Cybercriminals are always looking for new ways to exploit people's fears and emotions to trick them into divulging sensitive information or downloading malicious software. One common tactic is to use newsworthy events to conduct social engineering and phishing campaigns which are designed to manipulate people into doing something they should not, such as clicking on a link or providing login credentials via timely fraudulent communications that appear to be related to a news event.
The past week has seen multiple campaigns related to the Silicon Valley Bank collapse. Channel Futures posted an article detailing ways in which cybercriminals are using this event to mount social engineering attacks against financial professionals across multiple industries. With today’s announcement that First Citizen’s Bank is acquiring SVB assets, further short-term confusion about banking allows Cybercriminals to pose as banking and financial services organizations and trick people into clicking on links that appear to be legitimate from new banking contacts but are in fact credential harvesting or malware links.
During the COVID-19 pandemic, cybercriminals constantly mounted campaigns that appeared to be from reputable organizations such as the World Health Organization or the Centers for Disease Control and Prevention. The emails contained links or attachments that purported to contain information about the virus but were really designed to steal login credentials or install malware on the victim's device. Major sporting events and political cycles also come with a rise in social engineering and phishing attacks that can target both personal and business accounts/
Companies can protect themselves from these types of attacks with the following steps:
- Be wary of unsolicited emails or messages. If the email seems suspicious, contact the organization directly to verify its authenticity.
- Verify the source of information. Before clicking on any link or sharing information, verify the source. Do not rely solely on social media or other unverified sources; inspect URLs before clicking on them.
- Use strong passwords and two-factor authentication. Make sure that your organization uses strong, unique passwords and requires two-factor authentication whenever possible. This will help prevent cybercriminals from gaining access to your accounts.
- Protect your privileged user accounts. Beyond IT infrastructure administrative accounts, HR, and financial accounts that access financial systems such as banking and payroll should be protected by a strong Privileged Account Management solution.
- Keep your software up to date with patch management. Make sure that your company installs software updates as soon as they become available. These updates often contain important security patches that can help protect you from cyberattacks.
- Conduct security awareness training. Comprehensive security training teaches users how to recognize and avoid these types of attacks, as well as what to do if they become a victim of a successful attack.
Cybercriminals are constantly finding innovative ways to conduct crime and regularly exploit newsworthy events by using fear and confusion. Ballast Services provides companies with advisory, professional, and secure managed services to protect against the relentless threat of cybercrime via comprehensive vulnerability and patch management services, Privileged Account Management solutions, security awareness training, and consultative services to identify and reduce your organization’s risk to cyberattacks.
Modernize, Optimize, Stabilize, and Secure your organization today. Contact us at 813-568-9011, visit our website at https://ballastservices.com, or click on Get In Touch to speak with us today.
