Mark Pribish

Phishing, hacking remain top tools for cybercriminals

By Mark Pribish
Vice President and ID Theft Practice Leader

A few weeks ago, I wrote that most security breaches involve social engineering and human error. We need to add a growing threat to that list: Unsuspecting employees releasing information or giving access to an organization's data after being fooled by cyber con artists. This increasing data danger signals an increase in the ID-theft threat level for businesses.

According to the Verizon 2015 Data Breach Investigations Report, "Cyberattacks are becoming increasingly sophisticated, but many criminals still rely on decades-old techniques such as phishing and hacking."

The Verizon report also reads, "Most hacking attacks are successful because employees click on unfamiliar links and phishing e-mails."

The report found that more than two-thirds of the 290 electronic espionage cases it learned about in 2014 involved phishing.

"Sending phishing e-mails to just 10 employees will get hackers inside the corporate gate 90 percent of the time."

In addition, Verizon security researchers found that 96 percent of the nearly 80,000 security incidents analyzed this year can be traced to nine basic attack patterns that vary from industry to industry.

By prioritizing the security efforts of your business - regardless of size - you can establish a more focused and effective approach to fighting cyberthreats and mitigating the impact of a data breach event. Remember, a data breach event might put you out of business or scare away customers.

Here are the key cyber danger areas provided in Verizon's report:

  • Miscellaneous errors, such as sending an e-mail to the wrong person.
  • Crimeware where various malware is used to gain control of systems.
  • Insider/privilege misuse.
  • Physical theft/loss.
  • Web app attacks.
  • Denial-of-service attacks.
  • Cyberespionage.
  • Point-of-sale intrusions.
  • Payment card skimmers.

"Attackers use phishing to install malware and steal credentials from employees, then they use those credentials to roam through networks and access programs and files," said Bob Rudis, a Verizon scientist.

The Target data breach, for example - which affected 110 million individuals - began when a heating, air conditioning and refrigeration vendor for the retailer received an e-mail phishing attack sent to employees, resulting in stolen credentials with access to Target's computer network.

If the Verizon report is not enough to shake your cybersecurity confidence, then you need to know about the 2015 Symantec Internet Security Threat Report. Symantec determined that social networks and apps are the new gap in information security that help cybercriminals target and successfully breach your businesses.

Educate you and your employees about ID-theft dangers because the threat level is rising and you don't want it to sink your business.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Phishing Emails Pose as Dropbox Share Alerts

Scammers have a created a new con, and this can my be coming to your inbox soon. If you are a Dropbox user, you should read this scam alert.

April 29, 2016

This convincing phishing con poses as Dropbox and lures victims into clicking on a malware-infected email. If you use this file sharing service at home or work, check your Dropbox emails carefully before clicking on an infected link.

How the Scam Works:

You receive an email that appears to come from Dropbox. The message looks real. It has the Dropbox logo and colors, and the subject line seems legitimate. Some variations include: "Drop Box - Pending Documents" or " used Dropbox to share a file with you." The body of the message instructs you to click a link and access the shared file.

Don't fall for it! The link downloads malware to your device, which scammers use to capture passwords or hunt for sensitive information on your machine.

How to Spot a Phishing Scam:

  • Be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.
  • Check the reply email address. One easy way to spot an email scam is to look at the reply email. The address should be on a company domain, such a jsmith@company.com.
  • Don't believe what you see. Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the "Sent" email address.
  • Consider how the organization normally contacts you. If an organization normally reaches you by mail, be suspicious if you suddenly start receiving emails or text messages without ever opting in to the new communications.
  • Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Be especially wary of messages you have not subscribed to or companies you have never done business with in the past.

For More Information

Learn more about phishing scams and how to stay secure while using Dropbox. To find out more about other scams, check out BBB Scam Stopper (bbb.org/scam). To report a scam, go to BBB Scam Tracker (bbb.org/scamtracker).

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.