Cybersecurity threats getting less easy to ignore

As the newly commissioned USS Detroit sits on the edge of the Detroit River preparing to offer a limited run of tours to the public, a luncheon discussion begins inside the Detroit Marriott about other types of security measures.

Nation-states — such as China, Russia, Iran, North Korea — are more aggressive in cyberattacks. The fraudsters have upped their game beyond the once easy-to-spot spam e-mails filled with bad grammar and spelling mistakes. Cybersecurity threats are growing more ominous for individuals, small-business owners and large corporations.

"In their mind, you're low-hanging fruit," said George Smirnoff III, senior vice president and chief information security officer for Comerica Bank.

"As executives, guess what? You're all targets."

Smirnoff, who is based in Auburn Hills, Mich., was speaking to a group of the bank's customers, including many small business owners. A scam dubbed the business e-mail compromise involves impersonating the company's CEO or other top managers to initiate an international wire transfer.

Smirnoff noted that cybercriminals are spoofing e-mails to make them look legitimate and, in some cases, claiming that a new vendor must be paid right away.

The spear-phishing attacks are very targeted toward specific individuals in the company who may handle the bills or wire money.

In some cases, the fake e-mails might be timed to be sent when the actual business owner claims he or she cannot be reached now because they're traveling on business. The Federal Bureau of Investigation has noted that some of the scammers are believed to be members of organized crime groups from Africa, Eastern Europe and the Middle East.

A sophisticated phishing e-mail can bypass filters and anti-virus programs. Experts note even up-to-date, anti-virus software won't do much good if consumers or employees carelessly download e-mail attachments.

"These e-mails are getting very tricky," Smirnoff said.

October is National Cyber Security Awareness Month — a campaign that's headed by the federal Department of Homeland Security to raise awareness on how to protect our personal information and combat fraud.

But this October, the public cannot help but be hyper aware of hackers after all the news about stolen e-mails out of the Hillary Clinton presidential campaign. We've even heard reports that hackers have targeted the voter registration systems of more than 20 states in recent months.

We're likely to face phishing scams both at work and at home that try to trick us into disclosing personal information.

"The e-mail can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business," warned the American Bankers Association.

People, of course, are driven to panic — and they wrongly click on links or open attachments — because the scammers make them think they must act immediately.

As often as we've heard about scams, consumers overall still don't have enough education when it comes to cyber threats, Smirnoff said. And the hackers are increasingly sophisticated.

Some ways to arm yourself:

1) Created a "coMplic@t3d" password.

A strong password ideally has 12 characters in length and includes a mix of upper and lower cases for letters, as well as numbers and special characters, such as the @#.

Don't reuse a password.

It's too easy, of course, to think that we lack any control when it comes to security breaches. Experts, including Smirnoff, say a strong password remains a good defense.

Make sure to have the latest security software, Web browser and operating systems. The American Bankers Association suggests that consumers turn on automatic updates so that they receive the newest fixes as they become available.

2) Be vigilant — and recognize that cybercrime pays.

"Cybercrime has turned into a marketplace itself on the Dark Web," Smirnoff said.

Some crooks specialize in crafting realistic-looking e-mails; others are experts at making fake websites look like the real deal. Others know how to unload databases to other crooks.

Your personal information has great value to crooks when it comes to opening bogus accounts or filing fake tax returns to generate lucrative refunds.

So you'd want to shred bank statements and unused credit card offers before throwing anything away. Use caution downloading apps, especially from senders you don't know, too.

3) Be skeptical when you get an e-mail from a CEO, your bank or even a favorite retailer.

Remember, a bank isn't going to ask you to confirm your Social Security number or account number — or ask for your password — via e-mail or a text.

Stop before making a move, and contact your bank directly. You can spot a phone number on your credit card or take time to find an old statement to look up the number.

Banks and small-business owners aren't the only ones being targeted by cyberattacks, of course.

Retailers suffered 43% of the phishing attacks in the second quarter of 2016, according to the Anti-Phishing Working Group's latest report. The APWG is a not-for-profit industry and international affairs association focused on eliminating the identity theft and fraud.

"They're really attacking the retailer's brand," said Peter Cassidy, secretary general for the APWG.

Cassidy said consumers can receive an e-mail that is designed to look like it's coming from the legitimate retailer — and then the consumer is enticed to click on a link.

"There's a special offer waiting for you or there's a security issue," Cassidy said.

After the consumer quickly takes action, the scammers may install keyloggers — a  software program designed to secretly monitor and log all keystrokes — that can steal access to your login information or credit card information.

Once the con artists have access, they move quickly to use your credit card or sell your credit card information on the underground Internet marketplace.

"And they can order things and have them delivered to places they can control," Cassidy said.

In some cases, he said, scammers have loaded up on expensive cosmetics that can be easier to unload on the black market.

His best advice: "It really gets down to think twice, think three times and then have lunch."

"Most of the time, if you give it a little time, you realize how ridiculous the story is that you're being handed," Cassidy said.

USA TODAY


JOIN THE CONVERSATION

To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment