A large number of organisations have suffered data breaches in the last six (6) months. Cyber criminals are now using an email scam where they pretend that the victim’s credentials have been compromised as part of a data breach. It is possible that the organisation does not exist. We are seeing more and more fear mongering on a daily basis.

We received an email this morning informing us that our email address had been exposed to a data breach for a company we’ve never heard of. Cyber criminals are using fear mongering and current events to lure people into the next cyber breach in a new, elaborate way.

“Put a speed bump between your mind and the keyboard”

This very expression needs to become everyone’s mantra, because despite cookie-cut Security Awareness Training, you will never be fully prepared for such attacks. Cyber criminals are evolving at a rapid pace.

These are some ways to prevent yourself from falling victim to a data breach if you receive an email from someone you don’t recognise, or you are asked to act on something in an email:

1. Do not open an email if you do not know who sent it. Delete it.

2. Delete emails that advertise something you’ve never seen before.

3. Delete the email if the offer seems too good to be true.

4. Be sure to check the email address of the sender. Does that email address correspond to the website of the company claiming to have suffered a data breach? e.g. if they are claiming Microsoft had a data breach, has the email come from microsoft.com.

5. Having exhausted all of the above, if you still have an email asking you to click on a link to give you something, ask yourself: do I really want to lose my livelihood on a random gamble?

6. You can search for the recipient of the email and its contents online if you still believe it is legitimate. Look up the business name they claim to represent because there’s a good chance someone has already reported this before. You can report the scam by contacting the company via a contact form on their website or a local phone number if it exists. If the email contains a phone number, do not call it.

7. If you manager, client or company owner sends you an email to transfer a large sum of money, pick up the phone and verify. Do not call the number in the email or PDF. Use the phone number in your organisations address book or in the instance it is a client, your Customer Relationship Management software (CRM).

If all the above fails, ask an expert. There is only one shot at this before your livelihood is forever affected.

To be compromised on the Internet the beginning of the end. There is no way to know where your information ends up or how it will be used.

Happy Friday!!

Thomas Cyber Team.