As cybercrime becomes ever more common, it’s safe to say that no company, organization or individual is not in some way exposed to data breaches, malicious email campaigns or other form of cyber theft at any given time.
Indeed, troves of personal data – email usernames, passwords, credit card account information, login credentials and more – are floating around on the dark web. And it’s costing companies: The total cost of cybercrime for each company increased from $11.7 million in 2017 to a new high of $13 million in 2018, according to an Accenture report.
Phishing – when a scammer sends emails to trick someone into giving them personal information – is one of the most common hacking methods, security experts say. The best way to avoid getting hacked is to not reuse passwords and change them often (or use a password manager).
Opening links and attachments represent a phishing risk.
Aside from taking those precautions, here’s one critical piece of advice to follow.
“Be aware of email from outside sources that contains a Word or Excel doc,” says Randy Pargman, Senior Director of Threat Hunting & Counterintelligence at Binary Defense, a cybersecurity firm.
According to Pargman, who used to work at the FBI, that’s likely the most common way people get hacked — with an attached Microsoft Office document.
Microsoft office, recognizing this threat, changed its Office suite of products to have macros disabled by default.
Here’s what happens:
“Usually the malicious Word doc will contain a macro or an embedded script that requires some sort of action on the part of a recipient,” he says. A macro or script is essentially an automation you can use to make certain tasks easier — they’re easy to program. But the critical thing is that they need to be activated.
“That action might be as simple as downloading the file and clicking an ‘enable content’ button,” Pargman said. “Or double-click something that looks like a picture inside the document.”
In both cases, Pargman says, there are often instructions to click or activate something.
“Any document that has instructions demanding the recipient double-click some button should raise red flags,” he says.
Always preview documents in your email client (Gmail, Yahoo) before downloading if you’re unsure. According to Pargman, the document can’t run macros if you’re previewing it online.
What if I already downloaded it?
If you’ve downloaded something suspicious, opened it, don’t fill up the sink and drop your computer in. The whole point of the “CLICK THIS BUTTON” is because the malware or virus needs your participation.
“If you haven’t clicked on anything yet, most likely nothing has happened yet,” Pargman says. “The doc can’t run the script automatically. That’s a protection Microsoft puts into Office.”
If it’s too late, and if someone already clicked the button to enable the content, Pargman says you won’t know if anything has been compromised – the attackers’ access will be invisible.
“They’re not going to see anything else pop up, and no more indications the attacker has installed and has backdoor access,” says Pargman. “If someone has opened up a suspicious doc they should seek professional help — security professionals can tell quickly.”
Wolff-Mann, Ethan. “One of the most common and damaging phishing techniques is easy to avoid” Finance.Yahoo.com February 2020
No one wants to become a victim of a social engineering attack, so it’s important to recognize an attack in progress and not be tricked into responding to it inappropriately.
Trained and aware employees are critical to securing an organization, and an effective, ongoing internal security awareness program can help reduce your company’s vulnerability, turning the “weakest link” in your cyber defenses into its greatest strength.
One of our most important roles as a technology service provider is to protect the assets of our clients. No matter how big or small your business is, a single compromised credential could put your entire business at risk. Give us a call to further discuss how we can help in protecting your business against cybersecurity threats and how we can make technology work for your business.
Call us now at 732.780.8615 or email us at [email protected]