Cybersecurity | IT Protection | Attack Vectors
The inventiveness of criminals is limitless. In our new series, we present how creative cybercriminals become to access company information. In our first part, you will find three tricks that you should not fall for.
They are often distributed to companies as promotional gifts. Occasionally, there is even a lost specimen on the way to the office. Who wouldn’t be happy about a free USB stick? But as soon as careless employees plug the small electronic devices into their work computers, a rude awakening threatens. Because they are not always as harmless as they seem. Criminals like to use the portable storage media to infiltrate malware or espionage programs on company computers. Private devices can also be sources of danger if they have previously been infected with malware. Such a case became famous in 2008 when the use of a private USB stick infected a large part of the computers of the US Department of Defense with spy programs.
Our tip: Do not use external devices and buy your own USB stick from a trusted manufacturer, which you use exclusively for business purposes.
Do you know this? An e-mail from colleagues was mistakenly forwarded. Most of the time, you just click away the troublemaker in your inbox. But if the subject line sounds too tempting, then take a closer look. Resourceful criminals take advantage of this curiosity. Subject lines such as “staff cut”, “salary overview” or even “vacation pictures” arouse curiosity and are popular lures of scam e-mails that are intended to entice employees to click on the attachment or link they contain. Often, the e-mails are designed to be deceptively real: design, name of the sender, salutation and signature correspond to those of the company.
Our tip: Often you can only conclude a fraud attempt by taking a closer look at the e-mail address. Check the address carefully. Is the name correct? Is the email provider correct? Even if you know the email provider you are using – identifiable by the part that follows the @ sign – you should consider whether it is usually used.
In times of upheaval, criminals like to take advantage of the emerging uncertainty. This was also the case during the entry into force of the European General Data Protection Regulation (EU GDPR). Personal and business e-mail inboxes were flooded with requests to agree to new privacy policies and to re-enter some of the data – often accompanied by the note that certain services were no longer available without consent. Criminals have cleverly exploited the confusion surrounding the EU GDPR to place their scam emails.
Our tip: Again, take a close look at the sender’s email addresses. If in doubt, do not open an attachment or click on any links it contains. Find out the sender’s phone number on the official website and find out if the email is actually from them.
