3 Alarming Skills Today’s Cybercriminals Possess
In the digital world, what you don’t know CAN hurt you; let’s talk about some of the latest tactics hackers use to breach IT systems – and how you can protect your business from these cyber threats.
The cybercriminals your organization is facing – and yes, your organization is a potential target – are not the cybercriminals of a decade ago. Heck, they’re not even the cybercriminals of last week.
Threat actors are getting better at what they do every single day. The war on cybercrime is a game of cat-and-mouse. Only it’s not a game. The stakes could hardly be higher (your livelihood) and the pressure couldn’t be greater (adapt quickly or suffer a devastating cyberattack that will leave you reeling with reputational damage, lawsuits, prolonged downtime – the list goes on).
An important part of protecting your business is keeping up with the latest tactics employed by threat actors to breach IT systems. So in this blog post, we’re talking about three alarming skills that today’s cybercriminals possess.
Buckle up, because each of these skills is a doozy.
Skill #1 – The Magical Reroute
Chances are, you have a cell phone – 97% of Americans do. Hackers know this, and can turn your constant companion against you. More specifically, a skilled cybercriminal can effectively hijack your phone by having all texts and calls rerouted to – you guessed it – the cybercriminal! This is often referred to as a “call forwarding scam.”
A call forwarding scam is scary stuff. We depend largely on our phones for things like multi-factor authentication. Imagine you’ve been victimized by a financial scam, and threat actors have wire transferred money from your account to theirs. Under normal conditions, your bank would contact you to check on the legitimacy of the transfers. But if your phone’s been hijacked, when your bank calls you, your phone won’t ring; your hacker’s will!
Yikes is right. This stuff really happens. In fact, TV personality Andy Cohen recently went on the Today Show to share his own experience dealing with scammers and phone hijacking. It’s eye-opening and worth a watch.
How to Defend Yourself
- Follow strong password hygiene.
- Avoid dialing numbers or entering codes when instructed by someone contacting you about supposed issues with your account.
- If you suspect you’ve been victimized by a call forwarding scam, contact your cell phone provider immediately for help undoing the call forwarding.
Skill #2 – Accessing Google Without a Password
Seriously? Threat actors can get into your Google accounts without even stealing your password?
Unfortunately, yes. The security firm CloudSEK recently discovered malware that uses 3rd-party cookies to provide unauthorized access to private data. Attention was drawn to this new exploit when a hacker posted about it on an online discussion board.
The really scary part – this particular method allows hackers to maintain their unauthorized access even after a password reset. Double yikes!
How to Defend Yourself
While the world waits for a comprehensive solution from Google, you can, in the meantime, take some measures to protect yourself from this novel and powerful exploit:
- Turn on “Enhanced Safe Browsing” in Chrome.
- Log out of all browser profiles to cancel current session tokens. Then reset your password and sign back in to create new tokens. If this makes no sense, don’t worry; you can find more detailed instructions here in the section titled: “Interim Remediation Steps.”
Skill #3 – Vishing on Steroids
First, let’s talk about vishing (short for “voice phishing”). Like all phishing scams, vishing relies on deceptive tactics to trick individuals into divulging sensitive information. A common trait in phishing is the use of fraudulent communication, such as emails or messages, to impersonate trusted entities. However, vishing stands out as a unique form of phishing because it specifically involves phone calls.
Now, back in the good ol’ days, threat actors had to rely on traditional phishing methods to trick their victims. But times have changed, and now, to everyone’s collective dismay, crafty hackers can actually use AI to mimic the voices of people you know – a friend, family member, coworker, etc.
This is called audio deepfaking, and it’s not science fiction; it’s the world we’re living in. But just how good are these audio deepfakes? Surely you’d be able to tell if it’s your family member or an artificial voice just by listening closely…right?
Not according to McAfree, whose research found that 70% of people aren’t confident they’d be able to tell the difference between a ‘voice clone’ and the real McCoy. Yikes, yikes, yikes.
How to Defend Yourself
- Be suspicious of any incoming call purported to be from someone you know; call back the person in question to double check.
- Be suspicious of emotionally charged calls that create a sense of urgency (hackers love manipulating our emotions to get us to act hastily).
- Adopt a “code word” with your family and close friends.
- Set social media profiles to private (hackers need a sample of a voice in order to clone it).
Summing Up
Cybercrime has gotten bad because cybercriminals have gotten good – and they’re only going to get better. If your organization isn’t proactive about security, it’s only a matter of time before your poor security posture will come back to bite you.
For every new skill acquired by hackers, there’s a group of honest cyber experts working to find a solution. But this stuff takes time and resources, and it’s unfair to expect a small in-house IT team to stay abreast of every development in the cyber world.
Need some help?
Feeling overwhelmed by cybersecurity at your organization? Simply looking to get proactive to prevent future issues?
Get in touch with The 20 MSP today. We’ve helped thousands of businesses across the U.S. get their security up to speed and under budget – and we can help you too. Schedule your call with us today!
