Category: CyberSecurity Newsletters

Business Email Compromise: What the FBI Thinks You Should Know

WHAT IS BUSINESS EMAIL COMPROMISE?

Business Email Compromise (BEC) is a type of cybercrime in which the hacker impersonates a trusted person (CEO, CFO, Vendor, etc.) or company, gains access to an organization’s email system, and targets employees who have the ability to approve important requests. From there, the hacker posing as the trusted person sends phishing emails that convince the recipient to make all sorts of costly mistakes.

Here are just a few of the things a cybercriminal can do in a BEC situation:

  • Access an online banking account
  • Be paid for phony invoices
  • Order goods through a company’s merchant account
  • Unlock corporate records and sensitive data
  • Steal loyalty points
  • Harvest customer data
  • Make unauthorized purchases
  • Extort money from you in exchange for your account credentials

Cybercriminals are using LinkedIn and social media to understand their targets beforehand. They’re clever, sophisticated, and relentless. What one employee might not fall for, a different employee will.

What the FBI Has to Say about BEC

Each year the FBI publishes its Internet Crime Report. In 2021, Business Email Compromise (BEC) has become such a big problem that the FBI shared additional detail about this major phishing threat. Here are a few points they shared:

  • Business Email Compromise is a scam targeting businesses (not individuals) working with foreign suppliers and/or businesses regularly performing wire transfer payments.
  • In 2021, the IC3 received 19,954 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints with adjusted losses of nearly $2.4 billion.
  • The average cost of a successful BEC attack in 2019 was $74,723.44. By 2021 that amount had grown by 61% to $120,073.84.
  • Fraudulent wire transfers are often immediately transferred to cryptocurrency wallets and quickly dispersed, making recovery efforts more difficult.
  • The IC3 has observed an emergence of newer BEC/EAC schemes that involve phishing emails and exploited virtual meetings. In those meetings, the fraudster would insert a still picture of the CEO with no audio, then claim their audio/video was not working correctly. They would instruct victims to send fraudulent wire transfers and then follow up using the executive’s compromised email to provide wiring instructions.

Why Social Graphing and Stylometry Are Key

Understanding BEC and educating your employees that account takeovers and impersonations are common phishing scams can help combat them. However, you should also realize that battles of this magnitude cannot be fought alone.

There are two types of phishing that are key to fighting BEC and other types of email impersonation – stylometry and social graphing.

Stylometry: Much in the same way a high school teacher can spot a plagiarized term paper from an original, our solution gets to know her users so that she can keep an eye out for anyone trying to impersonate them with a phishing email or Account Takeover.

Social Graphing: A new concept in fighting phish, social graphing involves plotting out the various interconnections among different people, groups, and organizations within a network. As your users receive mail from legitimate senders, dynamic profiles and behavior models are built that help filter out and block impersonation attempts.

Our solution is a behavioral email security platform that blocks threats like BEC, uses stylometry, social graphing, and other intuitive technologies to signal out and stop account takeovers.

 

The average Business Email Compromise (BEC) attack will cost your company $120,073.84. If that’s outside of your budget, it’s time to call us!

START DEFENDING YOUR BUSINESS TODAY!

Your Business Is A Target!

KEEP YOUR BUSINESS SAFE WITH NEXT GENERATION SECURITY.

Security remains one of the top concerns and most challenging responsibilities facing your small business. With rapid technology adoption and increased remote working, the threat level for SMBs is increasing. Over the past year there has been a 300% increase in Ransomeware and Cyber Attacks on Small and Medium-Sized Businesses. Even the smallest business are a target for a cybersecurity attack. Which is why we will be deploying the best protection to our clients with enterprise-grade endpoint security that’s cost-effective and easy to use.

DID YOU KNOW?

300% INCREASE

There has been a 300% increase in ransomware attacks in the past year, with more than 50% targeted at small businesses

Homeland Security Secretary Alejandro Mayorkas, 06 May 2021 ABC report

 

25% SMBs BREACHED

Nearly one in four SMBs state that they had a security breach in the last year

Microsoft commissioned research, April 2022, US SMBs 1-300 employees

 

$108,000 AVG. LOSS

The average cost of a single data breach costs SMBs over $100,000

Kaspersky Global Corporate IT Security Risks Survey, 2019  

 

WHAT IS ENDPOINT DETECTION AND RESPONSE (EDR)?

Endpoint detection and response (EDR) is essentially a “Smart Anti-Virus” that replaces the classic Anti-Virus software with new and advanced features designed to protect your business from cybersecurity threats such as ransomeware.  We will be deploying this Next Generation of threat protection to all our clients, as it gathers and analyzes security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and automatically facilitates a quick response and remediation to discovered or potential threats. 

KEY FEATURES:

Reduce your vulnerability with a risk-based management approach

Help eliminate risks by reducing the surface area of attack

Protect against cyberthreats like ransomware and malware

Detect and investigate advanced persistent attacks

Automatically investigate alerts and helps respond to complex threats

Computer Security

Enterprise-grade security

Protect your devices against ransomware and other cyberthreats with industry-leading Defender technologies like endpoint detection and response and threat and vulnerability management.

CyberSecurity

Next-generation protection

Defender for Business offers streamlined experiences that guide you to action with recommendations and insights into the security of your endpoints. No specialized knowledge is required, because Defender for Business offers wizard-driven configuration and default security policies that are designed to help protect your company’s devices from day one.

Auto Investigation Response

Auto Investigation & Remediation

Get up and running quickly with easy,  wizard-based onboarding. Out-of-the box policies and automated investigation and remediation help automatically protect you against the latest threats, so you can focus on running your business.

Computer Protection

Threat intelligence

Automatically investigate alerts to help address complex threats and Proactively guard against threats using human and AI analysis of trillions of signals. 

ELEVATE YOUR SECURITY WITH EDR!

How Alpine Business Systems Stops Phishing

UNPARALLELED PHISHING PROTECTION
BLOCKS THREATS AND EMPOWERS EMPLOYEES.

Today’s cybercriminals employ a variety of incredibly sophisticated techniques that elude even the most skeptical and well-trained eyes. This is where the technology excels. Through innovative computer vision, AI, and machine learning, it catches everything.

Email SPAM Protection

1. Content Disarm and Reconstruct

Parses every HTML email and reconstructs it to ensure no malicious content like JavaScript or cross-site scripting attacks make it through. This unique email defense is akin to Content Disarm and Reconstruct (CDR) for office documents

Email SPAM Protection

2. Brand Forgery Identification

Renders every email and runs machine learning classifiers on the output. This unique and innovative approach allows our solution to see each email much like the human recipient, and to understand what brand, if any, originated the mail.

Email SPAM Protection

3. Stylometry for Sender Profiling

Maintains a sender profile for literally every single email sender it has encountered. This profile encodes aspects of the sender’s writing style, word choices, and punctuation usage, and provides a powerful tool for identifying account takeovers and other impersonations of individuals. No other system does anything like it.

Email SPAM Protection

4. Email Assistant

Provides more than 75 types of guidance on the email that users receive, within their inbox, no plugins required. This turns real emails into teachable moments, coaching users on both potential threats and highlighting sensitive emails like payment requests.

CONTACT US TO GET STARTED TODAY!

Social Engineering Red Flags

Social Engineering Red Flags: What to look out for

Cyber Attacks are constantly on the rise and Cyber Criminals are always trying new ways to get access to your data. One of the most common ways is through Social Engineering. Whether it be via an Email or Phone call, Cyber Criminals have learned that the easiest way to infiltrate your network or gain access to your information is by you simply providing them what they need through Social Engineering.

Cyber Criminals will send emails that may look legitimate at a glance, but in fact they are spoofed emails that are designed to gain key information or get you to install malicious software by clicking on a link or opening an attachment.

The good news is there are ways to prevent this and below is a list of Red Flags to look out for:

CyberSecurity Tip #1 – Email

CYBER SECURITY TIP #1 : Email

 

Email is the most common delivery vehicle for viruses, malware, and ransomware.

You can infect the entire network by simply clicking on a link or an attachement.

Hackers can easily spoof email addresses and appear to be someone you know.

Beware of all links and attachments, even if they appear to come from a trusted source.

Never open a link or attachment unless you are ABSOLUTELY sure it is safe. Confirm the identity of anyone who sends you a link or attachment. If in doubt, call them or send them a separate email to confirm it is they who actually sent it to you.

Report anything that is suspicious – DO NOT CLICK ON IT!

 

We are here to help!

If you would like to schedule an in-depth one-hour Cyber Security Training Seminar for your company, business organization, or community group, please send a request to solutions@alpinebiz.com

 

Check out our Cyber Security Training presentations and videos on our website www.alpinebiz.com/presentations – And YES! You should just manually type that in to your browser rather than clicking on that link!

Please call us at 908-707-9696 with any questions or email support@alpinebiz.com

We will continue to reach out to you with more things you can do to stay safe.

 

Thank you,
Your Support Team at Alpine Business Systems

CyberSecurity Tip #2 – Passwords

CYBER SECURITY TIP #2 : Passwords

 

You should use a different password for every website and application. It is the best way to protect yourself and your data. Period.

 

Here are the best practices:

  • Include numbers, symbols, and upper- and lower-case letters in every password.
  • They should be at least 8 characters long, preferably 12. Change every one of them at least once every 90 days.
  • Always use 6 characters (or longer) wherever possible for your smartphone and other PINs.
  • Use Biometrics (thumbprint, facial recognition) and Two Factor Authentication wherever possible.

Why is this important?

When a website you use is breached, your username and password become widely available on the Internet. Hackers then use those credentials to login to your email and other websites. If it is the same passowrd you use for other sites (email, banking, etc.), thay can easily access those sites and steal your data, or worse, your identity.

Pretty overwhelming, right?

Then use a Password Manager! We do. Last Pass and DashLane are market leaders. Despite the concerns over having someone else manage your passwords, many financial firms are now required to use them for CyberSecurity compliance.

Whether you decide to use a password manager or not, please heed our advice: Make your passwords long, complex, unique, and change them regularly!

We are here to help!

If you would like to schedule an in-depth one-hour Cyber Security Training Seminar for your company, business organization, or community group, please send a request to solutions@alpinebiz.com

Check out our Cyber Security Training presentations and videos on our website www.alpinebiz.com/presentations – And YES! You should just manually type that in to your browser rather than clicking on that link!

Please call us at 908-707-9696 with any questions or email support@alpinebiz.com

We will continue to reach out to you with more things you can do to stay safe.

 

Thank you,
Your Support Team at Alpine Business Systems

25 Ways to Protect Yourself and Your Firm.

What you can do at Work and at Home to Protect Yourself and Your Firm.

 

1. Backup personal data to the cloud: Carbonite, Mozy, iBackup.

2. Change your passwords, make them strong, keep them private. NEVER use the same password for more than one site. Use Last Pass or another secure password manager.

3. Keep your Computer, Anti-Virus, Browsers, Flash & Java up to date. No XP or Vista OS’s!

4. Configure Anti-Virus to scan anything plugged in to your computer.

5. Beware of unsolicited links or attachments. Never open a link or attachment unless you are ABSOLUTELY sure it is safe. Report anything that is suspicious – DO NOT CLICK ON IT!

6. Beware of Pop-ups telling you that you need to call to remove a virus or update/optimize your computer. If you get one, close out of all programs and reboot your computer. NEVER call the number on the screen.

7. NEVER allow anyone to access your computer unless if you are absolutely sure they are from your corporate help desk. If you are unsure, call your corporate help desk to confirm that they are who they say they are.

8. Beware of phone scams – “I’m from the Help Desk, Microsoft, the IRS, your bank….” HANG UP the phone immediately.

9. Lock your computer when you are leaving it for any period of time.

10. Logoff your computer every night. Leave it on, though, so it can receive updates.

11. Reboot your computer at least once a week.

12. Never e-mail work products to your personal email account.

13. Never use Flash Drives you “found” or ones given to you. Buy and use brand names.

14. Smartphones: Beware of the apps you use. Delete the ones you don’t use.

15. Smartphones: Use biometrics & strong passwords. Wipe them before discarding them.

16. Never use public USB charging stations- Always use your own charger.

17. NEVER email Personally Identifiable Information (PII). Use secure encrypted portals to share files containing PII.

18. Encrypt laptops that have PII or confidential data on them.

19. Only use secure websites (httpS://) when entering any personal or financial information (credit card numbers, Social Security Number, Driver’s License, etc.).

20. Always convert sensitive files to PDF before sending them to strip out metadata.

21. Never use “free” music/video sharing sites. Legitimate streaming sites like Pandora and Spotify are fine, though.

22. Protect and encrypt your wireless networks with passwords.

23. Check your bank accounts daily and credit cards at least monthly for suspicious activity.

24. Freeze your credit reports. It is easy and it is the best protection against identity theft.

25. If you think you have been breached: TURN OFF THE COMPUTER and CALL FOR HELP!

We are here to help!

If you would like to schedule an in-depth one-hour Cyber Security Training Seminar for your company, business organization, or community group, please send a request to solutions@alpinebiz.com

Check out our Cyber Security Training presentations and videos on our website www.alpinebiz.com/presentations – And YES! You should just manually type that in to your browser rather than clicking on that link!

Please call us at 908-707-9696 with any questions or email support@alpinebiz.com

We will continue to reach out to you with more things you can do to stay safe.

Thank you,
Your Support Team at Alpine Business Systems

FBI WARNING: Cyber Criminals Targeted Web Browser Extensions to distribute malware

  • Important Security Notification!The FBI has observed cyber criminals targeting web browser extension (WBE) developers as intrusion vectors during spearphishing campaigns, allowing for distribution of malware to end users.

    Popular WBEs can be used to block intrusive pop-ups and advertisements, store sensitive website credentials, and customize the web browser’s user interface.

    Cyber criminals increasingly select WBEs as an intrusion vector because of the trust a victim puts into them and the WBEs’ ability to autoupdate, pushing malicious code to the victim without notification. By hacking WBE developer accounts, cyber criminals exploit victims with the WBE already installed, removing the social engineering required to convince a victim to download a malicious WBE.

    What you should do:

    • Limit the installation of web browser extensions as much as possible.
      Extensions are software add-ons for customizing a web browser. Browsers typically allow a variety of extensions, including user interface modifications, ad blocking, cookie management, etc….

    Be very aware of the following:

    • Permissions requested by browser extensions when installing, or after updates.
    • Advertisements that seem out of the ordinary of typical web browsing use.
    • Unexpected website redirections and new homepages while using the web browser. They could be indications that you have an infected WBE. Call our Support Team immediately.

     

    If you experience any of the above,
    you could have an infected WBE.

    Call our Support Team if you have any
    questions or concerns. 908-707-9696

THE #1 THREAT: Business Email Compromises – “BEC’s”

THE #1 THREAT:
Business Email Compromises – “BEC’s”

 

THE SOLUTION:
Multi Factor Authentication – “MFA”
Also known as 2 Factor Authentication – “2FA”

 

WHY YOU NEED IT:

“Your passwords can be easily compromised. Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA. MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application.” – Microsoft

Alpine Business Systems strongly recommends it for every application you have, starting immediately with email.

 

HOW?

We can provide you with the best, most cost-effective solution.

Send an email to solutions@alpinebiz.com

We will show you how it will make you more secure, and what minimal impact there will be to your workflow.

Better to do it now BEFORE you get compromised.

BEWARE: Your smartphone is highly vulnerable to phishing attacks!

BEWARE: Your smartphone is highly vulnerable to phishing attacks!

 

And contrary to popular belief:
ALL Apple and Android devices are targets that can be compromised.

THE FACTS:

  • Mobile attacks have increased 66% in the past year.
  • We all click on links in mobile phishing messages at higher rates than we do on laptops and desktops.
  • We all work very quickly on mobile devices and this makes us VERY vulnerable.
  • 85% of mobile attacks are NOT delivered by email.
  • Attacks come in Texts, Games, Facebook Messenger, and other Social Network Messages.
  • They also come in links and documents that look like a protected document from a trusted source.
  • Attacks that spoof a website login page appear very authentic.

DON’T BE A VICTIM:

  • SLOW DOWN on your mobile device.
  • Beware of texts, games, social network messages, links, and documents.
  • Don’t let your guard down.
  • Be vigilant always.

 

As always, we are here to help you protect yourself, your company, and your clients.

We would like to share with you

The 25 things you can do at work and at home to protect yourself

Just send an email to solutions@alpinebiz.com

 

Thank you to mobile security vendor Lookout for the data contained herein.