Tag: smishing

  • Received a weird text from your boss? You’re not alone, text scams are rising in popularity

    Received a weird text from your boss? You’re not alone, text scams are rising in popularity

    You’re sitting at your desk when you receive a text on your phone, it’s allegedly from the CEO of your company. He may say this is his new number (or his personal number) and he’s reaching out to you by name, adding to the legitimacy of the text. If you respond, he’ll say he’s in an important meeting and he needs you to use your company card to buy gift cards as a gift for the attendants of the meeting.

    If you do so, and he’ll be keeping in constant communication with you in spite of being in an “Important meeting”, he’ll say he doesn’t need the physical cards just the codes which you can find if you scratch off the back. He may thank you for being a team playing after providing the codes or stop responding altogether because unbeknownst to you, the scam has been successfully completed.

    Why gift cards? Gift cards are untraceable and usually not refundable when purchased. The scammer will quickly move the funds off the gift card leaving you with the empty plastic remnants and no recourse. Other variations on this scam may request Cryptocurrency instead (such as a message sent pretending to be one of your friends or a family member) but scammers know this would throw up too many red flags in a workplace setting.

    The request even that unusual, if you’re an executive assistant for instance you probably regularly make purchases at the request of your employer. Scammers may target the whole company if they’re unsure who the influencers to the decision maker are or they may target specific individuals.

    How are they getting the information to make their requests see more legitimate? They find it in the following ways.

    1. Your Company Website: Often times your website will have information about your key players on it, including contact information. While we don’t recommend excluding this information to prevent being a target (as it’s valuable to those you want to legitimately do business with) it’s a good idea to remember that it’s out there when you’re getting strange communications via text or email that may call you out by name.
    2. Social Media: This may be your company social media pages or even your personal accounts. We recommend making your personal accounts private and not oversharing on social media in general.
    3. Search Engines: Nothing beats a good old fashioned Google search, and the information that’s available about you online may shock you. Phone numbers, relatives names, addresses etc. can all be found online. While there’s no real way to prevent this, you can somewhat keep track of what’s been made available by creating Google Alerts for your name, email address, etc.

    While text scams may never rise to the prevalence of BEC (Business Email Compromise) attacks – which are being sent out at the rate of 10 per 1000 inboxes per day – it still showcases the way scammers will strategically target you and your business.

    If you are looking to beef up your cyber security protocols in 2024, including providing your employees training to prevent attacks like this one, Valley Techlogic can help.

    Security training is included as part of your monthly plan with us, as well as 24/7 monitoring, data recovery and remediation, backup solutions and more. Get started with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed

    In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed

    MGM Resorts are a staple on the Las Vegas strip, operating more than two dozen hotels and casinos around the world with nine of them being found in Las Vegas itself. You may have heard of the Bellagio, Mandalay Bay, and the Luxor? These are all MGM properties that host millions of visitors each year.

    Now some of those same visitors are wondering if the chain gambled with their private data. It was reported on September 11th that MGM was facing some kind of “cybersecurity issue” that trickled down to their facilities, with customers facing problems using the digital keys to their hotel rooms to slot machines not functioning as intended.

    Guests were left spending hours waiting to check in as the hotels shifted away from digital entry back to manual keys to get guests into the rooms they’d already paid for. It reportedly took 10 days for things to resume normal operations with some problems still occurring here or there.

    It’s now being reported that the cause of this hack was a persuasive phone call made by one of the members of a hacker group called “Scattered Spider” which has since claimed ownership of this attack. In a strange turn of events this group does not prioritize technology-based attacks such as malware or phishing but instead mostly engages in “Vishing”.

    “Vishing” or voice phishing is when someone calls you pretending to be someone else, they usually are purporting to be from a company you might do business with financially – such as your credit card company or banking institution.

    With number spoofing this type of attack can be very effective, and as the MGM attack shows even a massive organization is not necessarily immune from an attack if the bad actors is using the right attack vector for the job. That’s why it’s important to have several safeguards in place when it comes to protecting your systems and data.

    It’s alleged that a member of the Scattered Spider group found an MGM employee’s information on LinkedIn and was able to convince a member of their help desk to give them all the access they needed to perform the attack. Someone close to the group has said the original plan was to hack their slot machines but when that plan failed, they moved to plan B which was holding MGM’s data hostage for a payment in Crypto.

    Even though they’re now back to normal operations, MGM is not out of the woods yet. Five class action lawsuits have been filed with customers claiming the chain risked their personal identifiable information (PII) by falling for this attack. Two were filed against MGM directly, and three against their partner company Caesars Entertainment. We have talked about the legal ramifications. of cyber attacks before and it’s something companies should definitely be aware of, the insult of being hacked may not end just with the loss of data or systems being damaged – there may be legal consequences as well.

    Over 90% of successful attacks have a human element to them, with this most recent attack on MGM included in that figure. Cyber security training can go a long way in preventing cyber threats to your business, but vishing may still catch you or your employees off guard. You may be wondering how someone on the phone could possibly be so convincing that you give them access to your systems or financial accounts. We made a chart on the top 8 steps you need to take to guard against a vishing(voice phishing or)’ smishing (text message phishing) attack on your business.

    Of course, as we mentioned the best defense against cyber attacks in general is a layered approach, that way if one wall is breached an attacker would still have to get through several more to do any damage to your business. That’s where a partnership with Valley Techlogic comes in – we take a layered approach to protecting your backups, protecting your systems, and protecting you and your employees from bad actors. Learn more today through a consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.