Don’t Trust, Verify
Written By: Smart City Security Operations
Americans lost more than $12.5 billion due to cyber scams, according to the FBI’s Internet Crime Complaint Center (IC3) 2023 annual report (PDF). Unfortunately, hacking is a full-contact sport. Scammers reach out by email or even on the phone. They often use bits of relevant information to reel you in. They then layer on fear and urgency. They want you to act without thinking. A cybercriminal could send what may look like an invoice or service renewal. They may call and pretend to be a customer service representative, alerting you to a security breach. In both instances, they convey a sense of urgency that grabs your attention.
For example, you receive an email from a colleague at work asking you to review some information. In this scenario, within seconds, this communication lets you open an attached file, and then a pop-up window instructs you to “Enable Editing” by clicking a button. Unfortunately, clicking this button seems harmless but it initiates malware on your computer. This advanced malware can steal your user credentials on your work computer and other personal information on your personal device. It is designed to evade detection by antivirus software. Once installed, it is very difficult to remove. Similar attacks can also occur via standard software like Microsoft Word or PowerPoint. Here are some tips to help you avoid malware scams:
- Be cautious and proactive when reading emails. Scammers often use phrases like “as soon as possible” and “penalties” to create a sense of urgency.
- Do NOT click anything, especially buttons labeled “enable editing” or “enable content” on attachments from unknown or unexpected sources. This is a common method for malware installation especially through Microsoft Word and Excel.
- Log into your accounts directly to verify invoices or payment requests. You can also contact the company’s customer service department for information.
In closing, cyber scams are evolving rapidly, and cyber security solutions are being developed just as quickly. However, it all comes down to each of us making smart decisions every day. So, can you read that email from your boss? Yes, of course, but don’t just trust. Take steps to verify whether this and all emails asking you to do something are legitimate.