No security and foresight measure is superfluous against Internet scams. On a daily basis, the dynamics of your company when creating and exchanging data is exposed to various threats capable of affecting the integrity of the information. Furthermore, the protection and operation of your devices could also be compromised, depending on the aggressiveness of the malware or hack.
Now we are not only talking about the most common scams against individual users, such as that of the unpaid inheritance for which they ask you for help. Or fraud in online purchases. In fact, the mass use of the Internet attracts people who, aware of the damage they cause, invade the systems of organizations. The purposes range from obtaining money through fraud or extortion, to demonstrating their power to block processes and services in support of radical ideas.
For this reason, your company must take the necessary measures to avoid being a victim of cybercrimes such as those described below.
Table of Contents
BEC: A Common Pattern Among Internet Scams
Business Email Compromise or BEC is one of the best-known types of Internet scams . Basically, cybercriminals gain access to company devices and systems using phishing , malware , or other illegal means. Or, they use social engineering to select victims by intercepting the information they share on social networks. Anyway, they gain access to the email accounts of collaborators with hierarchy to process payments .
From there, several things can happen. For example: the criminal pretends to be a supplier and demands payment of a false invoice with transfer to an unauthorized account. They can even announce a change of payment method and data changes. Also, they often pose as customers and request information from the company’s bank accounts to make a payment. Even more serious is that these accounts end up serving as a bridge for money laundering, compromising the prestige of organizations and financial entities.
Ransomware: An Added Threat To Internet Scams
A few years ago, WannaCry , Petya and GoldenEye were examples of ransomware , a fearsome variant of Internet scams that is still going strong. Indeed, this sophisticated malware can be present in email attachments, links, dubious websites with click-to-actions to encourage downloads, etc. When this malicious software manages to enter the company’s system through any device, it blocks or encrypts data and access.
The nonsense of the cybercriminal is the same: demanding the payment of a ransom from the victim to recover their network and information. Worse yet, its spread among other private organizations and public institutions is a danger to the operation and functioning of large-scale services. However, paying the required amount does not guarantee decryption or unlocking and rather encourages this form of extortion.
At the end of July 2020, a ransomware attack called Ragnar Locker was disclosed . In this case, the victim was CWT, an American event and business travel organizer company that agreed to pay the ransom in bitcoins . To make matters worse, the “cordial” negotiation via chat with the hackers was later disclosed on Twitter with the greatest impudence.
Malicious Domains: Another Style Of Internet Scam
It is relatively easy for anyone to create a website with their own domain. Consequently, someone with computer and Internet networking knowledge can set up a web page for reprehensible purposes. Among them: phishing , spying, obtaining information without consent, stealing passwords, spreading malware and, in general , hacking and violating the security of business networks .
Sometimes the level of complexity of these domains is such that they can impersonate legitimate organizations to defraud companies and individuals. Either through sales of non-existent products and services or through contributions to sensitive causes.
Regarding the coronavirus pandemic , cybersecurity researchers detected the creation of tens of thousands of websites related to this topic. Only at the end of March 2020 they already reported a worrying number of verified malicious pages and several thousand considered suspicious. Likewise, the video calling and video conferencing platform Zoom was affected by the registration of more than 1,700 domains that included its name. But it’s not the only one, because the same thing happened to a lesser degree with Microsoft Team and Google’s classroom.google.com app.
As some experts point out, the intent is to confuse users and make them enter their ID and password on the wrong page. Based on this, hackers will have access to remote work meetings and the data and material shared during them.
Botnets: Remote Control Attacks
Another dangerous way to carry out Internet scams is through a botnet or group of infected computers that obey orders from a remote server. In advance, computers, mobile devices and networks are “infected” by a simple Trojan or any other malware . Although it is also easy to transmit viruses due to unpatched vulnerabilities or insecure configurations such as those of some routers or IoT units .
Initially, attackers can prevent a corporate web page from working by denying users. Based on this, they order a large number of zombie devices to browse the site at the same time until it is saturated and blocked. The idea in this case is to affect the reputation of the brand . Furthermore, thanks to this twisted practice, it is easy to send spam, distribute malware, and steal data to sell to unscrupulous companies.