“ One of our [business] managers used public Wi-Fi without a secure connection, and his system was infiltrated. Once the hacker was in that system, he was able to monitor and ultimately take over the email inboxes and outboxes. With that access, the scammer created a scheme to steal money from us.”
—Wire Fraud Survivor
What Is a Cyberscam?
A cyberscam happens when a criminal uses the internet to manipulate you into giving away personal information. Methods include everything from simple spam emails to more complicated (and potentially lucrative) spoofing.
In a recent interview, we asked CTO Mike Wade what cyberscams he was currently seeing the most: “Definitely sophisticated phishing attacks. Specifically, spear phishing [i.e., directed at a specific person]. We see where people in financial roles are being targeted.”
Why Do Cyberscammers Target Businesses?
When it comes to cyberscams, your business will be hit. And it likely won’t be a simple, easy-to-spot con.
Over the years, cyberscammers have used increasingly complicated psychological tricks—urgency, empathy, and personalization—to break down your internal warning system (source). They also learn from their mistakes, becoming more sophisticated with every scam.
As an example, the FBI’s Internet Crime Report 2022 found that business email compromises, or BECs, have “evolved from simple hacking or spoofing of business and personal email accounts and a request to send wire payments” to “utilizing custodial accounts held at financial institutions for cryptocurrency exchanges, or having victims send funds directly to cryptocurrency platforms where funds are quickly dispersed” (source).
Cyberscammers will call you, posing as an authority figure, to obtain your username and password.
They’ll send you an official-looking, threatening text message, asking you to update or change your bank account info.
They’ll “look for an email chain they can hijack or search [your] address book to find people who can be targeted further” (source).
This increasing sophistication is because scammers aren’t looking for small payouts. According to Fortinet’s 2023 Global Ransomware Report, “[Cyberscammers are] spending more time conducting reconnaissance to identify lucrative targets, meaning that many ransom demands now reach well into the tens of millions of dollars. ... Many cybercriminal organizations use a formula to determine what amount to ask for so that a victim is more likely to pay” (source).
“ The scammer impersonated one of our company’s vendors. When the scammer knew a large payment was about to be made, he pretended to be the vendor (by buying a slightly different email domain) and requested a change of bank account for our payment. Unwittingly, our manager wired the payment to the new and illegitimate bank account.”
—Wire Fraud Survivor
How to Protect Your Business from a Cyberscam
The hard truth is that you have no control over cyberscams. There is no company or app that will protect you 100 percent of the time.
What you can control is how you prepare.
In 2023, Fortinet rated the top 5 cybersecurity challenges business face:
- the growing sophistication of the threat landscape,
- a lack of clarity on properly securing ... networks against a ransomware attack,
- a lack of cybersecurity awareness among end-users,
- no clear chain of command, and
- difficulty stopping employees from being fooled by social engineering (source).
This means that preparation for any cyberattack—including cyberscams—has to go further than simply using strong passwords, antivirus software, and firewalls.
Every business needs to:
- keep their technology up to date.
- dispose of any type of technology—including data and hardware—safely and securely.
- create an incident response plan: “a predetermined set of instructions or procedures to detect, respond to, and limit consequences” of a cyberattack (source).
The Center for Internet Security, or CIS, put together a framework of Critical Security Controls: a “prioritized set of actions to protect your organization and data from cyberattack vectors” (source). When it comes to making sure your technology is secure, this is the best place to start.
The Role of Education
Your business also needs a strong focus on employee education. According to the Verizon 2023 Data Breach Investigations Report, “74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials, or Social Engineering” (source).
In addition, the main way cybercriminals gain access to a business is through stolen credentials (i.e., usernames and passwords) (source).
This means every employee needs to know how to protect themselves—and, by extension, your business—from cyberscams. The training should happen immediately upon hiring and at regular intervals after.
It’s also vital to create a safe space for employees to report cyberscams. You want staff to come forward when they receive a suspicious email, phone call, or text. And you absolutely want them to come forward when they respond to a possible cyberscam. There should be no fear of reprisal or reprimand.
Because the sooner you know that personal information has been stolen, the faster you can take action.
Some Good News
If your business is hit by a cyberscam, you might be surprised (and relieved) to know that there are cases in which cybercriminals are caught and money is returned.
“Rapid reporting can help law enforcement stop fraudulent transactions before a victim loses the money for good. The FBI’s Recovery Asset Team was created to streamline communication with financial institutions and FBI field offices and is continuing to build on its success. The team successfully recovered more than $300 million for victims in 2019" (source).
Fraud should be reported to the Federal Trade Commission, or FTC. They also handle identity theft.
“ Thankfully, the FBI was able to recover a portion of the money, and insurance covered a portion, so it was not a total loss.”
—Wire Fraud Survivor
Finally . . .
Cyberscams aren’t new, and they’re not going anywhere. The time to shore up your technology is today—before you’re hit.
WYRE can help.
We understand that the constant changes in vulnerabilities and methods of attack present an enormous challenge to your business. And we know how difficult it can be to stay current on updates, emerging technology, and industry news.
Effective cybersecurity takes time to put in place. You don’t have to go it alone.