Every organization needs to have a certain level of cybersecurity protection in place. That includes firewalls, antivirus, VPNs, encryption, and centrally managed security policies. Even so, many modern cybercriminals know that businesses have these protections in place, and they are working out ways around them.
Let’s take a look at a modern scam that isn’t targeting businesses per se, but is instead targeting individuals and families. We think this is extremely relevant, because the modern attacks against businesses and organizations are aimed at the individuals working there in the same way.
Imagine getting a phone call that your son or daughter, grandson or granddaughter, or any loved one, is sitting in a jail cell with a broken nose after an accident. You get a few brief seconds to talk to them; they sound distressed as they quickly tell you that they were in a car accident and they are in jail. You then speak to someone representing them, who calmly explains to you that they were in an accident involving another person; a pregnant woman.
Long story short, this scam targets the elderly, and it’s intensely effective at triggering emotions for obvious reasons. So far, experts think the scammers are using AI to take samples of a person’s voice from videos or phone calls, and then using those samples to quickly run through a script like “Mom, I was in an accident and I’m in jail, help me.”
The broken nose thing immediately makes you not question that the audio sounds a little weird, and the calm lawyer on the other end of the call convinces you that you need to take several grand out of the bank to pay for your loved-one’s bail.
This is called the Grandparents Scam, and it’s extremely widespread. Scammers are running off with hundreds of thousands of dollars with this, because it hits so many emotional points that it causes smart, sensible, and even skeptical people to stop thinking for a few minutes. It’s abhorrent, and it is effective.
In the video linked above, the attorney makes a very good point. Spreading awareness is likely going to be the best way to combat this type of threat. The more people know about it, the more prepared someone will be if they are targeted.
Because let’s face it, I’ve been talking about cybersecurity threats for years. I’ve helped clients mitigate them. I’ve read articles and watched countless videos of these scams, and if this scam was used on me, I absolutely know that for at least a brief moment, my heart would jump up into my throat. They wouldn’t get me to the bank to take out a deposit, but they would definitely have a strong grip on my emotions for a short time.
Modern cyberthreats use urgency and toy with emotions in a similar way. An email might land in your inbox, and look like it is from the CEO, asking you to quickly forward some gift cards to a client, or share some important sensitive information. An alert might pop up, claiming that your Microsoft account needs a password reset. Someone on the phone might pose as a client or vendor and try to eke out information.
Here’s the thing; there are countless ways that a scammer or cybercriminal can attempt to trick you. There will never be a definitive guide or set of things to look for, because at this point, scams and threats change so quickly and adapt to how effective they are at tricking the general population. It truly comes down to being vigilant and a little skeptical of everything.
When something seems too good to be true, or it seems to not quite make sense in the context of the overall conversation, or appears to be overly urgent, it’s worth taking a deep breath and looking into it with a skeptical eye.
Everybody. Business owners, management, staff, consultants, interns, freelancers… you get the idea. You have a responsibility to protect each other, your customers and clients, and the business, and that definitely starts from the top. If business owners refuse to opt-in to a culture of cybersecurity, then it will be impossible to get employees to follow along properly.
It’s also important to understand that falling for a scam or cybersecurity threat isn’t embarrassing. Yes, the victim will likely feel embarrassed, but applying additional shame and punishment only reinforces a culture where problems don’t get reported. Again, it’s all about awareness.
If you are looking to tighten up your organization’s cybersecurity and establish a culture of cyber awareness, give us a call at 201-529-8050.