November 2023

NAVIGATING THE DIGITAL MINEFIELD: TOP SCAMS TO BE AWARE OF AND HOW TO PROTECT YOURSELF By Tom Hasard, CISSP, WilkinGuttenplan

“Many attacks are looking for a fast payday in the form of intercepting a financial transaction...”

Kerly Chonglor/iStock/Getty Images Plus

I n today’s digital age, scams have evolved from the infamous “Nigerian prince” e-mails to sophisticated online schemes designed to defraud individuals and organizations. The power of automation continues to drive the complexity and effectiveness of a myriad of scam tactics. The internet, and especially e-mail, have become a playground for scammers, making it more important than ever to be vigilant and educated. Before we get into the details of what is out there, never underestimate your ability to “know” that something isn’t legitimate without being able to say why. We all have a natural ability to notice a disruption in patterns that can help alert us to even the most carefully crafted scam. Part of being a hard target for these attacks is to trust and hone those instincts, not giving a message the benefit of the doubt or letting your busy digital life prevent you from taking that extra step. Many of the high-profile breaches over the years, from Target in 2013 to the MGM attacks a few weeks ago,

rely on the strategies below to get their digital foot in the door. In some cases, all it can take is one user clicking on a bad link and entering their credentials to bypass best practice security controls and layers of protection. You may be wondering what you have that is worth all of this effort. Sometimes, it can be as simple as trying to get into your e-mail and harvesting every mail contact you have. Many attacks are looking for a fast payday in the form of intercepting a financial transaction where they can redirect a legitimate transfer to themselves. Others are really focused on your username and pass word, trying to leverage that into any number of attacks based on how much sensitive or private information you have access to. With the continued proliferation of automated attacks, malicious actors often just attack everything they can hit and hope something pays off. Around the security space, e-mail is considered to be the largest threat vector for cyber-attacks. It has become such a critical artery of information for business and

CONTINUES ON PAGE 42

40

NOVEMBER 2023

Made with FlippingBook Online newsletter creator