LIMA — Lisa Niekamp-Urwin was recognized as a “2022 Women of the Channel Awards” and also listed on the “Registry of Business Excellence.” Her business, Tomorrow’s Technology Today offers expertise in network services, computer service and computer support for small business owners.
Niekamp-Urwin offers suggestions to people to avoid cyber-attacks.
“Ninety-one percent of the cyber-attacks are from people clicking on links and emails. Fifty percent of the people that get phishing attempts actually click on a link. So it really comes down to thinking before they click. You’ve got to do a lot of verification. If you’re expecting something from somebody you know, that’s one thing. But if you’re not expecting something from somebody, they’ll catch you at the oddest moments. It’s amazing, the timing. That’s because they spray and pray,” Niekamp-Urwin said.
Spray and pray simply means to send out a lot of whatever it is you’re sending with as minimal effort as possible, and praying to get the desired results, she said.
Phishing is the attempt of acquiring information such as usernames, passwords, and credit card details directly from users by deceiving the users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose “look” and “feel” are almost identical to the legitimate one. The fake website often asks for personal information, such as log-in details and passwords. This information can then be used to gain access to the individual’s real account on the real website.
Preying on a victim’s trust, phishing can be classified as a form of social engineering. Attackers are using creative ways to gain access to real accounts. A common scam is for attackers to send fake electronic invoices to individuals showing that they recently purchased music, apps, or others, and instructing them to click on a link if the purchases were not authorized.
Social engineering, in the context of computer security, aims to convince a user to disclose secrets such as passwords, card numbers, etc. or grant physical access by, for example, impersonating a senior executive, bank, a contractor, or a customer. This generally involves exploiting people’s trust and relying on their cognitive biases.
NortonLifeLock warns people to practice cyber hygiene. If you set up your computer and other devices with reputable antivirus programs, update them regularly, create strong passwords, and keep everything clean, you’ll be on your way to creating cyber habits that may help keep you safe and secure online.
Setting strong passwords for all of your devices is essential. Your passwords should be unique and complex, containing at least 12 characters along with numbers, symbols, and capital and lowercase letters. Changing your passwords regularly — and never sharing or reusing the same password — will help prevent hackers from figuring them out.
Update your apps, web browsers, and operating systems regularly to ensure you’re working with the latest programs that have eliminated or patched possible glitches.
Niekamp-Urwin advises, “Just be very careful about anything that you click on including links in your emails and verify. Don’t just verify from the email address, verify via phone or a separate email address from your contact list so that you know you’re sending it to the right email address.”
According to a May 2022 release from the FBI, Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.
The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds.
The scam is not always associated with a transfer-of-funds request. One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even crypto currency wallets.
The BEC/EAC scam continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions. Between July 2019 and December 2021, there was a 65% increase in identified global exposed losses, meaning the dollar loss that includes both actual and attempted loss in United States dollars. This increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.
The BEC scam has been reported in all 50 states and 177 countries, with more than 140 countries receiving fraudulent transfers. Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore.
If you discover you are the victim of a fraud incident, immediately contact your financial institution to request a recall of funds. Regardless of the amount lost, file a complaint with www.ic3.gov or, for BEC/EAC victims, BEC.ic3.gov, as soon as possible.