Currently, one of Hackers favorite Attack Vectors for Stealing Your Money is through E-Mail. Hackers are utilizing E-mail to get access to your Bank & Credit Card Accounts, your on-line shopping accounts such as Amazon, and\or gaining access to your Company or Organizational Information for purposes of extorsion. How do they do this? What can you do to protect yourself and/or your Business?  

If you receive an E-mail that:

 1) Says you Need to Act Immediately: Hackers will send an E-mail that looks legitimate. They’ve gotten very clever and their Art Work, Icons and presentation look very authentic and real. They will announce to you that you need to go to your account and verify it. They will ask you to click a Link below that will take you to a website that looks just like your Bank or Credit Card Company. They have a login screen for you to enter your Username and Password. If you do that, then they are recording your login credentials for their Hacking purposes. Hackers will then use your Login Credentials to log into your account and go through the process of stealing your money or in the case of an on-line store, ordering merchandise and having it shipped to a different address.

Best Practice: Recognize that Banks, Credit Card Companies or On-Line Shopping Companies will never send you you an E-mail requesting you to do this. Be sure to go directly to the real website and login into your account and see if you have any noticies. If you have any account issues there will be a notice.

2) They state that they have enclosed something you need to act on:

This email message can have a Senders Name and Address you will recognize because they have stolen it from them or an associate of theirs from their contact list. Here are some examples:

• “Hi Guys, Attached is the requested document. Have a nice day.”
• “Good morning, Take a look at this Invoice and let me know your opinion. Thank you.”

Then, within this attached document they ask you to download a file. Once you do this and open the file it loads Spyware or Malware on your Computer. A Hackers’ malicious software can be a Key Stroke Logger that records all of your keystrokes and sends them to hackers where they look for login credentials to Banks, Credit Card accounts and on-line shopping accounts. Then they steal from you.

Also, if you work for a Company or an Organization, they will load a Malware program that gives them access to your computer and from there they hack into your Companies Servers for malicious activity. Unfortunately, Hackers have been very successful at this. Hackers will steal money or information such as trade secrets, product designs and more. Another common hack right now is Extorsion. Once they access an Organizations Servers, they can encrypt all of the company data which then will require a complex Cypher Key to unlock access to it. The encryption is such that it would take a Super Computer 4 ½ to 5 years to crack the encryption. These hackers are sophisticated. They will either encrypt or disrupt your current backup so restoring data isn’t an option or they know it will take a very long time to restore the data and the cost of not being able to utilize any data is much more costly than the extorsion amount. Currently, in most instances, effected organizations are paying the Ransome. Further, in most cases, these Hackers are honoring the payment by providing the Cypher Key to decrypt the data once the ransom is paid. Gaining confidence so that companies or organizations will pay. Further, Hackers utilize Bitcoin so the payment can’t be traced.   

It's important to know that Legitimate Companies will never ask you to download a file. Also, always go directly to your Bank, Credit Card Company or On-Line Shopping’s Website. Never click on a Link to a Website they’ve provided. Many times they are a closely worded name that isn’t the real website. An example:

• Correct, real and accurate: "https://www.amazon.com/"

• An example of a Scam Hacking Credential Stealing Website might look like: “https://Amazon.com/billing-inquiry.com.”

• Or, a Hackers website may be just slightly off, such as: "https://www.Amazon01.com"

Best Practice: Protect yourself and/or your organization by making sure the URL (Uniform Resource Locater) window in your Browser has the legitimate Website listed. For example, this is a Legitimate “https://www.amazon.com” for Amazon's website.

3) If you get an E-mail that states it’s Very Important or Urgent that you call them because someone has tried to access your account.  Once you call them, they will start a process of getting you to identify yourself through your conveying personal information to them such as verifying your account number, your secret passphrase and/or the last four of your Social Security Number. They are clever at this process with the goal of extracting enough information so they can contact your Bank or Credit Card company. They want to determine what your credit limit is and what your current balance is so they know how much they can steal or write a fake check.

Best Practice: Never share personal information, account information, codes or secret phrases unless you’ve verified the legitimacy of a phone number. Always go to the Bank, Credit Card or On-Line shopping companies’ website directly and get their phone number from there. It's always important to exercise caution. 

4) You're asked to pay in an unusual way: Be very wary if asked to click on a link and enter in credit card payment information for an amount due.

Best Practice: Go to the website directly that you have an account with and verify if you owe any money Also, only make a payment through a website that you have verified is the real thing.

Hackers have gotten more clever with Deceptive E-Mails that look legitimate but are designed to trick you and will cause all kinds of problems. Remember, Banks, Credit Card Companies nor On-Line Shopping sources will never ask you to click on a link. Also, always verify any website you log into and as well, always verify phone numbers as legitimate. These procedures and guidelines will prevent you from being scammed. It’s a comfort to be in the IT Security Know!  ~ Mark Mitchell 6/25/23