By Jim Mikula, President/CEO
At last week’s Leaders Breakfast, we learned about fraud prevention from Angela Davis and John Whiten of Security State Bank & Trust plus City of Fredericksburg Police Detective Bryan Davis. Topics covered included technology scams, impostor scams, phishing scams and several other forms of fraud. Of the different fraud schemes it is Social Engineering that can be the most harmful.
Social Engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer system, or trick you into giving up information to gain access to your finances or to steal your identity. The presentation included statistics that are quite concerning.
· 98% of cyber-attacks involve social engineering
· 90% of data breaches involve social engineering
· Small business employees experience 350% more social engineering attacks than employees at enterprise-level companies.
According to state records, 98% of Gillespie County businesses are defined as small businesses. Based on these statistics one might conclude that our businesses are targets for the bad actors seeking to conduct online fraud. Business email compromise is the second most expensive type of cyber-crime. The third costliest is technical/customer support and government impersonation scams.
The fraud team at Security State Bank & Trust also offered recommendations for protecting you and your business from fraud.
· Limit what you share on social media. Cyber criminals use personal information about you or your business found on your social media accounts to create convincing scams.
· Be careful with email attachments. If you don’t know the sender and a file is attached do not open the attachment. Opening an attachment can compromise your computer or network.
· Don’t assume messages from people you know are safe. Email hijacking is rampant. Compromised email accounts are used successfully to conduct social engineering attacks against the sender’s contacts. If you receive an unexpected message from a known contact, verify the message’s legitimacy before taking any action.
· Don’t use public Wi-Fi. Use your mobile internet service whenever possible. If public Wi-Fi is your only choice, ensure you are using a VPN, especially when accessing email, social media, and/or financial information.
· Don’t upload personal identifiable information (PII) to personal file storage services. Google Drive, OneDrive, DropBox and other file storage/sharing services are not secure. If you are sending or requesting PII or other sensitive information, use an encrypted file sharing service.
· Use strong and unique passwords for everything you log into. Consider using pass phrases instead of passwords. Consider using a password manager. The most secure password is a password you don’t know.
Finally, the Security State Bank & Trust team offered a final recommendation - train yourself, your family and your co-workers! And, they offered some helpful websites:
In closing, reach out to your bank to get more recommendations for avoiding fraud and get assistance developing your online safety policies and procedures.
Comments