Spidey sense: a vague but strong sense of something being wrong, dangerous, suspicious, or a security situation.
Small businesses are an attractive target for scammers and spammers. They typically don’t have the multi-level layers of defense and resources employed by larger enterprises. Couple that with the fact that cyber security awareness training isn’t always a priority and small businesses can easily become enticing targets for hackers and scammers. These bad actors are working at full steam to leverage and exploit vulnerabilities and human weaknesses; according to Scam Spotter, sponsored by the Cybercrime Support Network, a Cyber Threat Alliance (CTA) partner, scammers are estimated to steal over $2 billion this year.
Attacks against small businesses can be highly consequential. Fines and fees can be impactful to the businesses’ bottom line, and having customers lose trust in your business can be disastrous for future profitability. Bad actors are also growing ever-more inventive, leveraging phishing lures and text-based campaigns to entice victims. One thing is common throughout — these malicious campaigns play on people’s fears, as happened with COVID-19, and their financial insecurity due to all kinds of economic uncertainty. Why do hackers leverage fear and uncertainty to their advantage? Because it works. When you couple this kind of opportunism with the exposure of businesses that don’t have the level of sophisticated security available in a corporate network, you end up with an appealing environment for bad actors to exploit.
In order to effectively protect yourself against this malicious activity, you have to be hyper alert, even suspicious, when reviewing emails and texts. Have that ‘spidey sense’ that something might not be legitimate. The tactics and techniques that bad actors use today are highly strategic. They know what is compelling so that people will open the email, the attachment, or click on the link. Similarly, phishing lures and text messages are specifically designed to fool you, and are also geared for wide distribution to allow for successful exploitation, meaning that you might see various plays on the same themes. Many will fall victim to these malicious campaigns as they aren’t paying enough attention to sense that something isn’t right, or because they want to believe the message to be legitimate.
Be especially wary of any pandemic-related messages, whether coming via email or SMS messaging. To better help you educate yourself on some of the tactics and techniques that bad actors have been leveraging, you can read how some of our CTA members have described this activity in more detail on this resource site. If applicable to you, we have also compiled a list of working from home tips and resources from many of our members and partners here. Keep in mind that you must ALWAYS operate with a high-level of scrutiny for any email, text, or website that you come across.
The best advice we can give you in this circumstance is to be circumspect about any email or text message related to the virus or to today’s economic uncertainty. Get your ‘spidey sense’ on, be suspicious, and be cautious; you won’t be disappointed
The author, Jeannette Jarvis, is the Chief Recruiting and Marketing Officer at the Cyber Threat Alliance.