Most ransomware attacks and phishing schemes in public and private sector entities are successful because someone in that organization clicks on a link that gives the hackers access to their systems – and personal data on their personnel.
There are numerous ways to make one of these links seem authentic, and one of the latest may be among the most deceptive.
Think about the links you would click on with confidence all the time, such as that of your bank or accounting firm. Now imagine if just one letter or character within the wording of that link was in a slightly different script from the others. You probably would not notice it. But that link would take you to a malicious site that may look like the real thing. And once you enter your password, they’ve got you.
Usually, the character that is altered is one from the Cyrillic alphabet, because those characters closely resemble standard Roman letters. Or perhaps a lowercase “L” is changed to a capital “I” – two characters that at first glance may look the same even if both are from the Roman alphabet.
What Can You Do?
Unfortunately, not much. These scams will likely continue to evolve and ensnare even those who are careful.
The only foolproof method to avoid them is to never click on a link in an email. Period.
If you get an email that states there is some questionable activity in your bank account, and “click here to access your account,” avoid the link and enter the URL for your bank manually, so you know you will be taken to the correct site. Or if you have that site bookmarked, access it that way instead.
How Can IronWall360 Help?
No system is invulnerable to ransomware. We can’t stop these incidents at the source, but we can limit the damage they inflict on individuals and organizations under our protection.
Here’s what happens in a typical ransomware situation: If the ransom is not paid, the hacker will sell the information they’ve collected, such as bank account numbers, credit card numbers, and perhaps part or all of victims’ social security numbers, to anyone who wants to buy it.
If it’s acquired by someone who can put that information together with other content where personal information may reside, such as government records, school records, or loyalty clubs where you dine out or shop, it will be used for a never-ending barrage of scams and other attempts to hack accounts and steal money.
However, our clients have already been removed from those other databases, so even after a ransomware attack the ultimate harm to anyone with online privacy protection can be significantly reduced. As always, the less scammers know about you, the safer you are.
Monitoring the internet for privacy violations is a full-time job – and you already have one of those. But IronWall360 is on the case. Whether it’s a result of ransomware, sites that specialize in selling data, or a club or group that is not aware it could be putting some of its members in danger, we’ll make sure that content comes down – whatever it takes.