NIS2: Sind Sie im Anwendungsbereich?
Das neue belgische Cybersicherheitsgesetz tritt in Kraft. Konsultieren Sie es jetzt.
Scammers have put in place another way of making collaborators feel pressured, by making them think there is no other way for their device to keep on working except if they pay a certain amount of money or share confidential information. This scam is known as fake technical support. It has become common and can happen not only through the display of a message on the screen, but also via email, phone and chat services.
One common example of fake technical support scam is that cybercriminals set up a scam where the victim gets notified, through phone, email or any other chat services, that their device is about to shut down due to a technical issue. In addition, they offer a solution to the said problem and request the victim to quickly follow up by clicking on a link, calling a given phone number or executing a wire transfer. Via the shared link, the attackers are trying to execute a phishing attack to steal confidential data or install a virus. As for the phone number, they are trying to put the victim at ease, thinking the phone number belongs to official support, in order to give a series of actions to execute that, at the end, will also give away confidential information or install a virus.
An organisation’s collaborators are its first line of defence. Your collaborators need to be made aware on how to identify scams and fake message in order to adopt the right reflexes. There are several ways cybercriminals try to steal collaborators’ credentials in order to get access to an organisation’s resources. A very common way is to use a phishing email, through which cybercriminals try to convince their victim to share passwords or confidential information. It is thus important to have regular informative sessions to train the collaborators about not sharing too much on social media and not clicking on a link or opening a file without analysing where it comes from first.
• Is it unexpected?
• Is it urgent?
• Do you know the person who sent the e-mail?
• Do you find the request strange?
• Where does the link you need to click on lead to? (only hover on it with your mouse, do not click)
• Is there a QR code in the message?
• Are you being personally addressed?
• Does the message contain many linguistic errors?
• Is the message in your Spam / Junk folder?
• Is someone trying to make you curious?
• Are you asked to make a payment?
Social media and an organisation’s website offer an important customer reach. However, it is not possible to always fully control the audience that has access to the information and posts shared. Personal or confidential information shouldn’t be shared on those platforms, as they could be used for malicious purposes, such as identifying which collaborators work in which department. They would therefore be more likely not to know how technical support might reach out.
Accounts are an entrance door to an organisation’s whole environment. They thus need to be protected by using strong passwords that are different for each account. A strong password is one of at least 12 characters and has a combination of upper and lower cases, numbers and symbols. In combination with a strong password, Multi-Factor Authentication should also be enabled wherever possible. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.
Since it could only takes one vulnerability in a system, application or device for cybercriminals to compromise in order to cause damages and get access to information, installing updates as soon as they are available is crucial. It ensures a strong cyber defence and makes sure that the system version being used is still supported by the vendor.
There are several ways a device can be infected by a virus: opening an attachment, clicking on a link, plugging a USB drive or simply surfing through a website. A virus is a malicious software that aims at damaging resources, deleting files, slowing down performances or stealing confidential information. Once a virus is on the computer, it will take time, effort and financial means to remove it. This is why it is better to protect all devices allowed to connect to the organisation’s network with an antivirus software upfront.
In addition, a firewall should be used to monitor and filter the access requests to the corporate network based on predefined security rules. The firewall acts as a wall between the corporate network and an untrusted network (e.g., home network, Internet). It will allow the organisation to limit external access only to authorised people.
Avoid browsing through unsure or illicit websites such as platforms offering counterfeit goods or software, or illegal streaming services. Scams are more frequent on those types of websites as it is easier for cybercriminals to penetrate them.
Pirated applications and software are usually infected with malware so only look for installation and download of official ones, through vendors’ official platforms and websites.
Limit the number of administrator or privileged accounts to the bare minimum. No one should have administrator privileges for day-to-day tasks. Giving the privileges that admin accounts have, it will make it easier for cybercriminals to take over the device or install malware.
Backup all systems, applications, servers and data to make sure that even if an incident occurs, all important information can still be recovered. It is important to regularly test those backups to confirm that they can actually be used if needed, after an incident.
If a fake technical support scam happens through mail, report it to your IT Responsible and to the relevant national authority (suspicious@safeonweb.be (EN); suspect@safeonweb.be (FR); verdacht@safeonweb.be (NL/DE)) and immediately delete it.
The aim of this content is to share and raise awareness of good cyber security practice.
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.