Know Your Enemy: Common Cybercrimes and How to Avoid Them

Hacker - Malware - Know Your Enemy - Cybercrimes

It is an unfortunate fact that as computer technology evolves, so do threats to user privacy and security. Hackers and cybercriminals are constantly developing new methods to infiltrate computer systems in order to steal data, sabotage businesses, or simply cause chaos. Since staying informed is key to defending your computer system from cyberattacks, TCSP has compiled the following list of different cybercrime methods.

Phishing

Attempting to trick somebody into sharing personal information, usually by impersonating a trusted associate or organization. Cybercriminals engage in phishing in order to obtain access to a victim’s email, bank accounts, and private networks with the goal of committing theft, identity fraud, and even extortion. Common phishing “bait” can take the form of:

  1. An “encrypted” email: You receive an email from a trusted sender (coworker, relative, business partner, friend etc.) that claims to contain sensitive information or asks you to visit a website requesting your email and password.
  2. The promise of a reward: A friend messages you that they “won a $500 credit through SuperBankRewards,” and encourages you to participate by entering your bankingf information.
  3. The threat of a consequence: “Apple has detected illegal activity on your computer, please enter your account information below so we can conduct a thorough investigation.”

Phishing - Know Your Enemy

Common phishing red flags include:

  • A prize or reward that seems too good to be true
  • Deadlines/timers intended to create a sense of urgency
  • Messages asking you to perform a sensitive action (such as a money transfer or password change) that was never discussed with the sender in person
  • Links that redirect to imposter websites. For example, www.gmaill.com instead of www.gmail.com
  • Unexpected attachments (these often contain viruses and other malware)

Doxing

Sometimes the result of phishing, doxing is when someone’s private information (address, place of business, personal email etc.) is published on the internet. The goal of doxing is usually to invite harassment upon a victim or extort them in exchange for removing their information from the public eye.

Virus

Different viruses are designed to perform any number of harmful functions, which can include corrupting data, stealing personal information, rendering computers inoperable, and more. Like biological viruses, computer viruses are self-replicating and spread through interactions between affected systems. Cybercriminals and hackers typically engineer viruses to exploit some bug/loophole in an operating system, therefore it is extremely important to keep devices up to date with the latest vulnerability patches (e.g. computers, cell phones, routers etc.). Additionally, it is recommended to have an Antivirus software like Norton by Symantec that will identify and neutralize intruding viruses before they can damage your computer.

Ransomware

This form of malware (malicious software) encrypts files on an infected computer, preventing users from accessing their data and applications. As its name suggests, Ransomware is used by cybercriminals to extort users by locking their system until a ransom is paid (usually in some form of cryptocurrency). If a victim refuses to comply within a certain timeframe, their data may be destroyed or sold on the black market. Businesses that work with sensitive customer data are a prime target for Ransomware attacks. In 2017, the Wannacry attack (a form of ransomware) shut down 16 hospitals across the United Kingdom (in addition to hundreds more organizations worldwide). To learn more about Ransomware, click here: How To: Prevent Ransomware Attacks

Ransomware - Your Personal Files Are Encrypted - Know Your Enemy

Adware

Short for Advertising Supported Software, Adware is designed to bombard a user with pop-up ads when they attempt to use their device. Though Adware usually proves more of an annoyance than serious security threat, it is still harmful to workplace productivity as it makes normal computer operations difficult and can result in an overall slowdown. Additionally, there is the possibility that Adware will advertise/redirect users to content that is malicious and/or unsuitable for the workplace (ie. Adult websites). Users typically contract Adware by downloading infected programs or visiting compromised websites that trigger automatic Adware downloads. To defend against Adware, you should regularly update your system, install a firewall, and exercise caution when downloading anything online.

DDoS

A Distributed Denial of Service attack is a form of online sabotage in which a targeted network is flooded with traffic/junk data in order to prevent it from functioning normally. A successful DDoS attack creates a path for hackers to install remote software and/or gain full access to a system. To understand a DDoS attack, picture a group of agitators blocking the entrance to a store and preventing regular customers from getting in. While the store employees struggle to deal with this disruption, some agitators take advantage of the chaos in order to sneak into the store and steal.

Since DDoS attacks are usually too complex for the average user to combat, an IT support group should be immediately contacted in the event of one. To proactively guard against a DDoS attack, make sure your company router is an up-to-date, business-specific model with proper security licensing.

What do all of these have in common?

  1. They exploit unawareness
  2. They can be prevented with the right equipment/software
  3. They target outdated systems

More than anything, cybercriminals rely on targets being uniformed and unprepared. Most users are so accustomed to using computers without issue that they might overlook potential risks or assume they have “nothing worth stealing.” Unfortunately, this overconfidence opens the door to catastrophes ranging from identity theft to total system failure. As a business owner, you have a responsibility to protect not only yourself, but your employees and customers from cyberattacks. Therefore, you should defend against them by staying alert, browsing with caution, and above all, updating on a regular basis.

Comments are closed.