Trade Commission, shopping scams were the second-worst type of scam in the US in 2023. And online scams are at their worst during the holidays. According to TransUnion's 2022 Global Digital Fraud Trends report, there was a 127% increase in daily fraud attempts between November 24 and 28 compared to January 1 through November 23. Due to the high volume of shopping activity during the holiday season, cybercriminals don't have to work hard to find potential victims. But it's not simply volume that contributes to the rise in attacks; consumers take more risks during the holiday season. According to Norton's 2022 Cyber Safety Insights Report, nearly one in three adults (32%) worldwide admitted to taking more risks with online shopping closer to the holidays. Last-minute shopping pressure or excitement around scoring big deals results in common mistakes, including clicking on unverified links, using public WiFi for transactions and ignoring website security red flags. Cybercriminals expect shoppers to make mistakes, and they have tried-and-true tactics for stealing your money. Watch out for these six scams that appear this time of year, and protect yourself this holiday season. 6 Common Scams During Black Friday And Cyber Monday And How to Avoid Them 1. Fake Coupons: Scammers distribute fake coupons promising steep discounts. These coupons are often shared via e-mail, social media and fake websites designed to mimic legitimate retailers. Remember: if it feels too good to be true, it probably is. How to avoid: Always verify a coupon by checking the retailer's official website or app, and avoid clicking on links in unsolicited e-mails. 2. Phony Websites: To steal personal information, fake websites mimic legitimate online stores using similar logos, branding and URLs that are only slightly different from the official sites. How to avoid: Check for secure website indicators such as HTTPS and a padlock icon in the address bar. Read reviews and quickly search the website's legitimacy before making any purchases. Pay attention to the URL for any unusual characters or misspellings. 3. Fake Delivery And Nondelivery Scams: Scammers send fake delivery notifications or claim a package is undeliverable to trick you into providing personal information. How to avoid: Track orders directly through the retailer's website or app. Avoid clicking on links in suspicious messages, and be cautious of unsolicited delivery notifications. 4. Fake "Order Issue" Scams: E-mails claiming a problem with your order and asking for personal details are common. These messages often look like they come from well-known retailers. How to avoid: Contact customer service directly through the retailer's official channels to verify any issues, and avoid providing personal details through links in unsolicited messages. 5. Account Verification Scams: Scammers send e-mails or texts asking you to verify your account information. These messages often include links to fake login pages. How to avoid: Never provide personal details through links in unsolicited messages; instead, log in directly to your account through the official website. 6. Gift Card Scams: Scammers offer discounted gift cards or request payment via gift cards. Once the card numbers are provided, the scammer uses the balance, leaving the victim with a worthless card. How to avoid: Purchase gift cards directly from reputable retailers and never use them as a form of payment to unknown individuals. Avoid Scams And Create A Safer Shopping Experience Nothing will kill the holiday shopping spirit like $1,000 worth of fraudulent charges on your credit card or gifts from phony sites that never arrive. Cybercriminals take advantage of the festive shopping rush, and consumers' tendency to take more risks during this time only amplifies the danger. By verifying sources, checking website security and avoiding unsolicited links, you can enjoy a safer shopping experience this season!