How to prevent cyber attacks on your business Featured

8:00pm EDT March 26, 2010

For as long as there have been computers, there have been hackers. And as soon as a hacker or scam is identified, a newer, more dangerous one pops up. So, it’s no surprise that yet another wave of cyber attacks is targeting businesses.

The most common types of cyber crime are malware, phishing, vishing and SMiShing, and the primary threat is malicious software that infects a computer. When it has done so, the malware has the ability to alter the user’s online browsing session and simulate the user logon and transaction activity with any of that person’s online banking portals and related applications, says Matthew J. Zeck, VP, CTP, a treasury management sales manager with Fifth Third Bank.

“You used to have to click on a link to be exposed; now, hackers are going through the back door and you don’t even know about it,” says Zeck. “These cyber criminals keep evolving and growing.”

Anti-virus and anti-malware software can offer protection if you keep these programs up to date and regularly run scans. A firewall can also help prevent your computer from being infected.

If your company has one or more Internet sites, says Zeck, it’s a good idea to incorporate intrusion detection and vulnerability management, and to ensure that your employees cannot override or circumvent security software. Implement a policy of updating your operating system and security software on all computers, and assign someone the responsibility for seeing that this is done regularly.

Smart Business spoke with Zeck about how to identify cyber crimes and how to protect your business against them.

How can you tell if your computer has malware running on it?

Malware, or ‘malicious software,’ is designed to infiltrate or damage a computer system without the owner’s knowledge or informed consent. Examples of malware include computer viruses, worms, Trojan horses, spyware and other malicious software.

By design, malware is difficult to detect. In most cases, the creator of the malware program does not want the victim to know that the malware exists. Each piece of malware is somewhat different, which makes it difficult to make a list of definite signs.

But some signs that indicate your computer may be infected include:

  • Additional toolbars added to your Web browser that you did not authorize.
  • Pop-up windows that advertise services that you did not request.
  • Unusual windows that show up and possibly go away when you start your computer or are browsing the Internet.
  • Unusual links showing up in Web pages where there are not usually links. These links will probably lead to Web pages advertising some service.
  • An unusual slowdown in your computer’s performance.
  • The appearance of unexpected programs in your computer’s startup folder.

What should you do if you discover malware on your computer?

If you suspect that your computer has been infected by malware, avoid using it for any private or personal transactions. Contact a computer professional as soon as possible to have your computer cleaned of all malicious programs. Some malware downloads other pieces of malware once it installs itself on a victim’s computer. So if there is one piece of malware, there is a good chance that there are more hiding in other places. Security is like a chain; it’s only as strong as its weakest link.

How does phishing work?

Phishing occurs when a fraudster impersonates a legitimate company or organization (this is the bait) using e-mail, faxes, and/or Web sites in an attempt to lure recipients into revealing confidential information. The messages are well crafted and are often difficult to distinguish from those of the companies they impersonate.

Although they are designed to be nearly impossible to distinguish from legitimate e-mails, there are some common signs to look for.

  • They urge the recipient to click on a link to update or verify account information.
  • They convey a sense of urgency and often mention negative consequences for failing to respond.
  • They do not contain any personalization — the recipient’s name, the last four digits of their account number or other information that shows that the sender knows something about the recipient’s account.
  • They are unexpected and are not consistent with other e-mails from the company.
  • They may contain spelling errors and bad grammar.

What is vishing?

Vishing is related to phishing in that the basic scam is the same. The fraudster is trying to trick you into divulging personal or financial information or to download malicious software. Vishing incorporates mass-distributed automated phone messages into the attacks. In this type of scam, special response phone numbers are used instead of fake e-mails and Web sites. The term ‘vishing’ is a combination of the words ‘voice’ and ‘phishing.’

How does SMiShing work?

The newest form of phishing targets cell phone and mobile device users. The term SMiShing is derived from a combination of the term ‘phishing’ and ‘SMS’ (short message service), which is the technology used for sending text messages.

Similar to phishing, SMiShing uses cell phone text messages to deliver the bait to get you to divulge personal information. The ‘hook’ — the method used to actually capture your information in the text message — may be a Web site URL.

However, it has become more common to see a phone number that connects to an automated voice response system.

Matthew J. Zeck, VP, CTP, is a treasury management sales manager with Fifth Third Bank, Greater Cincinnati Affiliate. Reach him at (513) 534-0344 or Matthew.Zeck@53.com.