OnPoint Launches eBook to Help Guard Against Evolving Tactics in Cybercrime
Posted by Andrew Kobialka on October 3, 2022
OnPoint Community Credit Union, based in Portland, Oregon, released its 2022 “The OnPoint Guide to Personal Cybersecurity” eBook to help consumers and businesses protect themselves amidst a fast-evolving cybercrime landscape.
In 2021, ransomware attacks doubled, and in the first half of 2022, malware scams jumped 11%. OnPoint updates the free eBook every October to coincide with National Cybersecurity Awareness Month and help keep the community informed of the latest online threats. From emerging cybercrime business models to a surge in smishing and attacks on small businesses, hackers are continually adapting their tactics to take advantage of vulnerabilities.
“Financial security and personal data security go hand in hand, and both require a commitment to ongoing learning and education,” said Damian Laviolette, chief information security officer, OnPoint Community Credit Union. “With everything from phones, cars, drones, and home systems connected on the web, cybercrime is only going to keep growing — it is not going away. As cybercriminals evolve their modes of attack, we’ll continue to share best practices and resources so people can stay on top of trends and understand how to protect their identities and their bank accounts.”
The latest trends in online fraud include:
• Ransomware as a Service (RaaS): A play on the Subscription as a Service or SaaS business model, RaaS providers market themselves on the dark web, offering their ransomware services and technology to clients in exchange for cryptocurrency. The scale of services ranges from advice and assistance to round-the-clock support that includes negotiating with the victim. While RaaS makes it easier for more bad actors to enter the market, the methods of attack remain the same. Cybercriminals access systems via malware infection or exploitation of a vulnerability.
• Smishing surge: This summer, the FCC issued a warning about a rise in smishing, a type of social engineering attack that uses SMS texting. Designed to read like a formal notification from a business, smishing texts operate under the same premise as email phishing scams with a link pointing you to an attacker-controlled server. The smisher may even use your name and location to address you directly and strengthen the validity of the message.
• Small businesses beware: According to the FBI’s Internet Crime report, the cost of cybercrimes against the small business community reached $2.4 billion last year. And a U.S. Small Business Administration survey found 88% of small business owners felt their businesses were vulnerable to online attacks. While large enterprises have built robust security teams and protocols, small businesses tend to lack the security infrastructure needed in the era of cybercrime, making them an attractive target for hackers.
Top 5 Tips for Cybersecurity:
• Forget the password. Remember the passphrase. A password typically contains about 10 characters, blending letters, numbers and symbols. However, passwords are relatively easy to crack by hackers. That’s why passphrases are becoming the new industry standard. A passphrase is longer than a password, can contain spaces between words, and should be easy for you to remember but hard for a computer to crack. Consider song lyrics, a quotation, or anything memorable to you like “My favorite food is Hawaiian p1zz@,” mixing in symbols and numbers in place of some letters. Even the most proficient password cracking tools break down at about 10 characters, so remember the longer your passphrase is, the harder it will be for fraudsters to hack.
• Back up your data. Backing up data is an absolute must for small business owners. A ransomware attack will seize up your system and lock you out until you pay the hackers. The average length of business downtime due to ransomware attacks is 20 days. That’s enough time to shut down a small business. In addition to security protocols and threat detection, make sure you have a consistent and reliable way to back up your files with encryption in a system separate from your day-to-day operations.
• Verify sender before clicking any link. Double check the sender’s address and domain name, and don’t simply rely on the display name. You can hover over a link to see if the URL looks legitimate or has common tricks like a zero in place of the letter “o” or an “s” added to the end of a word like Onpoints.com. Be extra wary of any offer or notification that has poor grammar or typos, comes out of the blue or sounds too good to be true.
• Stop and ask for help. So, you’ve clicked the link. What now? First, stop using the device and disconnect from the internet to stop the spread of malware. If your device is related to your job, reach out to your IT department by phone. If you’ve entered sensitive information, call your financial institution’s hotline (on the back of your credit or debit card) to report the incident, consider putting a lock on your credit records and set up a fraud alert. For breaches on your personal device, back up your data using an external device like a USB and then scan your device for malware. Lastly, change your passwords across all your accounts. When in doubt, seek out a professional IT expert for help.
• Teach your kids. You might be aware of smishing, but are your kids? Laviolette says smishing attacks can be successful when you let a kid borrow your phone to play a game. When the text comes through, they may start tapping the screen to remove the distraction and unknowingly compromise the system. If your kids are using electronic devices of any kind, even for limited periods of time, make sure you’ve educated them about the risks.
Cybercrime comes in many forms and requires vigilance across all channels. To learn even more ways to protect yourself, your family or your business, download The OnPoint Guide to Cybersecurity eBook or talk with a representative at your nearest OnPoint branch.