Crisis Management: How to Defend Against Cyber Scams
Editor’s Note: The following article is a guest post submitted by Robert Daniels of SocialMonsters.org.
Healthcare.gov made news recently (in addition to all the backend site problems and political arguments surrounding it) after software tester Ben Simo logged in to manage his granddaughter’s insurance, only to discover vulnerabilities a cyber criminal could exploit.
Simo noticed the site sends personal information to third-party analytics and advertising companies, as well as additional issues that violated user privacy.
Unfortunately, this is only one example. Other cyber criminals are using the Affordable Care Act to pose as Medicare agents and trick seniors into sharing personal information, according to Fox Business.
Such scams are not limited to health care. Earlier this year, the Center for Strategic and International Studies estimated cybercrime costs Americans $100 billion a year. As a result, many experts advise companies with valuable data to assume a crisis will occur, and develop a response plan accordingly.
To avoid becoming a victim of cyber scams, it pays to know what to avoid.
Beware of Your Browser and Inbox
According to security company Kaspersky, last year 87.91 percent of phishing site links spread by browsing and 12.09 percent through email.
Being careful of what you click is the first step toward protecting yourself. Banners spoofing legitimate websites, blog posts and social media private messages can all lure you into clicking malicious links.
If you suspect a link’s legitimacy, one simple precaution is hovering over it before clicking. In most browsers, this will display the link target in your screen’s lower left corner. If the displayed URL doesn’t match the supposed target, it may be fake. Seeming link typos can provide similar clues.
Prevention is your best defense, but in the event your information does become compromised, another safeguard is subscribing to identity protection. Services such as Lifelock can alert you to suspicious use of your personal information.
The University of Chicago’s IT Security Department provides examples of common email scams. These may take such forms as fake administrative alerts advising you that your webmail storage has exceeded capacity, that you need to update your account, or that fraudulent activity has been detected.
A common email scam to avoid: one that asks recipients to visit a link to increase the size of their mailbox. As the University of Chicago’s IT Services team explains, you can identify it’s a scam because the sender does not have a valid company email address (UChicago, in this case), and the link’s domain does not match the company’s domain.
Such emails can usually be detected by suspicious addressing information, links or content.
Fake Work Website Woes
It’s not just individuals who are vulnerable, Kaspersky warns. Another common attack is creating a fake portal resembling a company website, then luring employees to the fake site. Companies can deter this through a combination of good network security practices, BYOD management policies and employee education.
Malicious Mobile Messages
Last year, spammers sent 45 million text messages a day via cellphone, anti-spam provider Cloudmark reported.
Scam texts take various forms, including fake gift cards, cheap mortgage and medicine offers, and impersonating bank and government officials contacting you about allegedly urgent problems. Often such messages include phony links inviting you to click to stop future spam. Avoid clicking such links.
When Facebook Isn’t Friendly
The Better Business Bureau warns fake Facebook friend requests can compromise your security. Spammers can duplicate or hijack your friend’s account to gain your trust.
If you receive a suspicious request, such as a friend request from someone you’re already friends with, check with the legitimate account owner to verify it before accepting.
Bottom line: scammers are creating tricker, more complex traps to gather private information, so brands that hold important data and value their customers’ privacy should take all precautions necessary.
About the Author
|Robert Daniels writes for SocialMonsters.org, works full-time at an SEO firm and runs an online consulting business.|
You might also like…
- Labor Day Phishing Scams – Don’t Get Hooked This Year | Webroot Software
- The Fight Against Pinterest Spam
- Crisis Management: Assume a CrisisWill Occur; Prepare a Response Plan