We opened last month’s Biz & Tech podcast with lobbyist Nick Iarossi of Capital City Consulting.
Part of the conversation was on cybercrime and phishing simulations (test emails from your IT department that look like a hacker’s email like an email). If you haven’t done this exercise for your business, you should.
It offers a terrific opportunity to see who in your organization might expose the entire business to a cyberthreat. Nick doesn’t click on anything anymore, he said, not after a couple of phishing tests.
Anyway, do it.
You need to be ready for the day a malicious email makes it to your computer and be able to identify it, delete it and move on.
Cyber-criminals are constantly looking for ways to bypass cybersecurity tools, and they can put extremely dangerous emails in your inbox; they even appear to be from someone you know.
I’m sure we have all seen “spoofed” emails — pretending to be from iTunes/Apple or FedEx — with ransomware embedded.
Or the extremely goofy — but somehow effective — request for gift cards (why do people fall for this? And yes, I see it happen every month in Tallahassee), a request for dollars (I am trapped in Italy; send money, love MOM), or to “verify” your credit card info.
Most recently, there are COVID-themed emails, which are fake and loaded with malware.
There is also the silent-but-deadly variety. An email arrives. You click the link. It appears nothing has happened, but in fact, a piece of malicious software is installed on your computer tracking your every movement, waiting for you to visit your financial institution. Then they wipe you out.
Here is an overview of how this works, courtesy of our friends at Trend Micro.
I just saw an instance of this, keystroke tracking malware, Qbot (or Qakbot), just last month at a business here in Florida.
It was caught and quickly removed before it could cause any harm.
The folks at the University of Florida also conduct phishing simulations for students, staff and faculty to ensure these threats are top of mind.
As they point out in the article, if you utilize the Microsoft 365 email platform, there is an add-on (the Phish Alert button) that you can click when you identify a potentially harmful email, and it quarantines it for you. It’s pretty cool.
Hackers and cyberthieves will continue to mix up the old and the new, so obviously, everyone needs to be very wary of COVID vaccine registration emails that are fake, not from the government, and embedded with bad news. They are rampant this year, as well as some new twists on low tech phone scams.
An interesting one, WKRG reports, is where citizens in Northwest Florida get calls about a sweepstakes, which you may or may not ignore.
Here’s the twist: Following that call is someone pretending to be from the FBI investigating the fake sweepstakes.
Pretty clever, as they can spoof the FBI on your caller ID and prey on the fact that you were already suspicious from the earlier call. You might have even been relieved to hear from law enforcement.
Check out more here and be on the lookout for this one, as hackers will continue to target the state with these.
In general, cyberthreats will continue as long as people keep falling for them and law enforcement struggles to catch those involved (it’s not the officers’ fault, using the dark web and criminals in other countries make it brutal to track these folks).
In the meantime, keep rolling out every cybersecurity tool you can, conduct phishing simulations and cyber-training for your team. Ultimately, you need to be ready when that malicious email lands in your inbox or a bogus phone call comes in.
Hackers are working on new ones right now. Stay safe out there, Florida.
Blake Dowling is CEO of Aegis Business Technologies and can be reached at [email protected].