Happy Hack-oween: A hacking horror story…

.

A hacking horror story…

Spooky season is upon us and the Halloween festivities have begun. Whilst many will be haunted by ghosts and monsters, others will face something even more terrifying. Cyber criminals!

If you’re one for scary movies, you might find that cyber criminals follow a similar narrative to many of the horror stories you will have heard. They spread viruses far and wide, infecting everything in their path and leaving destruction behind them.

Only, this horror story doesn’t end when you leave the cinema.

Hackers are rife in society today, continually leveraging new technology to develop sophisticated cyber-attacking techniques. In fact, the 2020 government cyber security study found that “almost half of businesses (46%) in the UK report having cyber security breaches or attacks in the last 12 months”. Of these affected, there has been “a rise in businesses experiencing phishing attacks (from 72% in 2017 to 86% in 2020)”.

These are haunting statistics that force us to face reality.

If you’re a business owner, you must arm yourself to fight these monsters, who are lurking in the darkness waiting to pounce on the vulnerable. If you don’t, you might end up like Isaac…

Read on, if you are brave enough, to hear Isaac’s hacking horror story. Strap in, it’s going to be a bumpy ride!

Overdue invoice

Isaac returned to the office from his week-long holiday in Mauritius feeling completely relaxed. As a busy business owner, it was rare he had any time off. But having run his business successfully for the last four years, he felt a trip away with his family was well overdue.

He sat at his desk, skin glowing from his time in the sun and began catching up on missed emails. He expected nothing out-of-the-ordinary. His team of loyal employees had served alongside him to build the business, meaning things usually ran like clockwork.

However, unfortunately, something stood out. An email from an important supplier claiming that this month’s invoice was overdue.

Strange. Henry, his financial controller, had never failed to make payments on time before. A quick call to Henry would resolve this.

Five minutes later, Isaac put down the phone, completely puzzled.

“Yes, I made the payment”, Henry explained.

“But they haven’t received anything?”, Isaac replied.

“Hmm, maybe they are checking the wrong account? I sent it to their new account”, Henry justified.

“What new account?”, Isaac gulped.

“After they sent the invoice, I received a follow-up email explaining they had new bank details, so I sent it there…”

Isaac put down the phone and quickly accessed the business account. He made a horrifying discovery.

Money had indeed left the account, but significantly more than his supplier was owed. £10,000 was gone.

Impersonating emails are on the rise, particularly as more and more businesses are working remotely today.

Impersonating email

After spending 45 minutes on the phone to the bank, Isaac was slowly beginning to accept that this money was gone for good. Despite the circumstances, the bank explained that this payment was authorised and therefore retrieving the funds would be very difficult.

“Even if we manage to get access to retrieve the money, chances are the individual will have withdrawn these funds”, the bank relationship manager explained.

Isaac’s next port of call was his IT support provider, who carefully explained how this fraudulent email slipped past Henry.

“Hackers use extremely intelligent methods these days to steal money. More than likely, your email accounts have been compromised for some time. Cyber criminals may have been monitoring who you email frequently and created a copycat domain name to impersonate them when it came to a time of payment”, the IT advisor said.

Isaac carefully analysed the email address of his supplier [email protected] and that of the impersonator [email protected]. They were so similar, just a letter and a number out of place. They looked exactly the same at a quick glance!

“So how did this email slip through to begin with? Shouldn’t you, as my IT support provider, have been preventing this somehow?”, Isaac barked.

“Well, there are various email security and threat detection tools that businesses can use today to prevent this. Unfortunately, we’re not cyber security experts, so it’s not something we’re specialists in. We did try to encourage you to get an extra layer of security for your email, but you declined it”.

“So what can you do to help?”, Isaac begged.

“Very little, sir”.

60% of SMEs will reportedly go out of business within six months of a cyber-attack.

Cyber security experts

It had been a long day for Isaac. He felt embarrassed that he’d been so naïve as to not have armed his business with any cyber security. He felt let down by his current IT support provider, who offered very little in rectifying this situation.

He needed to prevent this from happening again.

Only two rings later and there was a soothing voice at the other end of the line. A company that would become his new IT partner.

“Don’t feel disheartened, this sort of email scam is very common today. Whilst it’s tricky to determine exactly how it happened, we will do everything we can to ensure it doesn’t happen again”.

Isaac felt instantly calmed to be on the phone with a cyber security expert. The next steps assured him that he’d made the right decision by contacting them.

All employees were remotely logged out and requested to set new passwords. They sourced the impersonating email account and reported it, whilst setting up alerts to ensure this account would be blocked indefinitely from communicating with Isaac’s business.

The cyber security expert then suggested Microsoft Authenticator as an extra layer of protection for all devices and applications.

“By adding multi-factor authentication you can easily prevent cyber-criminals from intercepting email accounts, as you can register trusted devices, so that when someone attempts to sign-in on an untrusted device, a time-sensitive code is generated”, the cyber security expert explained.

She then went on to recommend an AI powered cloud email security tool.

“Our cloud email solution analyses over 50 different attributes of your employees’ communications and uses advanced AI to produce trusted data profiles, so that any impersonating emails sent to your employees are flagged and quarantined.”

“Great! How does it work?” Isaac quizzed.

“It will look at various components that make up the behaviour of your workforce, including their location, the devices they use, who they email most, what time of day they generally communicate, and so on. Once this data has been collected and profiles are developed, it will compare incoming emails to those sent in the past, so that any phishing emails are recognised.”

“Sounds complex to manage?”

“This will be completely managed by us! Our cyber security experts can inspect quarantined emails on your behalf, if you wish them to, and act quickly using a one-click delete option, which will eliminate the threat from all users inboxes. Preventing scenarios like that which you experienced today…”

It was a no-brainer. Isaac knew that he couldn’t cut corners with cyber security anymore. As a small business owner, £10,000 was a great amount of money. He couldn’t afford this to happen again.

The cyber security expert went on to suggest Isaac provide his staff with valuable cyber security training.

“We can run all the training for you. We will send your employees a selection of email simulations to analyse how they might respond to threats. We will then provide tailored training materials on how to respond better should this threat have been real.”

Isaac began to feel himself relax. It had been an awful situation, but with these layers of security and his new trusted IT partner working 24 hours a day to protect his business from threats, at least he’d be able to sleep at night.

43% of cyber-attacks and data breaches are on SMEs, so even organisations with fewer employees are still at risk.

Don’t be a victim, like Isaac

Whilst the hacking horror story of Isaac is fictional, it is based on real-life scenarios that happen to business owners every single day. If your business is not equipped with the right cyber security tools, then you could find yourself in a very similar situation.

The most important thing is that you partner with an IT support company who can provide you with cyber security protection.

Virtuoso’s ThreatProtect is a comprehensive cyber security service, safeguarding your business against a wide range of threats.

Our cyber security specialists have carefully designed ThreatProtect to provide an advanced toolset that defends all vulnerable areas of your business, so that you don’t have to. These products will cover all areas mentioned in this hacking horror story, as well as endpoints, content and even your users.

By leveraging the latest cloud, artificial intelligence (AI) and machine learning capabilities, these tools work harmoniously as one, to intelligently detect, identify and respond to any potential cyber threats your business is facing.

If you’re working alongside Virtuoso, the only horrors you will experience this year are those knocking on your door for sweets in fancy dress!

Don’t become a victim of a hacking horror story like this one, get in touch today!