Phishing, social hacking, social engineering, email spoofing and digital scams. Are you familiar with these terms? They all refer to an expanding scourge in today’s world of digital connectivity – cyber criminality, says Marie-Pascale Frix, FIDI Business Intelligence Manager
While digital connectivity plays a crucial role in enabling innovation and prosperity around the world, cyber threats present a major obstacle to society’s continued path to progress. From data breaches and identity theft to the disruption of operations and critical infrastructure, cyber attacks were ranked among the top five global risks in 2019 (source: World Economic Forum).
The consequences of cyber attacks should not be underestimated. Not only can they hit your firm financially, but they can also damage your business’s reputation.
While your company systems may be well secured, cybercrime authorities are advising businesses to invest in their ‘human’ firewalls (their employees) to mitigate cyber risks – as everyone can be the victim of cyber criminals. By giving your employees the proper information, they will be able to recognise a cyber attack quickly, and have the right reflexes to warn and react fast.
The annual worldwide cost of cyber crime is estimated to be €400 billion (US$448 billion), and this figure is expected to hit €5.4 trillion (US$6 trillion) by 2021.
Phishing was recognised as the most significant cyber threat of 2019 – but what is phishing?
It is a fraudulent technique whereby the identity of a person or organisation is stolen. The fraudster makes his victim believe that he/she is a trustworthy party in order to obtain personal or professional information, and gain access to bank accounts.
This is done with worrying ease. Clicking on a fraudulent link and following the instructions of a (fake) email from an apparently trustworthy source – for example, a supplier, business partner, your bank, or the chief executive officer – can eventually lead the victim to transferring money to the hacker’s bank account.
If in doubt…
…it is better to exercise caution. If you have the slightest doubt about an email, do not open any links or attachments, and contact the sender in a different way.
What to do if you receive a false message:
- Forward it to your legal authorities.
- Do not click on the links, but search for the website via a search engine
- Do not forward it to your contacts
- Never fill in personal information
- You can forward it to the organisation itself
What to do if you have already passed on your data:
- Warn your friends/colleagues that you have forwarded them a false message
- If you have passed on a password that you use in other places, change it immediately
- If you have provided your credit card details, notify your bank immediately.
- If you are being asked by email to settle an invoice to a different bank account, be vigilant. Contact your business partner by phone to verify if, indeed, there is a change in bank details. Do not use the contact details of the correspondence, but use your known contacts.
- Check your online accounts regularly.
- Check your bank account regularly and report any suspicious activity to your bank.
- Perform online payments only on secure websites (check the URL bar for the padlock and https) and using secure internet connections (choose a mobile network instead of public Wi-Fi).
- Your bank will never ask you for sensitive information, such as your online account credentials, over the phone or email.
- If an offer sounds too good to be true, it’s almost always a scam.
- Keep your personal information safe and secure.
- Be very careful about how much personal information you share on social network sites. Fraudsters can use your information and pictures to create a fake identity or to target you with a scam.
- If you think that you have provided your account details to a scammer, contact your bank immediately.
- Always report any suspected fraud attempt to the police, even if you did not fall victim to the scam.
The basic rules
Here are some tips (from www.SafeonWeb.be) to help you assess whether or not you can trust a message. Cyber criminals always try to abuse something you believe in or someone you trust. They also often try to use fear to achieve their ends. Do not get tricked. Have you received a suspicious email or phone call?
Then answer these questions:
- Is it unexpected? You received a message for no reason: you haven’t bought anything or had contact with them for a long time. Investigate further.
- Is it urgent? Stay calm. Did you really get that first reminder to pay? Do you know that ‘friend in need’?
- Do you know the person who sent the email? Check the email address and also check for spelling errors. However, beware: a legitimate email address and well-written email is no guarantee.
- Do you find the request strange? An official body will never ask you for your password, bank details or personal details by email, SMS or over the telephone.
- Where does the link you need to click on lead to? Hover over the link with your mouse. Is the domain name – the word before ‘.be’, ‘.com’, ‘.eu’, ‘.org’ and so on, and before the very first slash (‘/’) – really the correct name of the organisation? An example: For the link www.safeonweb.be/tips, the domain is ‘safeonweb’. For the link www.safeonweb.tips.be/safeonweb, ‘tips’ is the domain and you are directed to a different website.
- Are you being addressed personally? Be wary of messages using general and vague titles, or addressing you using your email address.
- Does the message contain many linguistic errors? Although seasoned cybercriminals tend to use language correctly, language errors or a foreign language can indicate a suspicious message.
- Is the message in your spam or junk folder? If so, be extra careful. You can also mark suspicious messages as spam or junk to help warn others.
- Is someone trying to make you curious? Everyone would be curious about messages with a link reading “Look what I read about you…” or “Are you in this picture?” – but do not be tricked by this kind of title or message.