Cyber Security is a hot topic right now, with cybercrime more prevalent than ever before. In this edition of get.support/update, we’ll take a brief look at a few of the threats facing businesses and computer users today.
Most businesses do not have adequate processes in place to guard against the most common scams. It is commonplace for computer users to have insecure passwords, with many passwords reused across multiple websites.
One of the hottest scams right now is money being stolen from consumers and businesses when they pay their suppliers. In the days before a payment is due, the customer receives an email appearing to be from the supplier they’re scheduled to pay.
The email explains a plausible reason why the supplier’s bank details have changed. It seeks to convince the customer that they must use the new bank details and make the payment without delay.
The customer follows the instructions, makes payment and then finds out that the email was a scam from a cybercriminal and that they have just sent the money to the wrong account.
Any change of bank details from a supplier should be followed up with a phone call, to a number you know to be genuine – don’t call the number in the email. Check that the change is legitimate before sending your cash off to somewhere new.
The scammers often start by hacking into the supplier’s email. Frequently this is achieved by sending an email phishing for a user’s password. The email appears to be from the user’s email provider, explaining that there’s a problem that they need to log in and fix. It links through to a webpage that looks like the regular signin page, but is in fact, fraudulent and on the cybercriminal’s servers. The user then enters their username and password – handing over the keys to their email.
First – never follow a link in an email and then enter a username and password. Always go to the login page at an address that you know is genuine.
Second – passwords are not secure enough on their own. Enable multi-factor authentication (MFA), which requires not only a username & password but also a code generated from an app on your phone or another device. MFA makes it much harder for someone to gain access to your computer systems. We will cover this in a future blog posting, in the meantime, feel free to contact us for further information.
Third – make Make sure you use unique passwords for every website. Never use the same password or variations of the same password on more than one system. We cover passwords in our blog post Secure Your Password, and we’ll tell you about password managers designed to make remembering your unique passwords easy.