By Jayla Johnson, Drexel University Co-Op
Employees and companies, whether they are big or small, are no strangers to cyberattacks. Cyberattacks happen constantly, and in my case as a cooperative education (co-op) employee, it happened to me in my third week of employment. The good news is that the company I work for has protocols in place that helped me to avoid purchasing gift cards and sending them into the hands of thieves.
Cyber criminals have upped their game while many of us are working from home due to the coronavirus pandemic. According to HelpNetSecurity, 88% of all North American respondents stated in a survey that they had seen an increase in overall cyberattacks due to employees working from home.
An article by Kristine Solomon published in Yahoo News, “A scary new scam is targeting work-from-home employees — here’s what you need to know,” addresses how people are getting targeted at a much higher rate due to being home more. One such cyber threat comes from “a Russian hacking group called Evil Corp.” which aims to infiltrate remote workers’ vulnerable Wi-Fi networks.
As recent as July 16, 2020, according to government intelligence in the U.S., U.K., and Canada, Russian hackers tried to steal coronavirus research due to the intense international race to develop a vaccine for coronavirus which has killed nearly 600,000 to date. So, if these criminal organizations are so interested in getting important research data from pharmaceutical companies, why do they target co-op students like me?
Before I answer that, let’s talk generally about cyberattacks and what you need to be aware of.
Most Common Types of Cyberattacks
From what I have learned, the most common types of cyberattacks include phishing/social engineering, malware, ransomware, denial-of-service (DoS), distributed denial-of-service (DDoS), password attack, drive-by download, and man-in-the-middle attacks.
At Furia Rubel, the public relations, marketing and crisis communications agency where I work, we talk quite a bit about cybersecurity. Here are links to a few resources on the topic:
- 30 Cybersecurity Tips
- Cybersecurity: How to Protect Yourself and Your Company
- Protect Yourself from Phishing Scams
- Planning for a Crisis Including Cyberattacks
Phishing Attack: Email Asking Me to Purchase Gift Cards
In my situation, I was hit with a phishing attack. It started with an email that looked as if it came from the company’s owner, Gina Rubel. The hackers hid their email and copied Gina’s signature. They wanted me to purchase multiple gift cards worth more than $600 dollars. What struck me as odd, is that my “boss” was asking me to put out a large amount of money and to “go to the store and purchase the gift cards” while we are still in a pandemic. The emails were pushy and demanding, which is not how Gina communicates.
I started to question why I had to buy gift cards if they could be easily purchased online through a website or a secondhand retailer, so I asked for the company credit card. I also started pushing back and eventually they stopped responding.
After trusting my gut and going back and forth with my supervisor, we quickly figured out that it was not Gina contacting me. I blocked the sender’s information and reported it to our security team to prevent more unwanted communication. This made me think how people like myself, who are new to a company, may not be aware of these cyberattacks or even unaware of what looks real but in fact, is not. As a result, management has added additional cybersecurity review procedures to the onboarding of interns, temps and co-op employees – something they already had in place for full-time staff. I also learned that we are supposed to confirm purchase requests via our instant messaging platform and/or via verbal communications because cybercriminals don’t typically infiltrate more than one platform.
Cyberattacks can come in all sorts of ways and it can be difficult to decipher depending upon where the attack is coming from. It’s easy to fall for a cyber scam as hackers are getting smarter and more deceptive.
How Not to Be Victim of a Cyberattack
To prevent oneself from falling victim of a cyberattack:
- Secure your network and company’s data by investing in online security software
- Keep your software up to date
- Check authenticity of incoming email address (scroll over with your mouse, don’t just rely on what it “says”
- Do not click on links or open attachments until the email’s authenticity has been verified
- Never share personal information electronically
- Do not allow web browsers to remember your passwords
- Use strong passwords
- Use two-factor or multi-factor authentication
- Most importantly, trust your gut.
The Business of Cybercrime
The article, Global Cybersecurity Spending Predicted To Exceed $1 Trillion From 2017-2021 by Steve Morgan, editor-in-chief of Cybersecurity Ventures, breakdowns the cybersecurity industry. It exceeded $114 billion dollars in 2018, it grew to $124 billion dollars in 2019, and as of July 2020, the cybersecurity industry has broken a record for the most ransomware attacks. Cybercrime is forecasted to be a $170.4 billion dollars industry by 2022.
I learned a valuable lesson, almost the hard way, and am glad I trusted my gut. It is something I most certainly will not forget. If there happens to be a next time, I know what to do and I hope more people, whether they are working from home or in an office, take the necessary steps and precautions so they do not risk being the victim of a cyberattack.
If you believe you’ve been the target of a phishing attack, you can forward the e-mail to email@example.com and contact the party potentially impersonated in the e-mail. You can also file a report with the Federal Trade Commission.
For more coronavirus resources, please visit our Coronavirus (COVID-19) Crisis & PR Resource Center.