Scammers online always try to trick not only unsuspecting users but also corporate employees. Of course, it is usually much more difficult to cheat a company than a retiree, but the potential rate of return is much higher in the first case. Therefore, efforts to get the SMEs to hook the hook continue unabated.
There are many techniques, but since scammers tend to be somewhat lazy, most cases use those that are already more than proven. Next, we leave you with the most common strategies.
Table of Contents
Types Of Baits That Scammers Use
For cybercriminals, it is important that you not only read their messages, but also react to them: by clicking on a link, opening an attachment, or paying a bill. And for this, they need to get your attention.
A Notification From The Tax Service
With this technique, you receive an email indicating that you have not paid a full tax and that you will now have to pay interest. If you wish to appeal, you will have to download, fill out and send the attached form. However, the form contains a macro, and as soon as you enable it (most users automatically click “I Accept” in pop-up windows), the malware will immediately download and run. .
Many companies fear tax authorities, but you have to look fear in the eyes or at least some of their emails to detect the differences between the false and the authentic ones. It is worth knowing if your local tax office often sends emails or prefers to call directly.
Notifications About Pending Payments
Have you paid all your taxes and settled all your accounts with the providers? Well done, but you can still receive a message stating that payment could not be made. After that, anything goes, from a request to pay a supposedly reissued bill to a request to go somewhere strange.
Antivirus can block a suspicious link, but only your common sense can prevent you from paying the same bill twice.
Proposal For A Mysterious Supplier
Bulk sales emails are generally sent quite randomly in the hope that at least some of them will hit a good target. Fraudulent emails that look like bulk sales emails, but include malicious attachments meant to resemble information about products or services, do the same.
Security Service Notification
This scam mainly operates in companies that have offices in different locations. Typically, regional office employees do not know what headquarters staff are like or what they do. Therefore, if they receive an email from the important “head of security” directing them to install a security certificate, many will comply without realizing that the message comes from a false address. They will end up installing the certificate that will be the hook.
Consequences Of Falling Into The Trap
The phishing is very simple (their purpose is to steal your credentials), but the malware email has several versions. In the following list, we include the most common types.
A RAT On The Computer
Cybercriminals are particularly fond of remote administration tools (RATs), which allow attackers to access the corporate network, where they can wreak havoc. For example, the use of a RAT can allow a stranger to install malware, steal important documents, locate the CFO’s computer and intercept the access data to the payment system and then transfer money to your account.
The ransomware encrypts the files so that they cannot be used. Therefore, you can no longer consult your most important documents or even show a presentation. Some types of ransomware spread across a local network, first penetrating a computer, but encrypting data on each computer that the Trojan reaches. To restore files, attackers demand a ransom. For example, not too long ago, municipal computers in Baltimore, Maryland were affected by ransomware that completely blocked some services. The attackers demanded more than $ 100,000 to restore everything.
Cybercriminals also like to use spyware Trojans ( malware that collects as much information as possible) to infiltrate businesses. The spyware sits silently on computers, recording user names, passwords and addresses, and collecting messages and attachments. For tech companies, the main danger is that their knowledge or plans will leak, while for other companies, the main threat from spyware is that attackers access the financial system and steal their money. It also represents a problem in large organizations,
How To Avoid The Scams That Are Most Common To SMEs
Follow these general security tips to avoid the pitfalls scammers use with SMEs:
- Be aware
- Know the laws of the jurisdiction in which you work and the operation of the government and regulators
- Be aware of the types of files that are most likely to be dangerous
- Install an antivirus solution, preferably one with spam and phishing protection, on all devices