Avoid Scammers
Keeping yourself, your business & your customers safe online
Do you know how to identify a phishing email? The tell-tale signs of an online scam?
In recent years, cybercrime has become increasingly sophisticated and successful. New Zealanders lost $33 million to online scams and fraud in 2018 - triple the amount that was stolen in 2017.
We have attended several seminars recently about cybersecurity and we wish to pass on some of the key learnings as a reminder to our clients.
Be aware of scammers
It is important to be aware of how scammers look for a way in. It might be via hacked email accounts, which are then used to send out fraudulent invoices that look just like the real thing, but with a fraudulent payment bank account number. Or through a phishing email, to gain access to information like usernames and passwords, credit card details, and bank account numbers. These sophisticated scams may even send a bogus invoice email containing links and attachments that deliver malicious software to your computer, such as ransomware, password stealers, or remote access tools (RATs) to take control of your desktop.
Another scam to be aware of is that of account takeovers, where businesses have sensitive customer information stolen because their system is accessed following the theft of their login credentials (username and password). This information is sometimes obtained by hackers using phishing, malware or taking login credentials stolen from one website and testing them against other websites to see if they work there too. This is called 'credentials stuffing'.
The following are some informative tips worth sharing from a BNZ seminar.
How to detect online fraud
Common signs that could help you identify an online scam:
You receive an email from a bank you don't bank with.
You are asked to provide your personal information via an email or on a website.
You are asked to provide your confidential bank information, such as your credit card number, PIN, and expiry date.
The text of the email or message is full of grammar and spelling mistakes.
You receive an unexpected email from someone you don't know, or from a reputable company using a public service domain, such as Hotmail or Gmail.
You are asked to send money through untraceable agencies.
The deal(s) are too good to be true and/or the sender gives promise of money for little or no effort.
The story and/or deal(s) doesn't 'add' up or make sense.
You are told you have won a competition that you never entered.
You get a quick response to your reply, and they answer questions you never asked.
Urgent requests: Any kind of urgency, request for personal information, or mention of unexpected financial payments
Unusual behaviours: You receive emails from a person you know, but they're asking for financial payments.
Advice for staying safe online
Here are some simple, easy-to-implement tips for better protection:
Always use strong, unique passwords for each site or service you log in to, and never share passwords. Having a unique password helps prevent a compromise of one login becoming a compromise of many. Password-safe software can help you manage your multiple logins.
Use two-factor or multi-factor authentication wherever this is available. This is particularly important for your email account, which is usually the means to reset your passwords for other sites.
Update anti-malware (anti-virus, anti-spyware) software. It is one of the easiest and most effective things you can do to protect yourself.
Keep all of your software up to date with security patches.
Make sure your data is backed up regularly, and backup copies are kept separate to the source systems.
If you receive emails from a person you know, but they're asking for financial payments, always call that person first to verify that the email is from them.