Common tricks cybercriminals use to breach businesses

Share on facebook
Share on twitter
Share on linkedin
Share on email

What is the thing you want most in the world? A vacation? A sizeable tax return? Whatever it might be, you can be certain that somebody is using it to scam people out of money.

The good news is that many scammers are lazy and they’ll use scams and methods that have existed for years and that makes them easier to spot.

When you get a scam email the goal is for you to click on a link or open an attachment that will likely lead you down a path where you are breached or worse.

For a business this can spell disaster which is why Kaspersky has shared some valuable information with us regarding the types of bait scammers use in a bid to get you to click or download something you probably shouldn’t.

Tax notices

Ahhh yes, the risk of angering the tax collector.

In truth, these seems like a good scam on the surface because who is going to question the tax collector? You, that’s who.

We say this because scammers use notices from tax services to prompt you to download a file which claims to be a form or click a link to go to a website. What makes these scams so scary is the fact that many people wouldn’t question the source of the email and will unknowingly let a cybercriminal in through the front door without knowing it.

Our advice, should you get an email like this is to head directly to the SARS website without clicking links or downloading files in those sorts of emails.

Even better is to contact SARS directly for advice.

Payment pending

Another popular scam is the “payment still pending” scam. In our personal capacity we’ve seen this scam for services such as Netflix and Amazon Prime.

These scams play on the assumption that sometimes payments fail.

With regards to this scam, contact the person or firm you’re paying directly and ask whether payment has failed.

The “install security certificate” scam

Of all the scams on this list this is the perhaps the one most people should be aware of.

With so many companies transitioning to a work from home model, you might receive an email from your IT team urging you to download and install a security certificate.

This should set off immediate alarm bells because if your IT is asking you to install something they are either trying to scam you or you need to have a serious conversation with IT about how it deploys software.

As a rule of thumb, we always assume the answer is, a scammer is trying their luck.

With that in mind, never install anything on a work PC without speaking to IT first, even if you get an email from IT.

Or else…

So what happens should you fall for a scam like this?

The short answer is malware but that alone doesn’t seem scary enough so let’s elaborate.

Remote access tools can be easily installed and can give an attacker a view of a network such as yours. From here the attacker can install additional malware, siphon of data or even intercept payment.

Once an attacker is between you and the outside world, attacks really do become trivial.

Ransomware is perhaps the scariest bit of malware for a business to encounter. In seconds your data can be encrypted with a wanting digital hand stretched out in wait of payment to decrypt your files.

Of course, there is no guarantee that your files will be decrypted and cybercriminals aren’t exactly a trustworthy bunch for the most part.

While software can help to warn you when you encounter malicious websites or software, the best defence against cybercrime is to known what you are up against.

Be vigilant and treat emails that look like scams as such until you can verify their authenticity.

[Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.