Cybercriminals often focus on the human factor and try to manipulate employees so that they hand over money, secret data or sensitive information. Our cooperation partner Watchlist Internet will show you how to protect yourself and your company from common scams.

At the beginning of the scam is the message

It usually starts with some kind of message. Often it is an email, sometimes a text message or even a phone call - with which criminals try to harm a company. But technical security gaps or data leaks can also be a reason for a successful cyber attack.

Basic rule: check messages

To protect your company, employees need to know how to recognize internet fraud and cyber attacks. The following basic rules must be observed.

Check sender

Before clicking links, opening file attachments or revealing secret information, messages should be checked. The following questions can help:

  • Who is behind the message?
  • Do you know the person or company?
  • Is the return address or telephone number correct?
  • Is the phone number suppressed?

Unfortunately, if the sender address or phone number is correct, this does not always mean that the message is trustworthy.

Question the meaningfulness

Fraudulent messages are usually accompanied by a request (data information, money demand, opening an attachment, etc.). Here it is important to pause for a moment and consider whether the request even makes sense:

  • Are the claims made true?
  • Are you even allowed to disclose the requested data by email or over the phone?
  • Doesn't an additional step have to be taken for a transfer?
  • Is it common for the other person to request certain information via email or phone call?

We explain in detail how you can recognize fraudulent messages in the article How to protect yourself from phishing attempts.

Adhere to password security rules

If criminals know passwords, they can get secret information as well as money - identity abuse is also possible by cracking a password. This affects private individuals as well as companies. The workforce should therefore pay attention to password security in both their private and professional environments:

  • Use only one password for each account
  • Choose long passwords
  • Use upper and lower case letters, numbers and special characters
  • Use password managers and two-factor authentication
  • Don't hide personal information in a password

We have summarized even more tips on password security .

Don't forget technical protection

To ensure that harmful programs cannot be installed in the first place and that security gaps in the operating system or installed programs do not provide an entry point for cyber criminals, the technical level must be taken into account:

  • Update your device and installed programs regularly. This is the only way to install the latest patches and close known security gaps.
  • Anti-virus programs recognize attack patterns and warn of malware. If necessary, remove the dangerous program.
  • By creating extensive backups, data lost in a cyber attack can be restored.

Define and communicate safety-critical company processes

Many attacks are based on so-called “social engineering”. Before an attack, criminals collect information about a company, the company's processes and systems and about its employees. This is how the criminals try to manipulate. However, if there are clear internal guidelines, it becomes more difficult for criminals.

Conversely, the attackers benefit if the workforce does not know company processes: For example, if someone does not know how payments are approved and carried out in the company, it can more easily happen that money ends up in the hands of criminals.
Therefore, safety-critical processes must be clearly defined and communicated. Know about scams

Corporate fraud scams

In order not to be at the mercy of cyber criminals, it is also important to know their tricks. These are common scams that mainly affect companies:

  • Spear Phishing
    Phishing is the most common type of fraud.
    Criminals send messages (usually in the name of a company) and invent pretexts so that victims provide their data. While normal phishing messages are sent randomly, spear phishing is a targeted attack. This makes this type of phishing more credible and therefore more dangerous.
  • Business email compromise or CEO fraud
    attackers pose as management or employees of the same company. You either gain access to the respective email account or imitate the regular email address. The criminals usually demand large amounts of money - such as these messages in which a supposed club chairman asks for a bill to be paid .
  • Ransomware
    There are different types of malware.
    Companies are often confronted with ransomware (or encryption Trojans/blackmail Trojans). This type of malware ensures that the infected device, certain data or even the entire company network is encrypted. The attackers demand a ransom, in return they would remove the encryption.
  • Fake invoices
    Criminals repeatedly try to get money from their victims with fake invoices.
    For example, companies receive messages on behalf of business services, business directories or domain registrars that falsely claim that an invoice is outstanding.
  • Fake shops
    There are numerous fake shops on the Internet, some of which are B2B shops aimed specifically at companies. In the wake of the corona pandemic, fake shops created that lured companies with cheap Covid-19 tests.
  • Order fraud or “fake customer trick”
    Criminals not only offer products themselves, but also pose as major customers and order numerous products. However, companies that deliver never receive the money. We will explain exactly how this scam works the example of fake orders in the name of ATOS.
  • Cloaking
    With cloaking , criminals misuse hacked websites to redirect to fake shops or other fraudulent offers. The fraud is often not even apparent to those affected. However, the damage should not be underestimated, as company websites can often no longer be found via common search engines.

Source: How to protect yourself and your company from fraud!

Do not miss! The dried-up Elbe in Dresden: No evidence of a “climate hoax”

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )