By accepting you will be accessing a service provided by a third-party external to https://ktconnections.com/
When talking to smaller Rapid City business owners about their IT security, we often get asked a question like this “My business is only operating on a local scale - I cover Rapid City, Hot Springs, and Spearfish, but I’m such a small blip on the radar...why would hackers target my business?”
I get variations of this question pretty often - are hackers really looking for targets like me, or why not a bigger firm out of Minneapolis? The truth is, small businesses can be easy targets, especially for this new attack.
At KT Connections, we are seeing a significant rise in reported phishing attacks from clients, prospects, and local businesses throughout the Rapid City area. In fact, it has become such an issue of concern that Attorney General Ravnsborg issued a press release cautioning against coronavirus-related phishing scams.
Phishing attacks are nothing new, but they’ve become more commonplace over the years and have even increased due to concerns over the coronavirus. They consist of an email that looks legitimate, but is asking you to login to a website or provide some form of sensitive information. This is usually a login to an account like Google, PayPal, Amazon, or Outlook, but some attacks simply request payments or financial information. We’ll get to some more examples shortly.
These emails look real, often displaying the logo of the account in question. They often have links to a login page that looks legitimate too. The problem is that when a user fills out this bogus login page, their credentials are sent to the cybercriminal to use however they wish. It’s extremely easy to fall for something like this, because they tend to look very legitimate.
Phishing attacks have become such a huge problem because of how frequently they work in the favor of the cybercriminal. That’s why they are so dangerous to businesses.
Here is an example of a real phishing attack:
In this example, the email appears like something you’d actually get from PayPal.
Nothing in the email itself is dangerous. The email wasn’t picked up as spam and it didn’t cause antivirus to alert on it. There are no malicious attachments or anything from first glance that is going to raise any alarms.
The problem lies with the login and Resolution Center links. You can’t tell by looking at the email, but instead of linking to an official page on the PayPal site, they link to fake pages that are designed to look like PayPal’s official site.
Antivirus, anti-malware, firewalls, email encryption, spam protection, data backup, and centralized user and device policies are all incredibly important pieces of a network’s security infrastructure. In fact, most of them are generally a requirement to ensure that your business isn’t constantly dealing with problems and threats, and depending on your industry (such as medical and legal) and where you do business, they might even be hard requirements to meet certain compliance standards.
That said, some phishing attacks can sneak around these security solutions. Like I pointed out earlier, nothing about the email itself seems dangerous other than the links. While most modern spam blockers will usually catch a lot of phishing attacks, they can’t be guaranteed to catch them all making this type of attack all the more dangerous.
The PayPal example above was just one of countless methods cybercriminals use to attack individuals. Here are some other common types of phishing attacks:
Additionally, here are 5 giveaways to help you recognize if you’re being baited. We encourage Rapid City business owners to take these instructions and share them with employees. It even helps to plan a staff meeting to go over them, just to reinforce their importance. In other words, cybersecurity training must be a priority. If you don’t think training your employees is important, remember most hacks don’t occur because someone broke into your system, it’s usually because someone let them in; usually via social engineering schemes.
Employees are being targeted more than ever, and these attacks are very convincing - enough so that even the most technologically-fluent could fall victim. Always be vigilant, and if something seems overly urgent or a little off, take extra time to scrutinize it.
If your business is dealing with a lot of spam and unwanted email, KT Connections is here to help. We can help reduce the amount of junk mail that you get, and help your business deploy defensive cybersecurity measures to help reduce the risks of online threats. Give us a call at 605-341-3873 to get started today.