How to Spot 3 Common Cyber Scam Tactics

Innovative technology makes our lives easier, but it can also lead to sophisticated cyber attacks that threaten businesses around the globe. If your insureds don’t know what to look for, their risk profile may be rejected by carriers come renewal time. Together with Trava, we are exploring 3 cyber scam tactics that are commonly employed by cyber criminals along with some easy ways to spot them before it’s too late.

Phishing Emails

Emails are a common hotbed for scam activity. This is because cyber criminals know that well-meaning employees feel a sense of security when utilizing their inbox. Bad actors take advantage of this situation by sending emails that appear to come from colleagues. In reality, these emails are malicious attempts to gain access to confidential information.

Common Email Scams:

1. Tech Support Emails: An employee may receive a suspicious email stating that malware has been identified on their device. When the receiving user clicks the link in the body of the email, malware is remotely installed on their system.
   
2. Emails From Colleagues: Cyber criminals send emails to unsuspecting employees using names that are familiar in the workplace. For example, a scammer may use the name of an employee’s boss, creating pressure to respond. By entering into a conversation, the scammer is able to extract sensitive information from the employee, putting company resources at risk.
   
3. Banking/Paypal Notices: “Act now or your account will be shut down!” These emails may also include a link that leads to a seemingly legitimate form. If an employee submits the form, the scammer can gain access to information ranging from login credentials to information that is stored within the company’s database.

One way insureds can arm themselves against email scams is by requiring Multi-Factor Authentication (MFA). With MFA, users must provide two or more credentials to log in to their accounts. This way, even if a cyber criminal obtains personal credentials, there is no guarantee that they will be able to gain access to company accounts.

In addition, MFA is often a requirement for carriers as it is seen as a basic measure in the fight against cyber crime. If your insured currently lacks MFA, carriers will likely reject their application. Check out Limit’s Cyber Marketplace to help your clients protect their business and get the coverage they need.

Phone Scams

Similar to emails, scammers may attempt to make contact with employees through their mobile devices. Red flags include calls that come from unknown numbers as well as texts that include unusual links. In both cases, cyber criminals typically seek access to personal information.

Common Phone Scams:

1. Survey: Employees receive a text asking them to fill out a survey. Once the recipient has clicked the link in the text, malware is automatically installed on their device. Unless upper management has provided information about the surveys beforehand, employees should proceed with caution.
   
2. Texts From the CEO: Employees receive unexpected texts from cyber scammers claiming to be the CEO. Due to natural power dynamics that exist in the workplace, recipients are easily disarmed into providing sensitive information, enabling access to company-owned devices. When in doubt, employees should check with upper management before responding to these texts.
   
3. App Download Requests: Perpetrators send a link to employees, either through text or email. Included is a request to download a mysterious, obscure app. If this hasn’t previously been communicated by upper management, it’s likely the link has been sent by a cyber criminal on the hunt for sensitive data.

If your insured provides mobile devices to its employees, headaches and costly disasters can be avoided by installing Mobile Device Management (MDM) software on all company devices. MDM platforms enable employers to monitor all devices used within their organization. If a user has been victimized by a phone scam, their employer can easily reset or disable the device in question. Doing this gives carriers peace of mind that sensitive company information is safeguarded in the event of human error.

Spoof Websites

Rather than sending a link to a suspicious website, some scammers approach their victims by utilizing the website itself. By using black-hat SEO tactics, cyber criminals can position their malicious websites high up in search results. Additionally, they use URLs that are eerily similar to those of legitimate companies. Double-check URLs before visiting a site.

Common Spoof Website Scenarios:

1. Fake Antivirus Offers: Ironically, one of the easiest ways to catch a virus is by downloading a fake antivirus. Scammers are known to set up websites offering antivirus software despite the fact that many corporate computers come with built-in antivirus measures.
   
2. Free Money Offers: Cyber criminals exploit human desires by claiming to offer gift cards or other monetary rewards in exchange for personal information. If there is a form attached to the offer, there’s a good chance the information is sent directly to the bad actor.
   
3. External Support Websites: Employees may need technical support given the fact that companies rely on many digital technologies to operate efficiently. Unfortunately, it’s easy for users to fall for tech support websites that resemble the visual appearance of companies such as Apple or Microsoft.

Given the visual similarities to well-known websites, spoof setups can be difficult to spot for even the most discerning employees – this is why they work so well. In fact, human error is the leading cause of cyber incidents. Because of this, carriers appreciate companies that enroll their employees in regular cybersecurity awareness training.

While doing this may not necessarily prevent all cyber incidents, it shows carriers that employees are, at the very least, actively seeking out malicious attempts. In turn, this reduces the likelihood of major claims during the active coverage period, and keeps company assets safer in the long run.

Trava offers valuable cybersecurity insights so that companies can easily spot vulnerabilities, reduce risks, and insure against scam-induced financial loss. Retail brokers looking to help their clients gain cyber coverage can visit Limit to receive quotes from the industry’s top carriers.

The Limit Perspective

Limit is a digitally-native wholesale insurance broker working on behalf of retailers in multiple lines of insurance and across the United States. Our platform allows clients to:

• Obtain instant quotes from top cyber insurers
• Find up to $3M in Insurance coverage automatically
• Receive a plan with customizable and comprehensive coverage
• 24/7 support

Limit is building a lean, tech-enabled business that can efficiently deliver insurance policies which are tailored to the needs of individual clients. We have taken some of the first steps to revolutionizing the industry and welcome you to learn more on our website: www.limit.com

Please reach out and connect with us and our representatives on LinkedIn as well.