78653705 | Michael Borgers | Dreamstime.com
65b3ae66a0884b001e95cfad Dreamstime L 78653705

Clark: Latest hacking schemes used by cybercriminals

Jan. 29, 2024
Vade estimates that phishing volumes increased by 173% in Q3 2023. As a result, it is important to be aware of the latest scams.

Hacking into a company’s data used to require a decent amount of technical knowledge and skills that would enable cybercriminals to infiltrate your systems to capture your most sensitive data. That is no longer the case.

In the horror story world, a vampire has to be invited into your home rather than just walk in. The same holds true for cybercrimes now. The most effective and cheapest way in is to trick an employee into inviting that criminal in. The employee has no idea that they’re helping bad actors harm your company, but phishing scams are pretty sophisticated and seem to know how to get employees to open that door. Vade, a global company for AI-powered email security, published its Q3 2023 Phishing and Malware Report, which found that phishing volumes had “increased by 173% compared to the previous quarter (493.2 million versus 180.4 million).” And once a cybercriminal gets into your system, it can cost you... big time.

See also: Cybersecurity best practices help industry leaders secure their business

It's tough to keep up as the scams keep changing

Unfortunately, as the business world catches on to the latest scams and educates employees to recognize them, bad actors figure out new ways to get in. It’s a never-ending cyber whack-a-mole. Here are just some of the latest schemes to watch out for:

Let’s be friends: In this instance, an employee gets a text message on their mobile device that “obviously” was supposed to be sent to someone else. Realize that the bad actor has already done their research on the employee they’ve texted, so if the employee responds, the scammer starts an ongoing conversation that can seem entirely harmless. Once a relationship develops, the scammer convinces the employee to download an attachment that will (according to the bad actor) help the business. Once that download occurs, the bad guys are in your system, ready to wreak havoc.

Juice jacking: This is especially problematic for people that travel for business or people that work while they’re sitting in a public place, like an airport or coffee shop. Warn your employees to be very careful about charging their device through that location’s public USB port. Juice jacking is the term that describes an insidious plot where cybercriminals load malware onto the charging stations. Once a person uses the charger, he or she unintentionally is exporting personal data and passwords directly to the criminal. If the device being charged is a work device, your worker has just exposed your business to the hackers.

The fake invoice: Here, a bad actor creates and sends a fake invoice that appears to come from a known supplier indicating that the bank account or address has changed. Then they’ll ask for wire transfers or payment methods that take time to verify. If there are numerous suppliers and the company is still using manual processes, it’s easier for fake invoices to get through.

Whale phishing: It’s not just the rank and file that can be taken in. Even the C-suite and senior executives can fall victim to a phishing attack known as a Whale phishing. In these cases, higher level executives and those with access to financial information or other sensitive information are targeted.

These phishing emails are more sophisticated and usually convey a sense of urgency along with personalized information about the individual targeted as well as the individual it is assumed to be coming from (usually another executive-level person). These phishing attacks require a reaction from the recipient, which can be anything from a wire transfer of funds to clicking on a link that unleashes malware to simply gaining more information about the business for further attempts.

Social media madness: If your company posts information on a social media site discussing signing up a new client, making someone a partner, or even developing business with a new supplier, that information is available for all to see. Using the information provided, bad actors create a social media profile pretending to be a senior official from that partner, client, or supplier requesting data that they claim they need for their own purposes.

Training is key to cybersecurity

In each of the above cases, hackers were inadvertently let into the data without your employee (or executive) ever suspecting a thing. This is why making cyber training an essential part of your company practices and protocols is essential. Anyone can be the entry cybercriminals are looking for. There are a number of companies that specialize in training staff. Avail yourself of a reputable company; it could end up being the best investment you could make.

Jane Clark is senior vice president of operations for NationaLease. In this position, she is focused on managing the member services operation as well as working to strengthen member relationships, reduce member costs, and improve collaboration within the NationaLease supporting groups. Prior to joining NationaLease, Clark served as area vice president for Randstad, one of the nation’s largest recruitment agencies, and before that, she served in management posts with QPS Cos., Pro Staff, and Manpower Inc.

About the Author

Jane Clark | Senior VP of Operations

Jane Clark is Senior Vice President, Operations for NationaLease. Prior to joining NationaLease, Jane served as Area Vice President for Randstad, one of the nation’s largest recruitment agencies, and before that, she served in management posts with QPS Companies, Pro Staff, and Manpower, Inc.

Voice your opinion!

To join the conversation, and become an exclusive member of FleetOwner, create an account today!

Sponsored Recommendations

Leveraging telematics to get the most from insurance

Fleet owners are quickly adopting telematics as part of their risk mitigation strategy. Here’s why.

Reliable EV Charging Solution for Last-Mile Delivery Fleets

Selecting the right EV charging infrastructure and the right partner to best solve your needs are critical. Learn which solution PepsiCo is choosing to power their fleet and help...

Overcoming Common Roadblocks Associated with Fleet Electrification at Scale

Fleets in the United States, are increasingly transitioning from internal combustion engine vehicles to electric vehicles. While this shift presents challenges, there are strategies...

Report: The 2024 State of Heavy-Duty Repair

From capitalizing on the latest revenue trends to implementing strategic financial planning—this report serves as a roadmap for navigating the challenges and opportunities of ...