This is a really busy time of the year; guess who else is busy, the hackers.
The hackers know and count on you being busy, maybe letting your guard down just a bit, your ordering things online even more this year in light of the COVID risk, again, something the hackers know as well. You will be getting all kinds of shipping status emails from various sources. All of them will offer you the chance to “click” on something in the email to track your package or get shipping details. Lurking somewhere in there will also most likely be a “phishing” attack email, they are really good and real looking and counting on you in the rush of the day and holiday’s to just one time “click” on that status button. As soon as you do, they have you!
This was one of the consistent groups of questions received from you this month. How do I know and how can I stop this from happening to me?
Some very recent statistics on phishing were release by Webroot, a antivirus and security software provider. Since COVID-19 hit America, the following statistics are real: through a survey of 7000 office workers
- 1 in 3 state they have clicked on a phishing link this year
- 59% of those polled reports clicking on emails from unknown sources
- 22% report clicking on emails from unknown sources “all the time”
- 1 in 3 report using their personal devices for work
- 65% state they don’t back up their data
- 59% have increased the amount of time working from home
So, what do those statistics mean to us as business owners, employees etc.? It means while we have gotten a little better in recognizing phishing attempts. It also tells us we have a long way to go and an increasing risk-based environment with so many people using their personal devices for work and working from home where most are not accustomed to working, i.e. in-home distractions cause an increase in risk.
Just this week alone, there were three local healthcare related entities hit with ransomware as a result of phishing attacks.
So how do they do this? Sometimes it as easy as sending you an email that has an attachment or link with a request to “click” on for status or to review documents. Most usually these emails pertain to COVID information, company announcements, order or package shipping status and during the holiday season, online holiday cards or announcements.
Keep in mind, most of these do not announce themselves after you have clicked on them. So, you may not have any idea that you did something wrong, you will just delete the email as it as far you knew, did nothing, no status no holiday well wishes, just planted a surprise in your network.
Here is how it works: a VERY real looking email comes from let’s say Amazon, the message is issue with your most recent order. You know you just ordered that toy for your child and it MUST make it by the holiday. You are in a rush trying to get patient records over to the treatment center, or maybe about to get payroll going, so you click on the status link, you see nothing happen, certainly do not get a status, so you ignore and don’t give it another thought. What you did not see was that the executable file was released into your network, now it is worming its way around collecting data on number and types of devices on the network, where your backups are located, basically creating a network roadmap of sorts. It is flooding your network access points with login request. Did you know that a recent vulnerability through Microsoft was something called “Null Sessions”? This is where an anonymous source can flood the network with login request, the server will eventually in basic terms “open the door” thinking you must really know what your doing. While you can protect against this backdoor with appropriate server settings and patch updates, it is one of the most widely used entries by hackers into your network.
Now the hackers are manually working within your network, removing antivirus, implanting files into your directories, deleting your backup files and encrypting everything they can get their hands on. This is about the time you will start seeing desktops locking up, laptops not functioning, access points going down, and now your notice. “You have been locked”, and the hacker owns your environment.
Now if you have had appropriate backups, you can ignore the threats, bring down your network and “reload” so to speak. While this is a huge pain and impact to your business or practice, you can survive. If you did not have the appropriate backups in place, then your making a decision as to whether you will be negotiating with your hacker to “potentially” get your data back.
You can take steps to at least greatly reduce these scenarios from happening:
Have a policy of no personal devices on your network, this is particularly important for HIPPA compliance.
Utilize an email filtering system; this software will basically scan every email coming through your network, looking for specific items of a trademark phishing email and not allowing the delivery to begin with.
Intrusion protection/monitoring software in your network; these set little traps for hacker software throughout your directories, once those are flipped, notices are sent to let you know and systematic steps are initiated to “wall up” your network and stop the hacker activity.
Ongoing training for all employees on how to identify hacking/phishing emails, to include consistent testing or employees with “fake” emails being sent which give you data pertaining o who clicked on what and provided what information.
Simply review the email closely when in doubt; Amazon does not mis-spell words in their emails.
Hover your mouse over the sender’s email address, Amazon does not use email addresses like Amazon.1234Mz.com
Go to your account site and check directly the status of your order and don’t click on the shortcut or link to check the status from your email.
There are many additional steps that can be taken to help reduce your exposure, but ultimately you are only as good as your weakest most distracted employee or being stressed through the holiday’s and just plain tired.
Always follow the rule of thumb, “when in doubt, hit the “x” to get out”. If you actually do see something begin to download after clicking on a link or attachment that you did not expect, don’t run away screaming for help. Reach down and unplug the power cord, this will disconnect the device from the internet, then call your IT Department or provider for assistance.
Spend time in your practice or business talking about these threats and how to report them or react when seen. Have a plan for communication or actions to be taken if you think this has happened. Venture Pointe provides free short sessions with you and your staff on educating against these types of attacks.
If you are not having these conversations with your existing technology provider, ask them why not?
I hope this has been informative for you today. Again, please let us know and we will come to your office for a face to face overview of things you can do to protect yourself. We also have information on our web page under resources that can be downloaded as educational material, www.venturepointe.com.
Take care and be diligent.