How scammers hook SMBs

CYBERCRIME

Online scammers are forever trying to trick not only unsuspecting users, but also company employees. Sure, it is usually far harder to dupe a business than a retiree is, but the potential rate of return is far higher in the former case. Therefore, attempts to get SMBs to swallow the bait continue unabated.

Numerous techniques exist, but because scammers are generally a lazy bunch, most cases involve variations on tried-and-true themes. Here are the most common schemes in use.

Types of bait

It is important for cybercriminals that you not only read their messages, but also react to them: click on a link, open an attachment, pay a bill. To get you to do that, they need to grab your attention.

A notice from the tax service

You receive an e-mail stating that you have not paid a tax in full, and now interest have been added to the bill. If you want to appeal, you’ll have to download, fill out, and submit the attached form. The form contains a macro, though, and as soon as you enable it (most users automatically click “I agree” in pop-up windows), it immediately downloads and runs malware.

Many businesses fear the tax authorities, but it’s important to look fear in the eye — or at least at some of its e-mails so that you can spot the differences between real and fake ones. It’s worth knowing whether your local tax office tends to send e-mails or call people up.

Notifications about pending payments

Paid all your taxes and settled with all contractors? Well done, but you still might get a message saying a payment failed to go through. After that, anything goes — from a request to pay a supposedly reissued invoice to a prompt to go to some strange site.

Antivirus can block a suspicious link, but only your common sense can stop you from paying the same bill twice.

Proposal from a mysterious contractor

Sales e-mails are usually sent out randomly in the hope that at least some of them will hit a good target. Scam e-mails that look like mass sales e-mails — but including malicious attachments meant to look like product or service details — do the same.

Security service notification

This scam operates mainly on companies with offices in different locations. Regional office employees often have a fuzzy idea of what HQ staff look like and do. On receiving an e-mail from the important-sounding “chief security officer” instructing them to install a security certificate, many will comply without noticing that the message came from a bogus address. Install the certificate and they have you completely.

Consequences of being hooked

Phishing is conceptually simple — its purpose is to steal your credentials — but e-mail malware comes in different flavors. The most common types are those in the following list.

A RAT in the computer

Cybercriminals are particularly fond of remote access tools (RATs), which enable attackers to get into the corporate network, where they can wreak havoc. For example, using a RAT can enable an outsider to install additional malware, steal important documents, locate the finance manager’s computer, and intercept payment system access data — and then transfer money to their account.

Ransomware

Ransomware encrypts files so that they cannot be used. That means not being able to refer to your important documents anymore, or even show a presentation. Some types of ransomware spread over a local network, penetrating one computer initially but encrypting data on every machine the Trojan reaches. To restore the files, the attackers demand a ransom (hence the name). For example, not so long ago, municipal computers in Baltimore, Maryland, got hit by ransomware that took some services completely out of action. The attackers demanded more than $100,000 to restore everything.

Spyware

Cybercriminals also like using spyware Trojans — malware that collects maximum information — to infiltrate companies. The spyware sits quietly on computers, logging usernames, passwords, and addresses, and harvesting messages and file attachments. For tech companies, the main danger here is that expertise or plans might leak to competitors, whereas for other businesses, the main threat from spyware is that the attackers might get inside the financial system and steal money. It can happen to large organizations too — for example, the Central Bank of Bangladesh got hit to the tune of $81 million.

How to avoid common SMB scams

Follow these general safety tips to stay out of scammers’ SMB traps:

Be vigilant;
Know the laws of the jurisdiction in which you operate and understand how the government and regulators work;
Be aware of which file types are more likely to be dangerous than others;
Install an antivirus solution, preferably one with protection against spam and phishing, on all work devices.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Send us your press releases to pressrelease.zawya@refinitiv.com

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

How scammers hook SMBs

DISCOVER MORE

World Future Energy Summit: Etihad WE Day 1 media bulletin

Qalaa Holdings signs debt settlement agreement with four banks

Impact of AI, hybrid work top HR challenges in 2024

Tamkeen launches second phase of the CIC Program in collaboration with Bahrain Polytechnic

ADNEC Group partners with Terrax

CBB 12 month Treasury bills issue no. 115 oversubscribed

Kevin. triumphs with first account-to-account NFC iPhone transaction

Automotive aftermarket sales performance in Saudi Arabia is improving with a market value set to top USD 9.4bln by 2027

Largest Middle East energy yet opens tomorrow with experts probing pathways to energy security and sustainability

Albal Design launches UAE's first science based interior design concept

ALEC BUTEC joint venture secures design-build contract for Abu Dhabi waste-to-energy plant

DMCC and Danube Properties partner to launch $545mln residential project in thriving JLT District

Synology presents comprehensive solutions for safeguarding business data at GISEC 2024

Financial sector lost $12bln in 20 years due to cyberattacks: IMF

Cybercrime cases continue to rise, up 21.84% in Q1 in Philippines

UAE residents urged to stay vigilant amid cyber threats; tips to spot phishing emails

Russian official says election video surveillance systems in Siberia hit by cyberattack - TASS

PNP warns public of rise in cyber identity theft cases in Philippines

LATEST VIDEO

VIDEO: Inflation in Egypt to continue to rise amid Gaza conflict, Red Sea attacks

ZAWYA COVERAGE

UAE rains: Dubai International Airport will temporarily divert inbound flights

UAE flights disrupted as heavy weather lashes Emirates

Abu Dhabi’s ADQ to buy 49% stake in Alpha Dhabi’s construction arm

Value of MENA debt issuances jumps 52% to $41.6bln in Q1

Remote work for Ajman government employees to continue tomorrow

UAE power mix will continue to be dominated by thermal power

UAE announces extension of remote work for government employees

IMF ups global growth forecast but signals medium-term pessimism

Sudanese rue shattered dreams as war enters second year

THE BRI REPORT

China’s flagship global infrastructure initiative is changing in the face of potent headwinds