We are a lucky generation witnessing the golden age of technology. The internet, smartphones, modern computers and technologies have made our lives easier and our work more productive. Unfortunately, criminals have learned to take advantage of modern technologies as well – filling the internet with malware and numerous scams. In this guide, we will list the common types of online threats, understand how they work and learn how to protect yourself, your company and your staff from them.
Famous Cyber Attacks: Stats and Facts
Cybercrime is flourishing today. According to Purplesec, a US-based security firm, the number of malware infections has increased by 2,700% in the last 10 years. macOS and mobile devices lead the trend with an over 50% increase in the number of malware variants in 2018 alone. Most of these attacks and viruses are small scale and the damage they cause does not even compare to the “legendary” ones we have listed here.
The Recent Biggest Malware and Ransomware Attacks
When the internet almost broke for 1 hour: in 2002, a DDoS attack, designed to overwhelm systems, hit 13 servers that were a crucial part of the internet infrastructure. The attack lasted for 1 hours only, but it was enough for the US Government to classify it as the largest in history.
When a 15-year-old caused $1 billion dollars in damages: this attack happened in 2000. A Canadian teenager unleashed an attack on major websites including CNN, eBay, Amazon, and Yahoo. Being, again, a DDoS attack, severely overloaded the websites and services of these giants – causing around $1.2 billion in damages as estimated by experts.
When Petya, allegedly designed against Ukrainian targets spread worldwide: Petya belongs to the type of malware called ransomware. This virus encrypts all the data in the victim’s computer and demands a ransom, usually as Bitcoin payments, to unlock the data. When discovered in 2017, it had already caused more than $10 billion in damages. The origin and intended target of Petya is debatable and some experts allege Petya to be politically motivated.
When another ransomware, WannaCry, took advantage of Windows OS vulnerability and caused hundreds of millions in damages: WannaCry is also ransomware. Unlike Petya, it did not have any specific targets or motivations. WannaCry exploited a vulnerability in the Windows operating system which is installed on 75% of the world’s desktop computers. Thus, it spread quickly worldwide and caused considerable damage.
Types of Scams
Although there is a wide variety of cyber crimes and online scams roaming on the internet, there are only a few types that are widespread and common to encounter. Let us list the most common ones and explain how they work.
Beware of Famous Phishing Scams
Phishing refers to the cases when criminals mask themselves as legit organisations or companies to get sensitive data from victims. Criminals will usually try to steal login credentials or bank/credit card information from unsuspecting users. Some of the well-known phishing scams are:
- deactivation scares: when people receive emails telling them that their account will deactivate unless they follow a link attached and fill in their login and password information in a form.
- Imitation websites: pages or even whole sites that are accurate copies of the original. Sometimes it takes a keen eye to understand that you are not really shopping on your favourite e-commerce platform and the credit card you are about to attach will be stolen.
- Advance fee frauds: when you receive an email congratulating you for winning a lottery or another prize, but you need to pay a fee to receive it.
Text messages and SMS are also popular media for cyber scams. Two of the most common ways to deceive you with SMS are:
- Sending a message as if they were someone you knew, telling them that they are in trouble and asking to send them money.
- Presenting themselves as a well-known delivery company, telling that you have a package to claim and asking you to pay the shipping fee.
Protecting yourself from phishing scams is relatively easy.
- Check the domain in the URL: legitimate URL will include the full name of the website/service (e.g. amazon.com). If the domain name looks suspicious (e.g. free-gifts-amazon.com), this could be a scam.
- Check the sender email address: again, if the domain is suspicious, consider it a red flag.
- Check the sender phone number: one of the simple ways to do so is to use a phone number finder online and see who or which company owns the phone number from which you received the message.
Small Business Scams
Small businesses and individual entrepreneurs are among the most affected by cyber scams. Criminals will use the techniques described above to pose as your insurance company, supplier, or bank to lure you into their websites and get information that they can later use to take over your bank accounts or pose as your company.
Banking, Credit Card and Online Account Scams
Accidentally giving away credit card details is easy. All scammers need is your credit card number and the CVC/CVV code on the backside of your card. However, protecting from this is easy as well. Many banks allow turning on 2-factor-authentication on cards. When turned on, the bank will send you an SMS with a confirmation code each time you make a purchase online. You can also call your bank and ask them to temporarily block your credit card.
How to Prevent Cyber Attacks on Your Company
With the popularity of cyberattacks and online scams, it is crucial for businesses to implement steps to protect their staff and business from digital threats. Security researchers recommend implementing the following as a minimum:
- Encrypting and backing up sensitive company data.
- Conducting regular security audits.
- Installing proper security software on all company servers and computers.
- Ensuring that staff uses secure passwords.
How to Help Employees be Secured Online
The steps listed above are only the first part of a proper security-first policy in your company. The second part will be to work with and educate your team on online security. In particular, start with:
- Conducting regular training sessions on ongoing security threats and popular scams.
- Teaching them about phishing protection methods, such as the phone number search.
We have seen a rise in cybercrime during recent years, but the primary methods of protection are quite easy to learn. It is important for both companies and individuals to constantly read and learn about cybersecurity. We hope our guide helped you learn something new and feel more protected online. Stay safe, stay protected.
Ben is a Web Operations Executive at InfoTracer who takes a wide view from the whole system. He authors guides on entire security posture, both physical and cyber. Enjoys sharing the best practices and does it the right way!