Would your staff be security aware enough to spot the “middleman”
Ever since the dawn of the internet – and email in particular – we have all been vigilant about avoiding scams. While history is littered with terrifying stories of businesses and individuals that fell for a fraudulent scheme, some approaches are almost hearteningly old-fashioned. How many overseas princes have asked to store money in your bank account this year?
Just because we’re increasingly safety-conscious, though, there is no room for complacency when it comes to IT security. This is especially important for a business whose server will invariably host essential financial and personal data. As we become more attentive to our IT security, determined scammers are growing equally cyberaware.
Sending an email and asking nicely for bank details, encouraging somebody to speculate to accumulate, is no longer effective. In the modern age, a man-in-the-middle attack is the likeliest way your personal and financial data will be placed at risk. In the 21st Century, personal information is rapidly becoming a currency in and of itself. Armed with email addresses and access to all manner of files, a malevolent intruder can wreak havoc on a business.
We call this process a man-in-the-middle attack as it sees data intercepted between two servers. For information on these cybersecurity risks, watch this video of our ethical hacker showing a real-life man in the middle attack simulation and learn how such an assault on your servers and computers would unfold. Before you do, however, please allow us to explain the fundamental concept of these concerns.
Man-in-the-middle attacks usually unfold through email, with a message asking you to confirm personal details. You know the ones. You may have received such a message claiming to be from HMRC stating that you are entitled to a tax refund, or from your mobile phone supplier claiming that your bill could not be paid and that you must enter new card details.
In our personal lives, it’s a little easier to be cyberaware. For a start, we’re all innately suspicious of any email that asks for money. We’ve been exposed to too many IT security breaches over the years to be cavalier. Things can be a little different in the business world, though. Many of us are naturally more trusting when we receive supposedly professional communications. Imagine, if you will, that you received an email from one of the following email addresses.
Look closely at the addresses. You’ll notice that those ascribed to Jane Doe and David Smith have typos in the domain name. For the avoidance of doubt, we’re not picking on Microsoft here or accusing them of being less security-conscious than other conglomerates – we are just choosing a popular email domain!
So, looking at the above, you may immediately notice the error in the domain name. In doing so, you can banish a phishing message to your junk folder – ideally reporting it to a relevant cybersecurity body first. How about these addresses, though?
Here, the errors are considerably more subtle. If you were not paying attention, you might not notice that Joe Bloggs has become Joey, or that John Doe has dropped an H from his name and become Jon. Not all hackers are this subtle, but an increasing number of scammers and digital criminals are becoming savvy.
If you work alongside Joe or John and a message purporting to be from them was flagged as junk by your email provider, you’ll want to explore more. Pay particular attention if the message seems out of character, such as littered with spelling errors or written in an atypical tone. This is how you’ll identify the attempted security breach. We all need to remain cyberaware, though. One lapse in attention and judgment could have disastrous consequences.
How can we tell when we are being targeted in such a fashion? Well, this email will inevitably ask you for personal information. Ordinarily, these will be log-in details for a computer system, financial information, or email account data. Any of these can be problematic in the wrong hands – and a man in the middle attack can leave a third party with complete access to your digital data. This could result in any of the following:
• Access to personal or business bank account data, enabling withdrawals or unauthorised charges. Often, these charges will be labelled something innocuous and be for sums small enough to avoid arousing suspicion until they start to add up
• Ability to send emails posing as yourself. This could be asking for money directly, amending previously distributed invoices with new bank accounts details, issuing new payment demands, or even ‘just’ sending explicit or offensive messages and images that mar your reputation
• Unrestricted access to personal information for your client base. That’s email contacts and telephone numbers, as well as home addresses and credit card data. This will lead to more than just a loss of trust in your business – it’s potentially placing consumers in danger
On paper, the solution to this attack is simple. Change your password and hope the damage has not been too severe. Sadly, a man in the middle attack goes unnoticed all too often. It takes a mysterious transaction on a bank statement, a raft of complaints from consumers, or a complete shutdown of all digital services. In addition, once your IT security has been
breached once, you’ll remain on the radar of hackers that consider your business a prime future target. Not ideal, we’re sure you’ll agree. That’s why we’re so keen to ensure that nobody falls foul to such pitfalls.
We’ll refer you back to our actual man in middle attack video, where our ethical hacker displays how scarily simple it can be to conduct a “man-in-the-middle” cyberattack. We’re keen to help you avoid this outcome – we refuse to let the hackers and scammers win! Always remain cyberaware and protect your data fiercely. Please check in with us regularly for further IT security tips that keep us all safe, too – online and off.
Call for ad-hoc maintenance 0141 255 1617
The worst has happened. And you don’t have an IT support technician to call (it’s next on your To Do list). Don’t worry we provide a super-fast emergency service for non-clients, too. Whether you’ve got backup problems, or a delivery of new PCs to set-up, don’t let Johnny from accounts have a bash at it; the PC might appear to be fixed, but you could have new glitches or security flaws behind the scenes. Give us a call. We could save your staff valuable time on routine jobs like networking and updates, and our competitive pricing will come as a pleasant surprise…