Just as a good pickpocket can steal your belt without you feeling it, the latest computer hack is in danger of catching any business user with their pants down – and at first they won’t feel a thing, says Humber region IT systems and software supplier HBP Systems.
That’s because this hack is invisible. It looks nothing like a hack at all, says the company. Even the most sophisticated cyber security won’t stop it, and it succeeds because it preys on the weakest point in any computer system: the operator.
Every computer user now faces this most sophisticated form of phishing, and it’s as simple as it’s devastating, says HBP Systems Operations Director Tony Pearson.
How the scam works
Says Tony: “This is the most devious phishing hack yet. No cyber security system will stop it because, as far as the computer is concerned, it’s a genuine email from a trusted source. An email from a colleague will land in your email inbox with a request for you to follow a link to gain access to a file. Click on it, and you’ll be asked for some system log in details. Because you trust the sender, you fill in the log in fields, at which point you’ve passed that data to a criminal organisation.
“What’s more, the software will send similar emails to everyone in your database, repeating the process with their computer, and then the computers of everyone in their databases too.
“Nothing will happen at first; after all, it’s just some login details. But eventually those details could be used to distribute and plant ransomware on your system, or that of one of your contacts, and a new nightmare begins.”
How to defeat it
“None of the normal checks work. There will be no ‘dodgy’ email addresses or oddly-named links to spot. The email signature and sign-off will be perfect. None of the normal tell-tale signs that people ought to be looking out for will be there.
“But it’s a question of applying due diligence; of being suspicious. Ask yourself: ‘Why is this person sending me an email?’ ‘Am I expecting a file?’ ‘Why didn’t they say something about this earlier; we were in a meeting together an hour ago?’
“If you weren’t expecting an emailed file, even though it doesn’t look ‘wrong’, pick up the phone and ask the sender if the message is genuine. They’ll tell you at once, and you’ll be able to deal with it accordingly. And don’t forward it to anyone. The person you send it to might not be as vigilant as you,” he added.