Business operators are again being warned about the dangers of cybercrime, after email security provider MailGuard uncovered an email scam that imitates the Federal Circuit Court of Australia.
MailGuard chief executive Craig McDonald told SmartCompany his team detected what the believe to be a “fast-breaking” attack, with a wave of fake subpoena emails disguised as coming from the court asking recipients to download a zip file containing ransomware.
โPhishing attacks like the subpoena email purporting to be a brandย haveย a 25% click through rate,โ says McDonald.
Cybercrime is estimated to affect nearly 700,000 Australian businesses and according toย Stay Smart Online, 60% of cyber attacks target SMEs, leading to costs including disruption to the business, and loss of information, revenue and productivity.
According to the Australian Competition and Consumer Commission, scam activities have robbed small businesses of $1.6 million in the past six months, with ransomware being one of the biggest culprits.
McDonald says attacks involving ransomware are getting more sophisticated and harder to detect.
โIn the last six months, emails coming through purporting to be a known brand have become a lot smarter and sophisticated to the point [cyber criminals] are doing a lot of testing before launching a larger scale attack,โ says McDonald.
โIn the last 18 months, it has been ramping up.
Scams involving ransomware typically ask users to open a website and enter credentials, such as an email address, says McDonald.
โIn the background, all the files on your computer and networks will become encrypted so as a company, you will not have access to those files and youโll need to pay a ransom to get a key to un-encrypt those files,” he says.
โIf a SME is impacted by an email like this, thereโs a 60% chance that within six months, the business will be no longer.โ
Recently, the ACCC itself fell victim to a malware scam, with several businesses receiving fake emails from the watchdog that claimed official complaints has been made against them.
Within these emails was a zip file disguised as a pdf link, which appeared to be the infringement notice.
โFortunately, no money has been reported lost from these particular scams to Scamwatch yet. The emails are easy to spot as fakes and you can avoid falling victim by checking the email address of the sender before clicking on any links,โ said ACCC acting chairman Michael Schaper at the time.
McDonald adds that nine out of 10 businesses globally will be affected by criminal intent emails, phishing or spear phishing.
Spear phishing is when a cyber criminal sends an email to an executive in a business pretending to be another executive and asking to transfer funds.
Protecting your business
โThe key thing for business is that [cyber security] is an economic issue not an IT issue,โ says McDonald.
โOwners need to focus on if the business was disrupted what the survival rate will be and take certain steps to address that.โ
Here’s McDonald’s five tips for protect your business.
1: Automate security updates
Though small businesses may have restricted budgets, McDonald says cyber security must be a priority.
โMake sure that all of the current security applications are up to date and kept up to date automatically,” McDonald says.
โThat seems to be one of the key things that people forget to do.โ
2: Donโt click too fast
โIf in doubt, donโt click,โ he says.
McDonald recommends keeping an eye out for abnormal or suspicious behaviour, language and requests in emails.
โPotential fraud emails are very hard to detect,โ he says.
โDonโt be so quick to click on things.โ
If a bank is unlikely to ask you to key in private information via email, donโt do it.
โDonโt click on the URL in the email, go to the normal banking portal and go from there,โ he says.
3: Backup your files so you donโtย get heldย ransom
Having a live back-up of all systems can reduce some of the damage from ransomware attacks, says McDonald.
Though the business may lose out from having to reinstall everything, he says the cost will be far less than having to pay a criminal ransom money to get back the files and data.
4: Invest in professional security
Small and medium businesses can also pay for software to add an extra layer of protectionย to prevent attacks hidden in the hundreds of emails coming in to their inboxes everyday, McDonald says.
5: Take out cyber insurance
McDonald says businesses that carry out any activity online need to consider how much disruption from an attack the business could withstand, what kind of measures they can put in place for protection and what other things they can set up to mitigate the risks of ransomware.
Even though cyber insurance canโt prevent attacks, he says it may well save the business from imploding if something happens.
โIt can at least help get backup and recoup some of the losses,โ he says.
Comments