KT Connections Blog

By accepting you will be accessing a service provided by a third-party external to https://ktconnections.com/

Cybercriminals are Targeting Rapid City Businesses with This Attack

Cybercriminals are Targeting Rapid City Businesses with This Attack

When talking to smaller Rapid City business owners about their IT security, we often get asked a question like this “My business is only operating on a local scale - I cover Rapid City, Hot Springs, and Spearfish, but I’m such a small blip on the radar...why would hackers target my business?”

I get variations of this question pretty often - are hackers really looking for targets like me, or why not a bigger firm out of Minneapolis? The truth is, small businesses can be easy targets, especially for this new attack.

At KT Connections, we are seeing a significant rise in reported phishing attacks from clients, prospects, and local businesses throughout the Rapid City area. In fact, it has become such an issue of concern that Attorney General Ravnsborg issued a press release cautioning against coronavirus-related phishing scams.

What is a Phishing Attack

Phishing attacks are nothing new, but they’ve become more commonplace over the years and have even increased due to concerns over the coronavirus. They consist of an email that looks legitimate, but is asking you to login to a website or provide some form of sensitive information. This is usually a login to an account like Google, PayPal, Amazon, or Outlook, but some attacks simply request payments or financial information. We’ll get to some more examples shortly.

These emails look real, often displaying the logo of the account in question. They often have links to a login page that looks legitimate too. The problem is that when a user fills out this bogus login page, their credentials are sent to the cybercriminal to use however they wish. It’s extremely easy to fall for something like this, because they tend to look very legitimate.

Phishing attacks have become such a huge problem because of how frequently they work in the favor of the cybercriminal. That’s why they are so dangerous to businesses.

Here is an example of a real phishing attack:

In this example, the email appears like something you’d actually get from PayPal. 

Nothing in the email itself is dangerous. The email wasn’t picked up as spam and it didn’t cause antivirus to alert on it.  There are no malicious attachments or anything from first glance that is going to raise any alarms.

The problem lies with the login and Resolution Center links. You can’t tell by looking at the email, but instead of linking to an official page on the PayPal site, they link to fake pages that are designed to look like PayPal’s official site. 

Antivirus and Other Security Measures Don’t Prevent This From Hurting Your Business

Antivirus, anti-malware, firewalls, email encryption, spam protection, data backup, and centralized user and device policies are all incredibly important pieces of a network’s security infrastructure. In fact, most of them are generally a requirement to ensure that your business isn’t constantly dealing with problems and threats, and depending on your industry (such as medical and legal) and where you do business, they might even be hard requirements to meet certain compliance standards.

That said, some phishing attacks can sneak around these security solutions. Like I pointed out earlier, nothing about the email itself seems dangerous other than the links. While most modern spam blockers will usually catch a lot of phishing attacks, they can’t be guaranteed to catch them all making this type of attack all the more dangerous.

Other Examples of Phishing Attacks

The PayPal example above was just one of countless methods cybercriminals use to attack individuals. Here are some other common types of phishing attacks:

  • Urgent Password Requests - An email comes in demanding that you change a password on your account due to suspicious activity.
  • Urgent Account Notifications - Similar to the above attack, but it might not revolve around a password - maybe something is pending in your bank account or you need to agree to something or else you’ll lose access to an account or lose money. The point is, these attacks try to disarm you by telling you how urgent your action should be.
  • Spear Phishing - These attacks look like they are from a known or trusted contact to try to get you to share confidential information.
  • Whaling - Also known as CEO fraud, this type of attack spoofs the email so it looks like it comes from a boss or manager, urgently requesting sensitive information or authorizing the transfer of money. HR and billing departments especially need to look out for this one.

How to Spot a Phishing Attack

  1. Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from PayPal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between ‘paypal’ and the ‘.com’ then something is suspicious. There should also be a forward slash (/) after the .com. If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
    • a. paypal.com - Safe
    • b. paypal.com/activatecard - Safe
    • c. business.paypal.com - Safe
    • d. business.paypal.com/retail - Safe
    • e. paypal.com.activatecard.net - Suspicious! (notice the dot immediately after PayPal’s domain name)
    • f. paypal.com.activatecard.net/secure - Suspicious!
    • g. paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!
  2. Check the email in the header. An email from Amazon wouldn’t come in as noreply@amazn.com. Do a quick Google search for the email address to see if it is legitimate.
  3. Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.
  4. Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious. 

Additionally, here are 5 giveaways to help you recognize if you’re being baited. We encourage Rapid City business owners to take these instructions and share them with employees. It even helps to plan a staff meeting to go over them, just to reinforce their importance. In other words, cybersecurity training must be a priority. If you don’t think training your employees is important, remember most hacks don’t occur because someone broke into your system, it’s usually because someone let them in; usually via social engineering schemes.

Employees are being targeted more than ever, and these attacks are very convincing - enough so that even the most technologically-fluent could fall victim. Always be vigilant, and if something seems overly urgent or a little off, take extra time to scrutinize it.

If your business is dealing with a lot of spam and unwanted email, KT Connections is here to help. We can help reduce the amount of junk mail that you get, and help your business deploy defensive cybersecurity measures to help reduce the risks of online threats. Give us a call at 605-341-3873 to get started today.

Technology of the Future of Business
Solid Inventory Management Starts for Under $100