Limbtec Limited > Blog > 2023 > November

The Danger Of Holiday Phishing Scams:

29th November 2023

How To Recognize And Avoid Them To Stay Safe This Holiday Season

Holiday Phishing

The holiday season is in full swing, which means so are the cybercriminals! While you’re making holiday gift lists, they’re plotting and scheming new ways to take advantage of unsuspecting online shoppers. Holiday phishing scams have become an all-too-common threat, targeting customers to steal personal information, financial data and even identities.

To help reduce the chances that a cybercriminal will ruin your much-deserved holiday fun, we’ve outlined a few of the most common and dangerous scams that you should be on the lookout for, how they work and tips to help you avoid becoming their next victim.

Understanding Holiday Phishing Scams:

Phishing is a deceptive technique cybercriminals use to trick individuals into sharing sensitive information such as passwords, credit card details or Social Security numbers. During the holiday season, these scams often take on a festive disguise, tricking victims with holiday-themed e-mails, messages and websites. Whether you’re ordering gifts for clients or friends and family, here are some common tactics used by holiday phishing scammers to be aware of:

  1. Holiday-Themed E-mails: Scammers send e-mails that appear to be from trusted sources like your favorite retailers or even beloved charities. These e-mails look legit and usually offer fake exclusive holiday deals, order confirmations or requests for donations. Inside the e-mail, there is usually a link that leads to a fake website designed to steal your information or your money, or even install dangerous malware on your computer.

  2. Fake Promotions: Cybercriminals create fake holiday promotions and discounts that seem too good to be true. Unsuspecting victims see a great deal from a spoof e-mail account and are enticed to click on links or download attachments that can contain malware or lead to phishing websites.

    Sometimes cybercriminals aren’t looking to install malware but instead hoping to steal your money. They’ll duplicate popular retailer websites or set up their own, so when you make a purchase, they’ll collect the money, but you’ll never receive your order. These sites are often difficult to track, making it hard to get your money back.

  3. Delivery Notifications: With the increase in online shopping during the holidays, scammers send fake delivery notifications, claiming that a package is on its way or that there’s a problem with an order. These e-mails may prompt recipients to click on links or download attachments containing malicious software.

  4. Social Engineering: Scammers may impersonate friends or family members via e-mail or social media, asking for money or personal information under the guise of a holiday emergency or gift exchange. This is a common scam against seniors – who might not realize that the profile requesting money from them that was made “three days ago” isn’t actually their granddaughter – and young teenagers who don’t know fake profiles are an issue.

Recognizing and Avoiding Holiday Phishing Scams:

Now that we understand how holiday phishing scams operate, it’s essential to know how to recognize and avoid falling victim to them.

1. Verify The Sender: Always check the sender’s e-mail address or domain. Be cautious of misspelled or suspicious e-mail addresses. Legitimate companies and organizations use official domains for their communication.

2. Don’t Click On Suspicious Links: Hover your mouse over links to see the actual URL they lead to. Be wary of shortened links or URLs that don’t match the sender’s domain. If in doubt, visit the website directly by typing the URL into your browser.

3. Beware Of Urgency And Pressure: Scammers often create a sense of urgency, claiming limited-time offers or imminent problems. Take your time to verify the authenticity of any claims before taking action.

4. Double-Check Websites: Before entering personal or financial information on a website, ensure it’s secure. Look for “https://” in the URL, a padlock icon in the address bar and a valid SSL certificate.

5. Use Two-Factor Authentication (2FA): Enable 2FA wherever possible, especially for online shopping and banking accounts. This provides an extra layer of security, even if your password is compromised.

6. Educate Yourself And Others: Stay informed about current phishing tactics and share this knowledge with friends and family. The more people are aware, the harder it becomes for scammers to succeed.

7. Protect Personal Information: Avoid sharing sensitive information via e-mail or text messages, even if the request seems legitimate. Use secure channels for such communication.

While the holiday season is a time for celebration and togetherness, it’s crucial to remain vigilant against holiday phishing scams. Cybercriminals prey on the festive spirit and increased online activity during this time. By recognizing the signs of phishing attempts and following best practices for online security, you can protect yourself and ensure a safe and joyous holiday season for you and your loved ones.

Business owners: If your staff will be ordering gifts online for clients, make sure they know how to spot a phishing attack and that your network is properly secured in case something slips through the cracks. You don’t want your organization to be negatively impacted by extending holiday goodwill. If you aren’t sure if you’re protected, please give us a call or schedule a 10-minute discovery session with our team. We can help give you peace of mind this holiday season. Click here to book now, and happy holidays!

Read more

SHOCK STAT: A third of business owners don’t trust their staff

27th November 2023
Do you trust your staff with your data.

Do you trust your employees with confidential information?

If you do, you’ll be surprised by this stat…

For a third of small and medium-sized business leaders, the answer is a resounding “no”!

Maybe it’s because Jim from accounting still has his password on a Post-it note under his keyboard? Or perhaps it’s because they’ve been burnt in the past?

Either way, it’s clear that trust isn’t enough when it comes to data security.

We believe the problem isn’t your employees; it’s the lack of good training and security measures.

So, what can you do about it?

Booking training for everyone is an easy first step. It empowers employees with the tools, techniques, and best practices they need to spot potential threats and take appropriate actions.

Think of it this way: well-trained staff pose less of a risk to the overall security of your business’s digital network. They become your first line of defence, helping to improve your company’s security, and significantly reducing the risk of a breach.

Next, there are your security measures. Many companies admit they don’t have sufficient technology or checks to protect confidential information. 

This is where we come in. We can help set up your company’s system so that people can only access the data they’re supposed to.

But our job wouldn’t stop there. We can also ensure that your company has adequate policies relating to information sharing, gaining access to confidential data, and what happens when an employee leaves. By doing this we help you create a more secure working environment for everyone.

Here’s the truth: trust isn’t enough in data security. But with the right training and security measures in place, you can transform your employees from potential security risks into your greatest assets.

Are you ready to move from a place of fear and mistrust to one of empowerment and confidence? Get in touch.

Read more

10 Biggest Cybersecurity Mistakes of Small Companies

22nd November 2023

Cybercriminals can launch very sophisticated attacks. But it’s often lax cybersecurity practices that enable most breaches. This is especially true when it comes to small and mid-sized businesses (SMBs).

Cybersecurity measures is often not a priority for small businesses, they tend to be more focused on other areas of the business. Sometimes the business owner thinks there is a low chance of a data breach. Or view cybersecurity as an expense.

But cybersecurity is not only a concern for large corporations. It’s a critical issue for small businesses as well. Small businesses are often seen as attractive targets for cybercriminals. This is due to many perceived vulnerabilities. 

Fifty percent of SMBs have been victims of cyberattacks. More than 60% of them go out of business afterward.

Cybersecurity doesn’t need to be expensive. Most data breaches are the result of human error. But that is actually good news. It means that improving cyber hygiene can reduce the risk of falling victim to an attack.

Are You Making Any of These Cybersecurity Mistakes?

To address the issue, you need to first identify the problem. Often the teams at SMBs are making mistakes they don’t even realise. Below are some of the biggest reasons small businesses fall victim to cyberattacks. Read on to see if any of this sounds familiar around your company.

1. Underestimating the Threat

One of the biggest cybersecurity mistakes of SMBs is underestimating the threat landscape. Many business owners assume that their company is too small to be a target. But this is a dangerous misconception. 

We see that Cybercriminals think small businesses as easy targets. They believe the company lacks the resources or expertise to defend against attacks. It’s essential to understand that no business is too small for cybercriminals to target. Being proactive in cybersecurity is critical.

2. Neglecting Employee Training

When was the last time you trained your employees on cybersecurity? Small businesses often neglect cybersecurity training for their employees. Owners assume that they will naturally be cautious online.

But the human factor is a significant source of security vulnerabilities. Employees may inadvertently click on malicious links or download infected files. Staff cybersecurity training helps them:

  • Recognise phishing attempts
  • Understand the importance of strong passwords
  • Be aware of social engineering tactics used by cybercriminals

3. Using Weak Passwords

Weak passwords are a common security vulnerability in small companies. Many employees use easily guessable passwords. They also reuse the same password for several accounts. This can leave your company’s sensitive information exposed to hackers.

People reuse passwords 64% of the time.

Encourage the use of strong, unique passwords. Consider implementing multi-factor authentication (MFA) wherever possible. This adds an extra layer of security.

Limbtec we use a password manager, and let that take care of choosing the passwords, so we end up with very complex passwords, along with MFA

4. Ignoring Software Updates

Failing to keep software and operating systems up to date is another mistake. Cybercriminals often exploit known vulnerabilities in outdated software to gain access to systems. Small businesses should regularly update their software to patch known security flaws. This includes operating systems, web browsers, and antivirus programs.

This is something we take care of for all our customers.

5. Lacking a Data Backup Plan

Small companies may not have formal data backup and recovery plans. They might mistakenly assume that data loss won’t happen to them. But data loss can occur due to various reasons. This includes cyberattacks, hardware failures, or human errors.

Regularly back up your company’s critical data. Test the backups to ensure they can be successfully restored in case of a data loss incident.

6. No Formal Security Policies

Small businesses often operate without clear policies and procedures. With no clear and enforceable security policies, employees may not know critical information. Such as how to handle sensitive data. Or how to use company devices securely or respond to security incidents. 

Small businesses should establish formal security policies and procedures. As well as communicate them to all employees. These policies should cover things like:

  • Password management
  • Data handling
  • Incident reporting
  • Remote work security
  • And other security topics

7. Ignoring Mobile Security

As more employees use mobile devices for work, mobile security is increasingly important. Small companies often overlook this aspect of cybersecurity.

Put in place mobile device management (MDM) solutions. These enforce security policies on company- and employee-owned devices used for work-related activities.

8. Failing to Regularly Watch Networks

SMBs may not have IT staff to watch their networks for suspicious activities. This can result in delayed detection of security breaches.

Install network monitoring tools. Or consider outsourcing network monitoring services. This can help your business promptly identify and respond to potential threats.

9. No Incident Response Plan

In the face of a cybersecurity incident, SMBs without an incident response plan may panic. They can also respond ineffectively.

Develop a comprehensive incident response plan. One that outlines the steps to take when a security incident occurs. This should include communication plans, isolation procedures, and a clear chain of command.

10. Thinking They Don’t Need Managed IT Services

Cyber threats are continually evolving. New attack techniques emerge regularly. Small businesses often have a hard time keeping up. Yet, they believe they are “too small” to pay for managed IT services.

Managed services come in all package sizes. This includes those designed for SMB budgets. A managed service provider (MSP) can keep your business safe from cyberattacks. As well as save you money at the same time by optimising your IT.

Learn More About Managed IT Services

Don’t risk losing your business because of a cyberattack. Managed IT services can be more affordable for your small business than you think.

Give us a call today on 01752 546967to schedule a chat.

Read more

It’s time to say goodbye to traditional passwords

20th November 2023
It’s time to say goodbye to traditional passwords

Did you ever imagine a world where the lengthy, complicated passwords people often forget would become a thing of the past?

It seems that day might be arriving sooner than we anticipated.

Google has officially made Passkeys the default sign-in method for all personal accounts on its network, signalling the beginning of a new era in online security.

What’s a Passkey, you ask?

It’s the next big thing in internet safety. And as a business owner with staff, you should pay attention to this game-changing innovation.

Here’s everything you need to know.

What are Passkeys?

Imagine logging into your account using just a four-digit PIN or your biometric data like fingerprints or facial recognition. That’s precisely what a Passkey is.

Simple, isn’t it?

But don’t let the simplicity fool you. This new technology significantly reduces the likelihood of having your credentials stolen or your account taken over by cyber criminals.

How do Passkeys work?

Creating a Passkey is easy. Head over to Google’s official Passkeys website, create a PIN or connect your biometrics (fingerprint or face), link your smartphone, and you’re done.

Just remember, your PC needs to run at least Windows 10, or your Mac should have macOS Ventura or above. And on your phone, you need Android 9 or iOS 16.

As of now, this tech works only on Microsoft Edge, Safari, and Google Chrome browsers.

What are the benefits of Passkeys?

According to Google, 64% of people find Passkeys easier to use than traditional login methods.

Not only are they simpler and more secure, they’re also faster. Logging in with a Passkey is 40% quicker than using a regular password.

What’s next?

Google’s decision to make Passkeys the default sign-in method is just the beginning. The tech giant is already working with select partners to make this new login usable across Chrome and Android. It’s already available on Uber and eBay, with plans to expand to WhatsApp soon.

So, it might be wise to start thinking about how Passkeys can benefit your business. After all, Google could soon roll out this feature for business accounts too.

Meantime, if you’re not quite ready to embrace Passkeys, you can still opt-out. Just head to the Sign-in options page, find “Skip Password When Possible”, and toggle off the switch.

We’d recommend you give it a try and see how much easier – and more secure – it can make things. And of course, if you need any help, get in touch.

Read more

What Is Microsoft Sales Copilot& What Does It Do?     

15th November 2023
Microsoft surface

The use of AI-driven processes is exploding. Every time you turn around, software has gotten more intelligent. Harnessing the power of AI and machine learning is crucial for staying competitive.

Microsoft is a pioneer in the tech industry and this new AI era. It continues to lead the way with innovative solutions designed to empower businesses. One such innovation is Microsoft Sales Copilot.

This is a tool poised to reshape the future of business. Next, we’ll delve into what Microsoft Sales Copilot is. As well as how it is revolutionizing the world of sales and customer insights.

The Birth of Microsoft Sales Copilot

Microsoft Sales Copilot is the latest addition to the company’s robust portfolio. It was officially introduced in July 2023. It represents a significant leap forward in leveraging AI and machine learning. It’s designed specifically to enhance sales processes and customer engagement.

This groundbreaking tool is built on the foundation of Dynamics 365 Customer Insights. This is Microsoft’s platform for unifying customer data and delivering actionable insights. The tool combines the capabilities of Customer Insights with AI-driven features. Sales Copilot offers sales teams a comprehensive and intelligent solution. Both for customer engagement and relationship management.

What Can Microsoft Sales Copilot Do?

Personalized Customer Insights

Personalised customer insights is one of the core features of Microsoft Sales Copilot. It achieves this by leveraging AI and machine learning to analyze a wide range of data sources. This includes:

  • Customer behavior
  • Buying history
  • Customer interactions

By aggregating and processing this data, Sales Copilot saves salespeople time. It can provide sales professionals with a 360-degree view of their customers. As well as help them understand preferences, needs, and potential pain points.

AI-Driven Recommendations

Sales Copilot doesn’t just stop at providing insights. It goes a step further by offering AI-driven recommendations. These recommendations guide sales teams in their interactions with customers.

For example, the tool can suggest things like:

  • The most appropriate communication channels
  • Timing for follow-ups
  • Tailored, client-specific content recommendations

This level of personalization enables sales teams to engage with customers more effectively.

Enhanced Collaboration

Collaboration is a cornerstone of successful sales processes. Sales Copilot recognizes this by facilitating collaboration among team members. It provides a centralized platform where sales professionals can do things like:

  • Share customer insights
  • Discuss strategies
  • Collaborate on deals

This improves internal communication. It also ensures sales team alignment in the approach to engaging with customers.

Predictive Analytics

Predictive analytics is another powerful aspect of Microsoft Sales Copilot. The tool analyzes historical data and customer behavior patterns. This allows it to predict future customer actions and trends.

This empowers sales teams to make informed decisions. As well as proactively address customer needs, rather than simply reacting to them.

Seamless Integration

Sales Copilot seamlessly integrates with other Microsoft tools and services. This creates a unified ecosystem. This integration allows for a smooth flow of data between applications. It eliminates the need for manual data entry, reducing the risk of errors. It also ensures the consolidation of all customer interactions and data. Having customer information in one place makes for easy access and analysis.

Cloud Migration Program

Besides Sales Copilot, Microsoft also introduced a new cloud migration program. This is in conjunction with Dynamics 365 Customer Insights. This program aims to simplify the process of migrating customer data to the cloud. The integration of Sales Copilot with this program further enhances its capabilities. It does this by providing access to a wealth of cloud-based data.

How Does Sales Copilot Benefit Your Business?

Microsoft Sales Copilot holds immense promise for businesses across various industries. It enables sales teams to work more intelligently and efficiently. The tool has the potential to drive revenue growth and enhance customer satisfaction. Here are some ways in which Sales Copilot can benefit your business.

Improved Customer Engagement

Personalized insights and AI-driven recommendations have many benefits. For one, they enable sales professionals to engage with customers more meaningfully. This can lead to higher conversion rates and increased customer loyalty.

Streamlined Sales Processes

The tool’s predictive analytics and collaboration features can streamline sales processes. It can make them more efficient and effective. This, in turn, can reduce the time and effort required to close deals.

Data-Driven Decision-Making

Sales Copilot provides access to a wealth of customer data and insights. This empowers businesses to make data-driven decisions. This can lead to better-targeted marketing campaigns, product development, and customer service strategies.

Enhanced Competitive Advantage

Businesses that leverage Sales Copilot can gain a competitive advantage. It helps them stay ahead of customer trends and needs. This can be particularly valuable in fast-paced and competitive industries.

Scalability and Flexibility

Microsoft’s cloud-based solutions, including Sales Copilot, offer scalability and flexibility. This allows businesses to adapt to changing market conditions and customer demands.

You Don’t Have to Face the AI Frenzy Alone

AI and machine learning are transforming business tools rapidly. This can cause business owners to worry about falling behind competitors.

You don’t have to figure this all out yourself. We can help. Give us a call today to schedule a chat.

Read more

Are you using the all-new Teams yet?

13th November 2023
The Al new teams

Microsoft is rolling out a brand-new version of Teams, its video conference, collaboration, and chat platform. We’re being promised a faster and easier way to work. And we all could use a bit of that, couldn’t we?

The new Teams is like the superhero of apps for Windows and Mac. It’s faster than a speeding bullet… well, at least twice as fast as the classic version. Plus, it’s on a diet, using up to 50% less memory and disk space.

Microsoft went back to the drawing board to reimagine it, make it simpler and more flexible. Now Teams:

  • Plays better with third-party apps
  • Is happier calling phones outside of Teams
  • Gets you into meetings quicker than you can say “not another meeting”

This pumped-up version of Teams uses some tech which allows it to share resources with your browser. That reduces how much memory and disk space it needs.

And the initial test results? Teams is twice as quick when loading the app, joining meetings, and switching chats and channels.

This isn’t just for businesses using Windows. Teams on Mac is also getting this performance boost.

Microsoft promises this update will be a game-changer for your productivity. They’ve improved the user interface, adding in a “mark all as read” feature in activity.

Plus, they’re introducing Copilot, an AI assistant that can summarise key points from your chats and calls. Sort of like having your very own personal assistant, just without the coffee runs.

Are you ready to switch to the new and improved Teams? It’s rolling out now. Look at the top left corner of your Teams app… if you see “try the new Teams”, then you can flick the switch and try it out.

If you need help with Teams for your business, get in touch.

Read more

Watch Out for Ransomware Pretending to Be a Windows Update

8th November 2023

Imagine you’re working away on your PC and see a Windows update prompt. Instead of ignoring it, you take action. After all, you want to keep your device safe. But when you install what you think is a legitimate update, you’re infected with ransomware.

That’s the nightmare caused by an emerging cybersecurity threat.

Cybercriminals are constantly devising new ways to infiltrate systems. They encrypt valuable data, leaving victims with difficult choices. Once ransomware infects your system, your PC is pretty useless. You either have to pay a ransom or get someone to remove the malware. As well as install a backup (if you have one!).

One such variant that has emerged recently is the “Big Head” ransomware. It adds a new layer of deception by disguising itself as a Windows update. In this article, we’ll explore the ins and outs of Big Head ransomware. Including its deceptive tactics. We well as how you can protect yourself from falling victim to such attacks.

The Big Head Ransomware Deception

Ransomware attacks have long been infamous for their ability to encrypt files. This renders them inaccessible to the victim until a ransom is paid to the attacker. In the case of Big Head ransomware, the attackers have taken their tactics to the next level. The attack masquerades as a Windows update.

Big Head ransomware presents victims with a convincing and fake Windows update alert. Attackers design this fake alert to trick users. They think that their computer is undergoing a legitimate Windows update. The message may appear in a pop-up window or as a notification.

The deception goes even further. The ransomware uses a forged Microsoft digital signature. This makes the fake update appear more authentic. This adds an extra layer of credibility to the malicious message. And makes it even more challenging for users to discern its true nature.

The attack fools the victim into thinking it’s a legitimate Windows update. They then unknowingly download and execute the ransomware onto their system. From there, the ransomware proceeds to encrypt the victim’s files. Victims see a message demanding a ransom payment in exchange for the decryption key.

By 2031, it’s expected a ransomware attack will occur every 2 seconds.

Protect Yourself from Big Head Ransomware & Similar Threats

Cyber threats are becoming more sophisticated. It’s not just the good guys exploring the uses of ChatGPT. It’s crucial to take proactive steps to protect your data and systems. Here are some strategies to safeguard yourself from ransomware attacks like Big Head.

Keep Software and Systems Updated

This one is tricky. Because updating your computer is a best practice for security. Yet, Big Head ransomware leverages the appearance of Windows updates.

One way to be sure you’re installing a real update is to automate. Automate your Windows updates through your device or an IT provider (like us). This increases the chances of spotting a fake that pops up unexpectedly.

Verify the Authenticity of Update

Before installing any software update, verify its authenticity. Genuine Windows updates will come directly from Microsoft’s official website. Or through your IT service provider or Windows Update settings. Be cautious of unsolicited update notifications. Especially those received via email or from unfamiliar sources.

Verify the Authenticity of Update

Before installing any software update, verify its authenticity. Genuine Windows updates will come directly from Microsoft’s official website. Or through your IT service provider or Windows Update settings. Be cautious of unsolicited update notifications. Especially those received via email or from unfamiliar sources.

Backup Your Data

Regularly back up your important files. Use an external storage device or a secure cloud backup service. In the event of a ransomware attack, having backup copies is vital. Backups of your data can allow you to restore your files without paying a ransom.

Use Robust Security Software

Install reputable antivirus and anti-malware software on your computer. These programs can help detect and block ransomware threats. This helps prevent them infiltrating your system.

Educate Yourself and Others

Stay informed about the latest ransomware threats and tactics. Educate yourself and your colleagues or family members. Discuss the dangers of clicking on suspicious links. As well as downloading attachments from unknown sources.

Use Email Security Measures

Ransomware often spreads through phishing emails. Put in place robust email security measures. Be cautious about opening email attachments or clicking on links. Watch out for emails from unknown senders.

Enable Firewall and Network Security

Activate your computer’s firewall. Use network security solutions to prevent unauthorized access to your network and devices.

Disable Auto-Run Features

Configure your computer to disable auto-run functionality for external drives. This can help prevent ransomware from spreading through infected USB drives.

Be Wary of Pop-Up Alerts

Exercise caution when encountering pop-up alerts. Especially those that ask you to download or install software. Verify the legitimacy of such alerts before taking any action.

Keep an Eye on Your System

Keep an eye on your computer’s performance and any unusual activity. If you notice anything suspicious, investigate immediately. Suspicious PC activity can be:

  • Unexpected system slowdowns
  • File changes
  • Missing files or folders
  • Your PC’s processor “whirring” when you’re not doing anything

Have a Response Plan

In the unfortunate event of a ransomware attack, have a response plan in place. Know how to disconnect from the network. Report the incident to your IT department or a cybersecurity professional. Avoid paying the ransom if possible.

Need a Cybersecurity Audit?

Don’t leave unknown threats lurking in your system. A cybersecurity audit can shed light on your system vulnerabilities. It’s an important proactive measure to ensure network security.

Give us a call today to schedule a chat.

Read more

Never mind “can’t teach an old dog new tricks”…

6th November 2023
Cyber Risdks!!

New research has uncovered an unexpected twist in the tale of cyber security risks – your tech-savvy younger employees may be your biggest vulnerability.

Shocked? Let’s dive into the details.

More than 6,500 employees across the globe were surveyed, with an almost equal representation of demographics. The results were rather alarming.

The study found that younger office workers, those 40 or under, are more likely to disregard standard password safety guidelines. Can you believe that 34% admitted to using their birth dates as passwords, compared to just 19% of those over 40?

And it doesn’t stop there.

The habit of using the same password across multiple devices was also more prevalent among younger workers, with 38% admitting to doing this.

And let’s not even get started on phishing scams. A whopping 23% of the younger demographic didn’t report the last phishing attempt they received. Their reasoning? “I didn’t think it was important”.

But surely they understand the gravity of security threats against businesses, right? Well, not quite.

While ransomware and phishing were acknowledged as critical threats by 23% and 22% of employees respectively, the overall attitude towards cyber security leaves much to be desired.

Here’s the kicker: a staggering number of those surveyed revealed that their organisations did NOT provide any mandatory cyber security training.

From the US (30%) to the UK (17%), Netherlands (32%), Japan (35%), India (31%), Germany (22%), France (43%), Australia (29%) and China (65%) – the numbers speak for themselves.

So, are we really to blame our young workforce when it’s clear that businesses aren’t doing enough to equip their employees with the necessary cyber security skills?

It’s high time we stopped treating cyber security as an afterthought and started investing in regular cyber awareness training for everyone in our businesses. Yes, EVERYONE. Not just the tech team or the executives, but every single employee.

At the end of the day, it’s not just about protecting your business; it’s about creating a safer digital world for us all.

We can help you do that. Get in touch.

Read more

May A Force Field Be With You

1st November 2023
Force Field around a laptop

“That won’t happen to me” is something many business owners say when discussing cyber-scams and the need for adequate protections for their business, but these days it’s getting to be a really, really stupid statement that you definitely don’t want your clients, employees and banker to hear.

Generative AI (artificial intelligence) tools are allowing scammers to produce deep fakes to defraud their targets. Earlier this year, Clive Kabatznik, an investor in Florida, called his local Bank of America representative to discuss a big money transfer he was planning to make.

Immediately after this legitimate call, a scammer called the bank back using an AI-generated deepfake voice of “Clive” to convince the banker to transfer the money to another account. Fortunately, the banker was suspicious enough that no money was transferred, but not everyone is as lucky.

According to a report titled The Artificial Imposter by McAfee, a well-established cyber security firm, 77% of AI voice scams were successful in securing money from their target. Even scarier, AI tools can clone a voice from just three seconds of audio.

A UK-based energy firm’s CEO was the victim of a voice scam when he thought he was talking to his boss, the CEO of the parent company based in Germany. The voice on the other end of the line instructed him to send the equivalent of $233,000 to a Hungarian supplier. The voice was so convincing, down to the slight German accent, that the CEO complied without hesitation. By the time they realized what had happened, the money had already been transferred to Mexico and distributed to other locations that weren’t traceable. 

But big businesses aren’t the only ones targeted.

Jennifer DeStefano, a mother of a 15-year-old daughter, recounted during a US Senate hearing her terrifying encounter with an AI scammer who used the voice of her daughter to attempt to convince her that the girl had been kidnapped. Fortunately, her daughter was in her bed sleeping at the time, and Jennifer was able to realize it was a scam. Many others aren’t as lucky as Jennifer and are getting scammed by AI voices of grandchildren, children and other loved ones who “urgently need money.”

This approach is still so new that there’s no comprehensive accounting of how often it’s happening, but the CEO of Pindrop, a security company that monitors audio traffic for many of the largest US banks, said he had seen a jump in its prevalence this year – and in the sophistication of scammers’ voice-fraud attempts. Another large voice-authentication vendor, Nuance, saw its first successful deepfake attack on a financial services client late last year.

With the rapid advancement of AI technology and its wider availability as costs come down, coupled with the broad availability of recordings of people’s voices on TikTok, Facebook, Instagram and YouTube, the perfect conditions have been created for voice-related AI scams.

What do you need to do to protect yourself?

For starters, share this article to make sure your staff is aware of these types of scams. Next, instruct them to ALWAYS check with you via a text message or other means BEFORE transferring money. If you’re not a business owner, you can do the same with your family, using a code word or other means of verifying the caller’s legitimacy.

Also, check the caller ID. If it’s something you don’t recognize, or it’s a blocked number, that’s a BIG red flag that it’s a scam. Even if it sounds like them on the other end of the line, hang up and call their phone direct or the place they’re supposed to be (school, office, etc.).

If the person calling has on-fire urgency and wants money wire-transferred or a Bitcoin payment, that’s another huge red flag. Real emergencies don’t come with highly skeptical payment demands.  

In business, you’ve clawed and climbed your way to the top, dodging all sorts of pitfalls and predators that have tried to make you their meal. Such threats are everywhere, and the higher you climb, the more you’ll find hiding behind every tree, every rock and every step. No matter how small and insignificant you might think you are, you ARE a target for someone, and being casual about cyber security and the threats they pose is an absolute surefire way to be robbed.

If you don’t want this to happen to you, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

Read more
Recent Comments