How Hackers Get Your Information

In the coming year, cybercrime is projected to cost companies and individuals over $2 trillion. These digital assaults include phishing, email hacking, and a plethora of other ways criminals try to obtain your private information.

Phishing is a method of acquiring personal information using deceptive emails and websites.
With phishing, a cybercriminal conveys a counterfeit message to a group of people and requests that they take specific action.

Less than two-weeks ago, we received a notification disguised as an email from Microsoft Office. It said that some of our incoming emails were placed on hold “due to recent activity on our account.” The message instructed us to click onto a link and “login to correct the problem.” The email even had the Microsoft Office logo displayed.

At first glance, it seemed like a legitimate message.  Not using the link provided, we logged into our account and found that there weren’t any issues. This was a phishing email and the link provided was most likely infected.

In the past, these messages were filled with grammar and spelling errors and it was relatively easy to recognize what they were. Cybercriminals today are personalizing messages to the intended targets and using official logos, perfect construction of the “pitch”, and even the names of people you are connected with to lure you into the scam.

Cyber attacks on mobile devices are rapidly Increasing. IDology’s 2018 Fraud Report stated that 63% of organizations saw an expansion in attacks on mobile devices.

In the past, unless you were installing unknown files or .exe’s it was unlikely that your device would get a virus . Malware has become advanced to the point that if you open a contaminated email message, it can install and keep running on the phone’s memory. This makes it harder to identify because antivirus programs only scan your hard drive.

Caller ID spoofing is a massive problem and the FCC has been trying to squash the practice for years. In 2018, it slapped a Miami resident responsible for over 96 million robocalls with a $120 million fine. That operator used a scheme that masked real callers’ numbers with fake ones using the recipients’ area codes to make them think the call is from someone they knew. That’s the biggest fine the FCC has ever imposed.

Be cautious when opening messages from people that don’t normally send emails to you or from people you don’t know.

Here are some pointers to help you stay safe:

  • Apple will NOT call to tell you that your ID has been compromised, nor will you get a call about your iCloud account – ever.
  • Microsoft will not call to tell you that your PC has been compromised.
  • No one can tell if your PC has been compromised on the Internet.
  • The IRS NEVER calls. They send letters. You can make arrangements for a conversation via phone, but you will receive initial notifications through the mail first.
  • If you receive a document from someone you know and your are redirected to a Google Docs site where you are asked to input credentials -DON’T

If you think you are exploited:

  • Stop using your computer and get it off of the Internet. Then, turn off the computer.
  • Contact your IT professional and let them check to make sure that your device was not compromised.
  • Get a backup of your files and disconnect the backup device when not in use.
  • Regularly change your passwords if possible. There are many excellent password management tools on the market.
  • Get your credit report – you can obtain one free report (from all three reporting agencies) each year from the FTC at: www.ftc.gov/faq/consumer-protection/get-my-free-credit-report

Be cautious and stay safe!

Special Thanks to Joe Cantrell of JAZ Services, LLC for his input on this article.

Leave a Reply

Your email address will not be published.