Cyber criminals are continuing to exploit vulnerabilities in computer devices, and the people who use them. Consumers and business leaders must be diligent in guarding against these scams. IDentity Theft 911, a provider of data risk and identity management services, has identified the top cyber scams to expect this year.
Click through for the top cyber scams expected for 2014, as identified by IDentity Theft 911.
POS system attacks
In a recent report, the FBI said it identified about 20 hacking instances in the past year that used “memory-parsing” malicious software to attack point-of-sale systems such as cash registers and card-swiping machines. In most cases, the software used for these POS attacks was installed remotely, allowing hackers to extract information from payment card magnetic stripes such as account numbers, PINs, and personal information while in the computer’s live memory, where it very briefly appears in plain text. Some versions sold on the black market even included an option that allowed for “remote upgrades” to make it even harder for corporate security teams to identify and stop attacks.
Conquer rather than collect
One trend that began in 2013, and is expected to continue this year, is attacks aimed at destroying data rather than just collecting it for identity theft profit. With predictions of more sabotage vs. espionage attacks, the take-home message for business as well as consumers: Use remote and offline storage systems and devices for secure backup of sensitive files and records that are vulnerable in corporate security breaches.
Ransomware is expected to extend its reach from personal computers to smartphones and other mobile devices. The target is bigger too: businesses, not just consumers. In the past, ransomware campaigns typically demanded payment, allegedly from the FBI or other law enforcement, to unfreeze PCs for supposedly watching porn or to remove bogus online viruses. But now, the success of past ransomware campaigns has sparked new concerns that future attacks will capture data in corporate computer systems and hold it for ransom.
Now is the time for organizations to plan mitigations for ransomware. Besides running up-to-date anti-malware software from a vendor you trust, backups are extremely important. For many of the systems that get infected by this type of threat, the only guaranteed way to recover data that has been encrypted by attackers is to restore it from backup after the system has been disinfected or rebuilt. Leveraging the cloud to do this is a low-cost option.
Targeting software developers
Remember October’s data breach of Adobe’s computer system, which leaked names, encrypted credit and debit card numbers and other sensitive information of millions of customers? Some predict more of the same, with hackers increasing their efforts on software developers and users. Translation: Just one more reason to heed headlines reporting such attacks and quickly utilize resulting security updates and patches after they occur.
The Affordable Care Act has opened the door for scammers to take advantage of newly established legislation. Websites can be designed to mimic the government’s official new health insurance exchanges and trick business owners into entering sensitive business information. In addition, scammers will send phishing emails to business owners as another tactic to gain information like a tax ID, employer ID, customer information, credit/bank information, and other sensitive PII. The best defense against scams is knowledge. Get educated about ObamaCare and what is required from a business standpoint.