top of page

Evolve Your Communications With 3CX Phone System

Consulting and Contracting

Beginner's Guide to Cyber Fraud

So we keep talking a lot about Cyber Fraud & Cyber Security but you are still confused.  We have put together a beginner's guide to the different types of Cyber Fraud. 

 

Still confused? Contact us now so we can see how we can help. Contact Us Now.

PHISHING

Definition:  the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. 

How does phishing work?

  1. Frequently it is accomplished by using fake email messages that seem to have come from legitimate businesses or government agencies. 

  2. The Subject is created to make you panic and open the links inside the email. 

  3. Once the links are clicked, maleware can be installed onto your computer, this can then spread through to the server and then to everyone's computer connected to the server.
     

What data can be stolen? Product Secrets, R&D data, Customer Credit Card numbers, Employee social security numbers, user names, passwords etc. ​

WHALE PHISHING

Definition:  Whale phishing is a term used to describe a phishing attack that is specifically aimed at wealthy, powerful, or prominent individuals usually C-Level corporate executives, politicians and celebrities. Because of their status, if such a user becomes the victim of a phishing attack he can be considered a “big phish,” or, alternately, a "whale."

How does Whale Phising work?

  1. Happens when an email is sent that looks like it comes from IT requesting a user's user ID and password

  2. The goal is to contact enough employees so that eventually someone will believe they have been contacted by IT and will provide the information requested

  3. Whale Phishing emails and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources. They take on a more official or serious look and are usually targeting someone in particular.

  4. Due to their focused nature, whaling attacks are often harder to detect than standard phishing attacks. 

What data can be stolen? The point is to con someone in upper manager or high profile jobs into divulging confidential company information. This usually comes in the form of a password to a sensitive account, which the attacker can then access to gain more information.

PHARMING

Definition:  the fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.

How does Pharming work?

  1. An Emal A virus or malicious software is secretly loaded onto the victim’s computer and hijacks the web browser.

  2. When the victim types in the address of a legitimate website, he or she is rerouted to a fictitious copy of the website without realizing it.

  3. The most common application of pharming is with online banking. The victim is taken to a website that is the front page of the bank’s website.  When the user ID and password is entered,  the victim is informed that the bank is experiencing technical problems.  If this occurs several times in a row, contact the bank.

  4. When the criminal obtains the user ID and password, it is used to wire transfer all of the victim’s money to an account and is then transferred overseas so it is hard to recover.

What data can be stolen? Usually Pharming collects personal and financial information for use in identity theft.

EMAIL SPOOFING

Definition: is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message.

How does Email Spoofing work?

  1. Commonly used by spammers to hide the origin of an email. 

  2. Spammers will alter different sections of an email so as to disguises the sender as being someone else. Usually the FROM name/address is altered. 

What data can be stolen? Goal is to gain access to systems and obtain information. 

MALWARE

Definition: software that is intended to damage or disable computers and computer systems.

How does Malware work?

  1. Malware such as spyware or ransomware is placed on computers or cell phones to hijack the computers, steal data, or encrypt the data for ransom.

  2. A lot of darknet websites automatically load malware back on your computer.  Most people will not complain about it because they do not want others to know they were on darknet sites.

  3. Can transfer from your computer across the LAN to other computers on the LAN.

  4. CryptoLocker is one example of ransomware.  Files on the computer are encrypted.  The user is given a certain number of hours to pay a fee or all files will be wiped out.  Sometimes when a fee is paid, you get a decryption key, but sometimes the user is asked to pay another fee.

What data can be stolen? ALL DATA! EVERYTHING ON YOUR COMPUTER. IDENTITY THEFT

CELL PHONE SPYWARE

Definition: refers to a situation where an individual's location, messages and conversations are monitored by a third party. Cell phone spying requires the spy to have unrestricted access to the cell phone for long enough to install spy software.

How does Cell Phone Spyware work?

  1. Allows you to listen in to phone calls, track all calls or texts made or received, view all Internet activity, listen to voice messages, gain access to GPS locations. 

  2. NOTE: Spyware is legal.

  3. If the microphone is on, it is possible to listen to conversations.  Can be a problem in business meetings where non-public information may be discussed.   

  4. Old cell phones should be destroyed because data can be obtained from it even if data has been erased from it.

What data can be stolen? Can obtain credit card numbers from the cell phone.  Can create a credit card by buying a device and blank credit cards.  Can access the phone’s GPS and go shop where you shop.

TROJAN HORSE

Definition: a program designed to breach the security of a computer system while ostensibly performing some innocuous function.

How does Trojan Horse work?

  1. A malware program that is disguised as something else.  Users assume it is a beneficial program when it is not.

  2. Could look like an email from Microsoft to beta test new software or something free offered by a company.  When the download occurs, it is malware that can hide on your computer.

  3. Trojan horses are often used to insert spyware onto computers.

What data can be stolen? ALL DATA! EVERYTHING ON YOUR COMPUTER. IDENTITY THEFT

BACKDOORS

Definition: a feature or defect of a computer system that allows surreptitious unauthorized access to data.

How do Backdoors work?

  1. A backdoor is a route into a computer that circumvents the user authentication process and allows hackers open access to the system once it is installed.

  2. If an employee provides their user ID and password, a backdoor can be put in that provides free access to the system.  The hacker can come into the system whenever they want.  To stop them, the backdoor has to be found and deleted.

DATA BREACHES

Definition: A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.

What is a data breach?

  1. Large amounts of information are stolen in a short amount of time.  Examples of data stolen:  credit cards numbers, employee Social Security numbers, bank account information, etc.

  2. 220 million records stolen in 1Q 2014.

  3. Average of 93,000 records stolen every hour.

  4. Up 233% (1Q 2014 over 1Q 2013).

What data can be stolen? Most common data credit card numbers, social security numbers and bank account information. 

STOLEN DATA

What do hackers do with the stolen data?

  1. Stolen user IDs and passwords can sell for $5 to $20 on the darknet.

  2. Stolen credit and debit card numbers can sell from $5 to $100 on the darknet.

  3. Card numbers and user IDs are purchased with BitCoins to make it difficult to trace the funds.

  4. Identity thieves also purchase insurance ID information, driver’s license numbers, and other personal information.

Concerned? Contact us today for help.
Cyber Fraud
bottom of page