Technology solutions professionals can see potential threats to your business, staff and employees. While the internet can be seen to be a great tool (cloud-based communications and solutions for instance), there are darker sides to it all. There is no doubt that it can pose a threat.
Factually, your business has no room to run.
Do you doubt this? Continue reading to see examples of major threats that actually exist. Not worried? Be confident!
It is so dangerous, Deloitte even opened a cyber threat hunting program!
However, on an everyday basis to SME’s just as your business, there is no anti virus this or malware that will really help. The examples below illustrate why. Things have advanced exponentially to levels you may not believe. But some of these examples are real examples that show just how serious these threats are. While there will be casualties, you don’t want one of them.
Email has been an important driver in advancing communications between all aspects of business. This includes sales, customer support, management and publicity. However, it is obvious that email servers have a flawed technology and it is now a global transport for communications that’s difficult to fix. These communications channels must be compatible with all other email servers around the world, which creates huge inherent vulnerabilities.
Nearly every country has government agencies working to combat fraud. Email is the most commonly abused platform because it is easy for non-experts to abuse. Even if your not an expert, it is easy to learn how to become one.
Action Fraud, a police-run organization in the UK, is one example. They handle many other types of fraud but email scams are a high priority.
But this is where things get really bad. The fraud rate has increased dramatically since the introduction of cryptocurrency. Because they are concerned about Bitcoin investors losing their investment, the US SEC Rejects Bitcoin Exchange Traded Fund.
This article is very specific. Bitcoin is being fraudulently used and in both cases below Bitcoin clearly participated in the transport of monies to the criminals. This is no joke. Anyone who ignores the potential negative effects on their organization will soon find themselves in a very difficult position. These could have catastrophic consequences.
Below is an example that included personal information of the recipient. These details have been removed from security reasons. However, this email (which passed every check through a company’s infrastructure) is very dangerous for an employee’s life and should not be ignored.
This article contains security precautions that may require the editing of email addresses and bitcoin addresses.
Subject: How to Save Yourself
Check out this article WarnYou should take care of it as it could be the end of your life.
Envious people are naturally curious. People (your contestant) paid me 30,000 Pound Sterling to put your head on a stick because of the success of your business.
Although it isn’t the first time I’ve done such work, I’m tired of being envious. Your life will be my last. It’s up to your decision.
Normal circumstances would have me do the work I was paid and not go into details. But I am going on a long-awaited vacation.
This problem can be solved in two ways.
Accept or reject my proposal
For safe guarding your life, you pay me 5 000 GBP. You also receive all information about the customer you contact to the police. This will help you save your own life and that of your family members.
The second option is to ignore my offer and call the police. However you will only delay your judgement day.
You will fear every rustle and walk around thinking you are being persecuted.
You can choose to live such a life. But if you were me, I would think very well.
Tickets to England have been taken for July **, and you have exactly 3 days to transfer money to an anonymous account bitcoin 1QJNjRmon3iD3RwdjaGomFLHs25B******.
I can check the last time receipt of money before the flight to you, on the **th
If you are awarded a reward, I won’t come and take your life. But, I will pass on all information about your customer to them (Let the bastards have what they deserve). This will allow you to protect yourself.
Your future health and well-being depend on your choices.
Think about your life, you family.
All the will of Allah
END OF EMAIL ONE
Except for the recipients details and Bitcoin account numbers, the email above is uneditable. The email clearly shows the threat to the recipient’s health. Although some recipients may simply ignore such emails, others will become very concerned and take action. Some recipients will simply pay the required money and not think twice about it. Imagine that an employee who is a key member of the team received the email and believed everything in it. The employee’s downfall could be severe. This email could endanger the life of the recipient and may mention their family, etc.
You will notice that the spelling in this example is not correct for English. However, it is clearly visible in the content. And the writer implies that the email is the “will of Allah”. It is unlikely. The email address of the recipient indicated that the user was in England.
The email above passed many checks in the infrastructure of the receiving company. It’s not difficult to tell if you have tech skills, but many email users don’t. If you are a small SME, things can happen that could potentially have very serious consequences on your business, even though it was not directed at an employee. If you aren’t tech-savvy or a company owner, will you believe what I just said? You can send money. Many will and that ‘feeds the criminals’ for millions of pounds, or in this instance $US.
The above example uses Bitcoin becauseBitcoin cannot be traced back to the ultimate recipient. This is a serious flaw in cryptocurrency currency. Regardless of the fact that some people think it’s an easy way make money, you should not have anything to do with it. Bitcoin is used all the time by criminals.
Although you might not believe this email, it is possible that you could believe it if it was sent to you. However, the following example is likely to be true because it contains information only you know!
HERE IS A VERBATIM PHOTO:
From: “Gloriana Feany”
Subject: (HERE WAS EACH USER’S NAME AND PASSWORD.
I know ****** is your password. Let’s get straight to the point. Although you may not be familiar with me, you might be wondering why you received this email. You haven’t paid me to check your email.
In fact, I installed malware on the X videos website (porn content). And you know what? You came to this site for fun. Your web browser opened as a RDP, which has a keylogger. This gave me access your display and webcam. The software program collected all of your contacts from Messenger, social media networks, and your emailaccount. Then I made a video. The first part displays your video (you’ve got a great taste hehe), while part 2 displays the recording of the web camera.
There are two options. Let’s take a closer look at each of these options:
You can also choose to ignore this message. I will most likely send you your own video clip to all of your contacts. Imagine the humiliation that you will experience. How will this affect you if you’re in a committed relationship?
The next option should be to donate $3000. It will be called a donation. In such a scenario, I will remove your videotape quickly. You will live your normal life as if nothing happened, and you won’t hear from me again.
You will pay the Bitcoin amount (if you don’t know how to do this search Google search engine for “how can I buy bitcoin”.
BTC Address: 18PvdmxemjDkNxHF3p3Fu9wkaAZ********[CASE sensitive, copy & paste it]
This e-mail cannot be traced back. I have explained my actions. I don’t want to charge you too much, but I do wish to be rewarded. I have a unique pixel in my e-mail and I can see that you have read this email. You have one hour to pay. I will send your video, including to your family members and colleagues, if I don’t receive the BitCoins. I will also erase the recording as soon as I receive payment. If you want to provide evidence, please reply “Yup!” Then I will send your video to 7 of your friends. This is the non-negotiable offer, and thus please do not waste my personal time & yours by responding to this e mail.
END OF EXAMPLE TWO:
This is a completely different threat. The recipient opened this email because of many reasons. However, the password given was only about 80%. It is reasonable to assume that the perpetrator knew all the passwords. This email could be considered a factual document. It’s credibility is enhanced by the addition of the password to the threat.
Imagine owning an SME business that could be larger. However, the threat required more money. The email had been viewed by the recipient. People do. It could be considered possible, or even likely that the victim might pay the criminal through Bitcoin. Bitcoin is again a problem.
This second email example shows that the email passed all company checks and tests. These are serious threats to business and individuals.
Now think about this: how did the perpetrator gain the password for the victim? It was an older password, but it was still valid. The perpetrator suggested keylogging on a site that is known for pornographic videos and images. The perp most likely did not get the details from that site.
When reading about companies like Facebook, TalkTalk, Dixons Carphone Warehouse, Equifax, Adobe, AOL, Apple, AT&T, British Airways, Mastercard and Visa, Compass Bank, Dominos Pizza, DVLA UK, Dropbox, Kmart, Hewlett Packard, eBay, Experian, Trump Hotels, Gmail, Vodaphone, Walmart, Morgan Stanley, NHS, Ofcom, SnapChat, Adidas, Macys, Sony Pictures (and the list goes on) is it really no wonder that most personal details of importance (even financially) of individuals and businesses are all over the internet. This Wikipedia article about data breaches is very concerning as it includes all information that can be bought online. Perhaps the dramatic fall in Facebook’s share price could be the beginning of a mass exodus. But Facebook is only one of many companies that has failed you by not properly protecting your data, as the above list clearly illustrates.
It’s clear why GDPR is law. Other countries will continue passing GDPR legislation as needed. I want to thank all of these companies and others for creating this bizarre situation which could spell doom for the internet today.
It is time to retroactively fine every company that was involved in the dissemination of personal data. Do these companies feel any less guilty now? Many companies don’t understand that large fines can be costly. They are awakened by price reductions.
Kaspersky’s latest internet security software includes software that prevents key loggers from recording your data as you type.
This article also covers fraud involving a company receiving an email proforma invoice from one of its regular suppliers. One day, the finance department received a pro forma invoice. This invoice needed to paid immediately. The invoice and the email address looked very ordinary. The sender company informed finance that they had recently switched banks. They also indicated that the invoice contained the updated information. Finance paid the £60,000+ ( $US 80,000) invoice.
The only problem with the invoice was that it was fake. The email address didn’t read correctly unless one looked closely (instead of wonderfulIt was.com wonderfull.com was a fictional example that illustrates the method used. The recipient in the finance department then saw and read the same information they are used to. The question is how did the perpetrators obtain all the information about invoice format, suppliers details, email addresses, etc.? This is food for thought. It can be very easy to scam your business.
The underlying email systems are inexplicably not fit for purpose, and have not been for some years. The scammer sent mail to’mail.bg’ in the first instance, while the second (even more alarming) came from ‘outlook.com. The sending email addresses can be’replaced with any email address’, but these two emails looked real. In fact, one of the perps used Google to show how to use Bitcoin to make payment. Many large companies offer a service, but their email servers and systems allow them to send out threatening emails to users. Perhaps it is time to push these large companies (outlook.com/gmail.com and others) to properly filter their emails and the senders before they can cause severe harm.
There are many other scams that can be perpetrated through the use of an old email system and related technologies.
Network Systems is one company that has experienced many of these internet-related problems and offers a Cybercrime Service to SME’s. It helps create a safe environment and support for employees and businesses while they are working on the internet.
This article should make you think about what you can do to protect your employees and company. It is better to use specialist companies than just trying to find solutions for problems that have not been dealt with before. This could save your company.