As technology innovation moves quickly, so do cyber security threats.

There are some new threats and tactics that cybercriminals have been adopting in recent months, and it is important to be aware of them to avoid being caught out.  In this overview we set out some of the latest threats to keep in mind when considering what risks you and your business face.

Ukraine donation scam

Whether it is the Covid pandemic or a natural disaster, any significant world event will be exploited. The ongoing Russia-Ukraine war is no different.  The conflict has been used by cybercriminals to request donations from email recipients. The senders will typically impersonate large organisations (e.g. the UN) in order to ask for donations to be made to help the victims of the war. The cybercriminals will typically ask the recipient to make a payment into a cryptocurrency account (which is far more difficult to track than a conventional bank account) that will be owned by the cybercriminal. For this scam to work, it requires the recipient to take action and make payment to the account, which may be more likely than usual given the potential emotional reaction to an email relating to this war. This is a typical tactic employed by cybercriminals.

Sextortion phishing

Following on from the above, this is another ongoing trend which seeks to exploit an emotional reaction from the email recipient for the benefit of the cybercriminal. This type of phishing email uses language to cause fear or alarm (e.g. telling them they have been hacked or owe money) to entice the recipient to click on a link to make some form of payment or comply with a request. These emails tend to ask the recipient to comply with a request and sets a deadline for them to do so (another technique used to create panic).

Denial of Service cyber attacks

A denial of service attack essentially does what it says it does. It is designed to disrupt or disable a computer network, program or website to allow the cybercriminal to attack specific parts of a network. This is obviously a daunting proposition for any individual or business to face, especially considering the reliance on computer networks and software to run companies efficiently.

LinkedIn phishing emails

Another phishing technique that is on the rise this year is the use of LinkedIn phishing emails, which impersonates other users or a representative from LinkedIn. These emails ask the user to click on a link to log in to their LinkedIn profiles. When the link is clicked on, the user is taken to a fraudulent website which looks like the LinkedIn login page and, as they type in their login details, their personal details are being recorded by the cybercriminal. Following this, the user will be diverted to the actual LinkedIn website, which means they will be unaware of the ongoing phishing exercise being carried out. Most of the phishing emails appear to be genuine: showing the LinkedIn logo, subject lines you would expect to receive from LinkedIn (e.g. in relation to profile views or searches) and also LinkedIn’s actual email footer.

Given that LinkedIn has hundreds of millions of subscribers worldwide, it is important to be vigilant when receiving email correspondence similar to that described above.

CEO / CFO scams

This technique is frequently used by cybercriminals to impersonate a company’s CEO (following the cybercriminal gaining access to the CEO’s email account or using a very similar (created) email address as the CEO) to email the CFO and ask for funds to be sent for the “CEO” to close a deal. The emails are generally cleverly structured and provide an urgent deadline to entice the CFO into making a quick decision to send the funds requested.

Ransomware

Although this technique has been utilised by cybercriminals for a number of years, it continues to be used regularly. Essentially this is used to prevent users from accessing files within their system (usually be encrypting the files) which is obviously disruptive to any business. The cybercriminal will then request that the victim pays a ransom or complies with a request in order for them to provide details that will allow the victim to access the targeted files again. It is important to keep this in mind given that the National Cyber Security Centre has reported that reports to the ICO relating to ransomware attacks “have more than doubled since 2020”.

These are just some of the cyber security threats out there, and it is vital to keep aware of the latest risks. If you or your business have experienced any cyber security incidents or want to find out what we can do to help protect you going forward, please do get in touch with us and we will be happy to discuss.

Related News, Insights & Events