The fourth week of Prosource’s National Cyber Security Awareness Month (NCSAM)

The fourth week of Prosource’s National Cyber Security Awareness Month (NCSAM) Campaign features cyber security tips complementing the theme, “How Does Data Get Compromised During an Attack? Common Cyber Scams to Watch Out For”.

If you’re like a lot of people, you imagine hackers launching complex attacks against international corporations and governments. The reality is that one of the most common forms of cybercrime is when you respond and fill out information to phishing emails. While most phishing attacks are sent by email or deceptive websites, there are many other approaches that hackers can take.

Here are 7 tips to help you identify common cyber scams and understand how data gets compromised during an attack.

5 types of BEC scams

According to the FBI, there are five main types of BEC scams:

1. Account compromise

In an account compromise, an employee’s email account is hacked and used as a vehicle for financial or data-related crimes. In most cases, the attacker will use the account to request payments on behalf of vendors; these funds are then transferred to accounts owned or controlled by the attackers.

2. Attorney impersonation

An attorney impersonation attack typically targets newly hired or junior employees. In this attack, the hacker will pose as a lawyer or legal team member and pressure or manipulate the employee into taking action, such as sending data or requesting a wire transfer. Because the request is typically framed as urgent, confidential or both, many new or relatively inexperienced employees do not know how to validate the request and simply comply in order to avoid negative consequences.

3. CEO fraud

CEO fraud is similar to an attorney impersonation attack except in this case the attacker poses as the CEO. In most instances, the attacker will target a member of the finance team, again claiming to need urgent support on a time-sensitive or confidential matter. In these events, the employee is goaded into transferring money into an account controlled by the attacker.

4. Data theft

BEC attackers can also target a company for data. In a data theft attack, the attacker will most commonly zero in on HR or finance team members and attempt to steal personal information about the company’s employees or customers. This information can be sold on the dark web or used to inform and advance future attacks.

5. Fake invoice scams

In a fake invoice scam, the attacker poses as a vendor and requests payment from an employee for a service. In most cases, the attacker will present themselves as an actual vendor and edit an official vendor invoice template. However, the attacker will alter the account details so that funds will be transferred into an account owned by the hacker.

Human error

Human error remains one of the primary causes of security breaches, often resulting from inadvertent actions like misconfigured settings, sharing passwords, or falling victim to social engineering attacks.

These scenarios can happen to anyone, from employees at small businesses to executives at multinational corporations. A simple mistyped email address or an accidental click on a malicious link can have far-reaching consequences, compromising not only personal data but also sensitive company information.

When sensitive data falls into the wrong hands due to human error, it can lead to financial losses, reputational damage, and even legal repercussions. Organisations must prioritize ongoing training and awareness programs to educate employees on best practices for data security.

By - Aaradhay Sharma