Attempted Ransomware Scam Averted

Within hours of writing last week’s blog post, Low-Cost Cybersecurity Tips, I was the victim of a ransomware attempt. Ironic, eh? The scammer’s approach was sophisticated and targeted. I was drawn in by the message, initially replied, and was astounded by what happened next. Good news – this story has a happy ending. But it could have turned out much differently.

I’m sharing this recent brush with cybercrime to illustrate just how insidious online scammers are, and how capable they are of masquerading as a trusted sender. Perhaps reading about my experience will help you avert a ransomware or other cybercrime.

As an established tax professional, I often receive emails from prospective tax clients. Some are referred or introduced to me by an existing client or referral partner. Some prospective clients find me through my website or the IRS’ Tax Pro Directory. On May 20th, I received a message from an individual saying that he and his wife needed a new tax preparer. He acknowledged that he had missed the May 17th filing deadline and provided a few details about their income. He asked me to tell him how much it would cost to prepare their 2020 income tax returns.

Even though I am not taking new tax clients now, I didn’t want to be rude and not respond. I also wanted to be as helpful as possible to a taxpayer in need without committing to perform any work. So, I took a few minutes to write back to explain that I am not available and to share an IRS website link with tips for finding a tax professional and a directory by location of individuals with tax credentials (https://www.irs.gov/tax-professionals/choosing-a-tax-professional).

I noticed that the sender’s email address contained extensions that indicated his location to be in the United Kingdom. That did not make me suspicious of the sender’s identity because I have tax client who live or used to live in the UK. It did, however, prompt me to also send the prospective client another IRS link to information about US taxpayers living overseas (https://www.irs.gov/individuals/international-taxpayers/u-s-taxpayers-residing-outside-the-united-states). Feeling like I had done a good deed, I hit “send”.

Within a few minutes, I received a second message from the sender saying that he had scanned his 2019 returns for my review with a link to access the return copy. Red flag! I stopped in my tracks to absorb what I was reading. It was a clear indication that my “prospective client” was a scammer luring me to click on a link that would probably have held my data for ransom. My valuable tax client files that that contain all sorts of confidential and private information, like bank account and Social Security numbers.

I quickly shifted from “helpful” to “obstructive”. I erased the message string and dumped my email trash. It’s only been a few days, but it looks like that scammer is not coming back. I managed to avert that ransomware scam attempt, but there will be others. We all need to be aware and diligent to avert them. Want some tips? Check out last week’s blog post!

Low-Cost Cybersecurity Tips

Hacks and ransomware crimes are all over the news headlines. Seems like there’s a new one reported every day. Victims include federal government agencies, insurance companies, energy infrastructure, and computer system vendors. Those are some highly sophisticated players that have invested tons of money in cybersecurity. So, what chance does a small business have defending itself against all those sophisticated cybercriminals? 

Bottom line, the tons of money that organizations invest in cybersecurity can go right out the window if the users – ordinary and fallible people – don’t follow safe system security practices. Systems are only as safe as the security knowledge and practices of the least knowledgeable system user. All it takes to open the door to a cybercriminal is one person clicking on the wrong link from an unknown source, or from a hacker masquerading as a trusted sender.

Believe it or not, periodic reminders of these low-cost cybersecurity tips will help organizations of all sizes and types to follow safe cybersecurity practices:

  1. Keep software systems up to date and use a good anti-virus program.
  1. Examine the email address and URLs in all correspondence to detect a scammer mimicking a legitimate site or email address.
  1. Ignore text messages, emails, or phone calls asking you to update or verify your account information and go to the company’s website to see if something needs your attention.
  1. Never open unexpected attachments until verifying the sender’s email address and use virus scan before opening any document.
  1. Scrutinize all electronic requests for a payment or fund transfers.
  1. Be extra suspicious of any message that urges immediate action.

Human action is a risk that can throw an organization’s cybersecurity investment right out the window. People who click before thinking can allow hackers in to do all sorts of expensive and embarrassing damage. By promoting a few low-cost cybersecurity tips, business or all sizes and types can avoid becoming a victim of sophisticated hackers and other cybercriminals. 

Cyber Risk and Remote Working

Cyber risk has sky-rocketed in the months that remote working has increased. Hackers know that remote workers often don’t have the same security set-up at home as they do at the office. But even when strong security protocols are in place, hackers get in and data breaches happen. 

Why? Because human action has long been reported as one of the highest cyber risks. Some people just can’t resist clicking on enticing links, no matter where they came from. Temptation to fall for clickbait seems to be even higher for people working at home in their jammies. Plus, people under stress are more likely to act without thinking things through. Hackers know that, too.

In a recent whitepaper titled, “Cyberchology: The Human Element,” 80% of businesses surveyed stated that their cyber risk has increased in 2020. More than 75% of businesses said that one-half or more of their people were working remotely. Up to 47% of survey respondents reported experiencing stress issues. No wonder that cybersecurity breach reports are up 63%!

Click here (yes, a valid link) to read the entire whitepaper. It’s interesting. Plus, it’s free. https://cdn1.esetstatic.com/ESET/UK/Collateral/White_Paper_Cyberchology.pdf

Bottom line, tons of money invested in security can go right out the window if people don’t use systems securely. Your systems are only as safe as the security knowledge and understanding of your least knowledgeable worker. With the extra challenges of remote work and the pandemic, businesses can help workers maintain cybersecurity practices at the office and at home with periodic reminders to:

  1. Keep software systems up to date and use a good anti-virus program.
  2. Examine the email address and URLs in all correspondence to detect a scammer mimicking a legitimate site or email address.
  3. Ignore text messages, emails, or phone calls asking you to update or verify your account information and go to the company’s website to see if something needs your attention.
  4. Never open unexpected attachments until verifying the sender’s email address and use virus scan before opening any document.
  5. Scrutinize all electronic requests for a payment or fund transfers.
  6. Be extra suspicious of any message that urges immediate action.

Human action has long been reported as one of the highest cyber risks. People who click before thinking things through can let hackers into your systems to do all sorts of expensive and embarrassing damage. Periodic cybersecurity reminders, especially for those who are working at home in their jammies, can go along way to reducing cyber risk during this pandemic and over the long run.

Signs You’re About to be Attacked by Ransomware

Kidnappers do their homework before snatching their victims to be sure that they have enough ransom money to be worth the time and risk. Until today, I hadn’t thought about scammers doing their homework before launching a ransomware attack. An article in Sophos News by Peter Mackenzie, The Realities of Ransomware: Five Signs You’re About to be Attacked, opened my eyes that system kidnappers usually leave a trail that can be detected.

I encourage you to read Mr. Mackenzie’s article and take action to protect your systems from being held for ransom. He shares valuable tips from his own professional experience, including tools and methods. https://bit.ly/2PFuhnX 

Here is a quick list of evidence of an existing or immanent ransomware attack that could be detected by a cybersecurity professional:

  • Unusual Behavioral

A periodic scan of your network’s file history can detect repeating patterns or other indicators of malicious activity on your systems. It could be nothing to worry about, but anything that looks unusual is probably worth checking out. Even if malware has been detected and removed, scammers could still be conducting harmful operations on your network.

  • Scanner Snooping

Scammers often gain access your systems by using phishing or social engineering schemes with authorized users. They especially love to capture credentials for users with administrative rights because it gives them more access. Once in, they can install a network scanner to find files with valuable information, such as bank accounts and tax IDs. A scanner can be detected and removed if you know how to do it.

  • Neutralized Security

Scammers that manage to compromise admin rights often try to disable your security software to swing open the door to your systems even wider. Several tools are available to force the removal of your security software. These tools have legitimate purposes, but they can be used by criminals to leave your systems vulnerable.

  • Embedded Tools

In addition to installing a scanner, scammers can embed keystroke readers to capture logon credentials. Capturing keystrokes allows access to your systems, some of which could store financial and confidential identity information. Other tools can be used to extract data and lists of usernames and passwords for use or sale.

Turns out, ransomware attackers do their homework just like kidnappers looking for a rich victim to snatch. Peter Mackenzie’s recent article in Sophos News really opened my eyes that ransomware attacks can be detected before they hold systems hostage. Read his article and arm yourself with tools to fight off cybercrime. 

Fraud and Cyber Risk

Last week, I attended a cyber risk workshop offered by the local chapter of the Institute of Internal Auditors. One of the presenter’s slides listed data breaches that occurred so far in 2017, including Equifax, the Securities and Exchange Commission, and Home Depot. It’s pretty scary, especially when you think about what the cyber criminals are after – your money.

 

Fraud has existed for a long, long time. Technology gives criminals new opportunities to perpetrate bigger frauds more quickly than ever before. Organizations fight back by adding more technology skills to their fraud prevention and investigation teams. According to the Association of Certified Fraud Examiners’ (ACFE’s) In-house Fraud Investigation Teams: 2017 Benchmarking Report, building forensics and cybersecurity expertise is a big focus.

 

Of the nearly 1,500 anti-fraud professionals who responded to the global survey:

 

  • 43% say their organization is seeking or expecting to add expertise in digital forensics to its fraud investigation team.
  • 36% say their fraud team has cybersecurity skills, while 37% are looking to add those skills.
  • Only 16% teams investigate data breach incidents frequently and 27% investigate them occasionally, indicating a possible lack of expertise.

Responding organizations cited that their fraud investigations were related to:

  • Employee embezzlement (40%)
  • Frauds committed by customers (40%)
  • Frauds committed by vendors or contractors (32%)
  • Human resources issues (30%)

IT security professionals often think that their organizations have the controls needed to prevent cyber threats that can lead to fraud. That is not enough! Everyone connected to your systems needs to understand and follow security practices and know why they are important.

 

Clarify your organization’s fraud controls and each person’s role to protect data and funds by:

 

  • Documenting responsibilities for security and secure work practices. Security is part of everyone’s job.
  • Training everyone about security and why it is important. People tend to follow procedures that they understand.
  • Implement incident detection to locate and shut down attacks that can become data breaches.

 

Fighting fraud requires that organizations ensure they have adequate technology skills on their fraud prevention and investigation teams. Recent reports – as well as recent events — tell us that many organizations still need to beef up their cyber teams to protect our money from fraud.