fbpx
Search
Close this search box.

Common Cyber Scams

Unread mail notification icon.
Unread mail notification icon.

The risks organizations face from cyber threats are at epidemic levels. The threats are sophisticated, attack your weakest links (your employees) and are continuing to evolve at an alarming rate. Here are some of the most effective cyber scams Corsica Technologies sees facing organizations today.

Email Account Compromise

Email account compromise is on the rise, primarily because of the ubiquitous nature of email communication and the volume of sensitive information that continues to be shared within. From new account credentials to money transfer information, email is an easy target for hackers. Account compromise typically happens when an employee is tricked into providing credentials through a malicious link, or an attachment that installs a keylogger (malware that steals your credentials).

Once the bad actors have your credentials, we are seeing them access your email account and set up rules to forward and/or delete your incoming email. They immediately start spamming your contacts with a similar malicious email to steal their credentials.

Not only are you compromising any confidential/private email in your inbox, but you are also jeopardizing your friends, family and business contacts… and made to look foolish at the same time.

In cases where the account compromised belongs to an administrator, the bad actors will attempt to hijack your network, email server and/or your cloud tenant. These extreme cases cause much more severe business interruption when the bad actors change all of your passwords, lock out your employees and use your resources for their own gain.

Lay in Wait

Closely following email account compromise are attacks where the bad actors realize you are a valuable target. In several cases, we have seen accounting, financial and legal organizations be the victim of financial fraud when a bad actor compromised an account, noticed the nature of the business, then simply wait for the right time to pounce.

As soon as an employee communicates financial transaction information (by email), the bad actor intercepts the email, substitutes their own financial information, and intercepts the transaction.

Drive-By Downloads

Several vulnerabilities exist that are associated with internet browsers involving unsafe plug-ins to saved passwords, allow malicious sites to cull information and/or inject malware onto your systems. These vulnerabilities, when paired with loose (to nonexistent) web browsing restrictions in your office, allow bad actors to take advantage of your weakest link, your employees.

Unsafe Mobile Practices

Given the ubiquitous nature of mobile devices and the wealth of information stored on them, it should be no surprise that they are prime targets for bad actors to steal your information. From malicious apps that allow unrestricted control of your mobile device to unsecured data and devices to unsafe wireless habits, mobile devices are an easy target.

Most users are unaware of the ease in which a bad actor can set up “free” wireless networks that watch every byte of traffic that passes over it. Any credentials, private information or corporate secrets are instantly exposed without the user suspecting a thing.

Phishing

Phishing continues to be the greatest threat to organizations because it attacks your weakest link, your employees. Phishing emails have achieved a level of artistry in effectively teasing and taunting our employees to click on a malicious link or open a malicious attachment. Research confirms the bad actors understand human behavior and know when to catch people off-guard, and which emails are most likely to encourage someone to drop their defenses to execute their malicious payload.

Research also shows that security awareness training programs are effective in modifying user behavior, surprisingly many businesses are still not taking advantage of this low cost, highly effective, risk-reducing measure.

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

EDI in the supply chain - Corsica Technologies

Supply Chain EDI: What You Need To Know

EDI is the backbone of the supply chain. Without this technology, trading partners would have to rely on email, phone, or snail mail (gasp) to exchange business-critical documents. But EDI is complicated. There’s a lot to know, and it’s easy

Read more
Unlimited IT Support Services - Corsica Technologies

The End Of Metered Billing In Technology Services

Let’s be honest. When it comes to technology services, something is broken. Customers aren’t getting the consistency, responsiveness, and cost transparency they deserve. Meanwhile, MSPs (managed IT service providers) promise the moon with “all-in” pricing, yet they still allow tons

Read more
CPCSC - Canadian Program for Cyber Security Certification - Corsica Technologies

CPCSC For Canadian Defense Contractors: What We Know Today

With cybersecurity threats evolving rapidly, governments are taking steps to protect sensitive but unclassified information that they must share with their suppliers. This is a critical undertaking, as hackers can use sensitive information to inform their strategies—plus they can execute

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.