Author name: admin

What you are about to read is a real story showing you how a business can be devastated by cybercriminals in the blink of an eye. Most importantly, I’ll share several ways this could have been avoided. Make sure to forward this to anyone who might be making online payments and, better yet, your entire staff. The name of the company and principals have been withheld so they don’t become a further target. $43,000 Gone In The Blink Of An Eye Imagine, on a normal Friday night after a long week of work, you glance down at your phone and see an alert from your bank. You open it to find that you’ve just paid a company you’ve never heard of $43,000! This was an all-too-real situation for one small business owner a few weeks ago – and there’s NOTHING the owner, or police, or anyone else can do to get that money back. It’s gone forever. Thankfully, for this company, $43,000 was a loss they could absorb, but it was still a huge hit and, frankly, they are lucky they weren’t taken for more. Here’s what happened and how you can keep this from happening to you. The E-mail That Started It All Imagine receiving an e-mail so convincing, so utterly devoid of red flags, that you find yourself compelled to act. This isn’t a failure of judgment; it’s a testament to the sophistication of modern cyber threats. In this case, an employee in the accounting department received an e-mail from the company’s “CEO” saying they were starting to work with a new company and needed to get them set up in the system and make a payment to them right away. This was NOT an abnormal type of e-mail, nor was the amount anything that aroused suspicion – they made and received large amounts of money often. The only telltale clue might have been that it came in on a Friday afternoon and it was made clear that it was an urgent matter that had to be handled right away. The employee, thinking they were doing exactly what their boss wanted, set the attacker’s company up in the system, including their bank routing number, and made a payment. And the minute they hit “Send,” the money was never to be seen again. It wasn’t until the CEO called minutes later, after receiving notification of the transfer, that alarm bells started to ring! But by then it was all too late. So What Happened? While it’s impossible to know what exactly occurred to kick off this chain of events, the most likely culprit is that an employee, possibly even the owner, received an e-mail sent by a cybercriminal weeks or even months earlier that allowed this person to gain access to some of the company’s systems. In all likelihood, the e-mail looked normal and had a link that, when clicked, downloaded software onto the recipient’s computer, and that’s where things started to go wrong. Over the following weeks, the cybercriminals accessed company communications, figuring out who the players were, and devised a plan to make it look like the CEO needed a vendor to be paid urgently. And when the criminals determined the time was right, they “attacked” and walked away with $43,000 for their efforts. Home Alone While this scenario may sound far-fetched, it’s not new. If you remember seeing the classic movie Home Alone, would-be thieves watched houses immediately preceding Christmas to determine which families would be away for the holidays so they could break into those homes. Cybercriminals do the same thing, but from a distance, and you’d never know they were ever there. The scary fact is, your system could be compromised right now, and you would have no way of knowing it, until an attack happens. In the cybercrime world, the kind of attack this company suffered is referred to as spear phishing. Criminals identify a single point or person in an organization who they believe could fall victim to a scam like the one that happened here, and they engineer a scheme to specifically target them. What You And Your Employees Need To Know To Help Thwart Attacks The sad fact is that there is no 100% safeguard against cybercriminals. But, just like our robbers in Home Alone, cybercriminals go after the low-hanging fruit. If your house has a gated entry, security system, outside cameras and lights, and has three vicious-looking dogs roaming around, would-be thieves are much more likely just to move on to a house without all these layers of security. Cybercriminals operate in the exact same fashion, looking for companies that aren’t protected and then targeting them specifically. So, the best thing you can do is have layers of protection for your company, along with education for your employees. 3 Things To Do Right Now To Protect Your Company Whatever You Do, Don’t Do This!!! Maybe the worst thing the owner of the company that lost $43,000 did was they then posted a video and story on social media. While their intentions were good because they wanted to warn other business owners not to fall victim to the same scam, they might as well have had T-shirts made with a big target on the back. It’d be like having cash from your house taken, then going online and telling people exactly how it happened – you’re just inviting more people to come try to take your cash. Not Sure If You’re As Protected And Prepared As You Should Be? To make sure you’re properly protected, get a FREE, no-obligation Cyber Security Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack. Schedule your assessment with one of our senior advisors by calling us at 774-241-8600 or going to https://centrend.com/contact/

The year of 2023 marked a significant turning point for cyber-attacks with the introduction and wide proliferation of AI (artificial intelligence), now in the hands of people who wish to do you harm and who are actively using it to find faster and easier ways to rob you, extort you or simply burn your business to the ground. As I write this, I’m well aware there’s a tendency to shrug and just accept the “we’re all gonna get hacked anyway” mantra to avoid having to deal with it. Further, like overhyped weather reports, it’s also tempting to just ignore the warning signs, thinking all of this is just fearmongering rhetoric designed to sell stuff. However, it truly is becoming a situation where the question is no longer IF your organization will be hacked, but WHEN. The Hiscox Cyber Readiness report recently revealed that 53% of all businesses suffered at least ONE cyber-attack over the last 12 months with 21% stating the attack was enough to threaten the viability of their business. This year is going to be a particularly nasty one, given the U.S. presidential election along with the ongoing wars between Russia and Ukraine and Israel and Hamas. Tensions are high and hacking groups are often motivated by revenge as well as money. Now, here are the 5 biggest developments in cyber threats you need to know about. If cybersecurity is a chess game, AI is the Queen, giving the person in possession the most powerful advantage for whomever plays it best. All cyber-related reports expect to see highly sophisticated deepfake social engineering attacks on the rise designed to separate you from your money. We’ve already seen scams using AI-generated voices of family members, calling relatives to claim they’ve been injured, kidnapped or worse, to extort money. This is also being used to hack into companies by getting employees to provide login information to people they think are their IT department or boss. This is where employee awareness training comes in, as well as controls such as MFA (multi-factor authentication), come into play. The expansion of remote work is a trend that is not going away; and with that comes an exponentially greater risk for cyber threats. From laptops being carried around and connected to suspicious Wi-Fi to mobile phones providing a “key” to logging into critical applications (like your bank account, Microsoft 365, line-of-business and credit card applications), these devices pose a high risk for being easily lost or stolen. Further, when people use their own devices or work remote, they tend to mix business and personal activities on the same device. That employee who frequents gambling or porn sites may be using the same device used to login to company e-mail or critical applications. Even logging into personal social media sites that get hacked can provide a gateway for a hacker to get to YOUR company’s information through a user’s (employee’s) personal accounts. There are an estimated 1.7 million ransomware attacks every day, which means every second 19 people are hacked worldwide. If you’ve been lucky enough to avoid this, know that someone else is getting hacked on a very frequent basis, and you are very likely to be hit. Last year, ransomware attacks increased by 37% with the average ransom payment exceeding $100,000, with an average demand of $5.3 million. Fortunately, not all ransom attacks are successful. Businesses are getting much smarter about cyber protections and have been able to put in place protections that prevent hackers from successfully extorting their victims IoT, or “Internet of Things,” is a term to describe the proliferation of Internet-connected devices. Today, even kitchen appliances, like a refrigerator, can be connected to the Internet to tell you when it’s time to change the water filter to alerting you if there’s a power outage. This means hackers have a FAR greater number of access points into your world. If there are 100+ more doors to walk through in a house, you have a much greater security risk than if there are only five. That’s why IoT attacks present such a problem for us, and a huge opportunity for the hackers. While many people know they should lock their PC, they might not be as meticulous in locking down their fridge or their dog’s tracking collar, but those could all provide access to you, your devices, e-mail, credit card and personal information. To try and combat the out-of-control tsunami of cybercrime, the government is initiating more comprehensive federal and state laws requiring business owners to have in place “reasonable security” protections for their employees and clients. The FTC (Federal Trade Commission) has been the most active in this space, bringing numerous actions against companies it alleges failed to implement reasonable security measures, issuing monetary penalties. Of course, all 50 states plus Washington D.C. have passed laws imposing security requirements as well as data breach notification laws that require businesses to notify anyone whose data and PII (personally identifiable information) has been stolen or accessed by hackers via the company. For example, in California, under the California Privacy Rights Act (CCPA), a business could face a penalty of $100 to $750 per consumer and per incident if that company gets hacked and the court determines they failed to put in place reasonable security procedures. Not Sure If You’re As Protected And Prepared As You Should Be? To make sure you’re properly protected, get a FREE, no-obligation Cybersecurity Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack. Schedule your assessment with one of our senior advisors by calling us at 774-241-8600 or going to https://centrend.com/contact/

Have you ever searched for a specific website but landed on a completely different one after misspelling a letter or two in the URL? This deceptive tactic is known as cybersquatting. This practice not only jeopardizes the online presence of businesses and individuals but also poses a significant challenge in the ever-evolving landscape of cyber security. The scariest part is that you can be a victim of a cybersquatted domain and not even realize it. Here’s what you need to know about this type of cybercrime: What Is Cybersquatting? Cybersquatting, also known as domain squatting, involves the malevolent act of registering a domain name that is confusingly similar to that of a legitimate entity, be it a business, organization or individual. The primary motive behind this maneuver is often financial gain, with cybersquatters aiming to exploit the recognition and success of well-known brands. However, the repercussions extend beyond monetary losses, as cybersquatting can stain the reputation of its victims. Types Of Cybersquatting There are many types of cybersquatting scams, but here are the most common ones that you need to be aware of. Typos are easy to make, so misspelled domains can generate a lot of traffic. Here are a few examples: Lookalike: Microsofty.com Looking at these, you might not think they’d easily trick users, but they still do! How To Avoid Being A Cybersquatting Victim You can avoid being a cybersquatting victim by taking a proactive approach. Here are a few steps to take: Cybersquatting is only one method hackers use to cause chaos. Cybercriminals are constantly coming up with new ways to scam businesses and individuals alike. If you want to double down on security to make sure you and your company are protected from sneaky attackers, we can help. We’ll conduct a FREE, no-obligation Security Risk Assessment where we’ll examine your network security solutions to identify if and where you’re vulnerable to an attack and help you create a plan of action to ensure you’re protected. Click here to book a 10-minute Discovery Call with our team to get started.

Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just a weekend, the hackers were able to run over $250,000 worth of ads for their online gambling site via their account and removed the rightful owner as the admin, causing the firm’s entire Facebook account to be shut down. Not only are they uninsured for this type of fraud, but they were shocked to discover that Facebook, as well as their bank and credit card company, was NOT responsible for replacing the funds. Facebook’s “resolution” was that there was no fraud committed on their account because the hacker used their legitimate login credentials, and Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential. Further, they didn’t have the specific type of cybercrime or fraud insurance needed to cover the losses, so they’re eating 100% of the costs.  Not only are they out $250K, but they also have to start over building their audiences on Facebook again, which took years to build. This entire fiasco is going to easily cost them half a million dollars when it’s all totaled. In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook, until they realized someone had hacked into their account, paused all of their legitimate ads and set up 20 NEW ads to their weight-loss spam site with a budget of $143,000 per day, or $2.8 million total.  Due to their spending limits, the hackers wouldn’t have charged $2.8 million; however, due to the high budgets set, Facebook’s algorithms started running the ads fast and furious. As they were pausing campaigns, the hackers were enabling them again in real time. After a frantic “Whac-A-Mole” game, they discovered the account that was compromised and removed it.  The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn’t replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early and acted fast, limiting their damages to roughly $4,000, but their account was unable to run ads for 2 weeks, causing them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.  When many people hear these true stories (with the name of the companies withheld to protect their privacy), they adamantly believe someone besides them should step up and take responsibility, covering the losses. “It wasn’t OUR fault!” they say. However, the simple reality is this: if you allow your Facebook account – or any other online account – to be hacked due to weak or reused passwords, no multifactor authentication (MFA) turned on, improper e-mail security or malware infecting your devices due to inadequate cyber security, it is 100% YOUR FAULT when a hacker compromises your account.  Facebook is just one of the cloud applications many businesses use that can be hacked, but any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials. Facebook’s security did not cause their account to be compromised – it was the failure of one employee. The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to protect yourself: If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.