Watch Out for These Three Sneaky Cyber Scams

Cyberattacks continue to mount against small and mid-sized businesses.

Keep your business safe from cyberattacks by recognizing attempts to infiltrate your software.

Over the last two years, cyberattacks have increased significantly due to the surge in digital business. Cybercriminals are studying online systems for gaps and weaknesses that will let them exploit the online security. Q4 was the highest peak of cyberattacks in 2021¹, and 2022 is expected to see a growing concern for the cybersecurity of businesses.

The TCS team is creating cybersecurity guides to ensure your business has the resources. Our January cybersecurity blog warned our partners about common phishing emails and the signs of email fraud. We recognize that as time goes on, cybercriminals invent increasingly unexpected ways to get around your security walls, and we want to address those.

We’ve listed three sneaky ways cybercriminals target businesses – and how you can make sure you and your team aren’t affected:

Corrupted Email Attachments

Typically, email attachments ending in “.exe” can’t be trusted because they could contain harmful coding or commands. However, cybercriminals have also learned to corrupt PDFs and Word documents in order to compromise or hack your computer or send you a virus.

Characteristics of an unsafe email attachment:

· Unexpected arrival: If you receive an email with an attachment that you weren’t expecting, don’t touch it until you can verify it’s safe. If you believe you know the sender, reach out to them another way to ask about the email.

· Unknown sender: If you don’t recognize the person who sent the email, don’t touch it. Only trust emails from people you know or brands whose content you’ve subscribed to.

· Incorrect “from” email: Cybercriminals can impersonate just about anyone inside or outside of your business, but they can’t duplicate an email address. Always check the sender’s email to ensure it is correct and doesn’t contain any misspellings, incorrect domain or extra numbers or symbols.

BOTTOM LINE: Never click on an email attachment if you don’t know who sent it or why.

QuickBooks Invoice Scams

Many businesses rely on QuickBooks by Intuit to handle accounting manners and submit or receive invoices by email. Unfortunately, cybercriminals have also recognized the value of QuickBooks as a means to intercept businesses’ monthly payments. For example, they can pose as one of your regular vendors and send a fake invoice to intercept your usual payment. Some scams also ask businesses to use the ACH (automated clearing house) method, in which bank account information is provided as well, putting the business in greater danger of fraud.

Rest assured, email-based QuickBooks invoices will always arrive from intuit.com, so keep an eye out for the legitimate intuit.com domain listed in the “from” email. If the domain is incorrect or the invoice was sent by the vendor instead, don’t trust it.

REMEMBER: Never interact with an email if you don’t know who sent it.

Google Voice Scams

This is a very interesting scam that’s been popping up lately. If your business phone number is listed publicly on your website and other places, cybercriminals could use it in a Google Voice scam. The ways this works is that they contact your business as a prospect and ask you for a Google authentication code to prove your business is real (this is especially common for businesses that sell online). However, once they have the code, they can use your number to create a Google Voice account.

Google Voice creates alternative virtual phone numbers, but it requires a real phone number on the account to track activity. Cybercriminals can use their new Google Voice number to run phone-based scams – while all the activity is traced back to you. The authentication code could also allow them to access your Google account.

Fortunately, these scams can be prevented by declining to share an authentication code of any kind and instead encourage prospects to call or visit your store. Don’t be afraid to list your website on your digital platforms, just be aware of any signs it’s being misused.

Check and Check Again

You may find it tedious to verify every single email or phone call that comes to your store, but it’s better than the alternative – having a cyberattack slip through. Cybercriminals are always looking for ways to exploit technology, which is why a human firewall is your best defense. We encourage you and your team to always remain up to date on your cybersecurity protocol.

TCS is here if you have any concerns regarding your business’ cybersecurity. Please feel free to connect with our digital experts today to discuss best practices.

¹Forbes