13.4 C
Munich

eTrouble in Little Saigon – A real life cybercriminal story by Caroline Doan and Thanh Phan

Must read

Your Amazon account has been accessed from a different location. Please click on this link to verify.”  Emails with subject lines like this are a dime a dozen these days. How many users would click on this? You’re probably thinking that you would never fall for a phishing scam like this, but what if it was your elderly parents or your cousin that doesn’t speak English? This would hit closer to home. What is phishing? The story below will illustrate a phishing scam. We have changed the names to protect the identities of these individuals.

In the heart of Little Saigon, Nghia and Trang had built their business, a small but successful medical office, from the ground up, had a loyal customer base, and a team of dedicated employees who helped them run the day-to-day operations. One day, Nghia received an email from what appeared to be a vendor that they had done business with in the past. The email contained an attachment that he was asked to open. Clicking on the attachment, thinking it was safe to do so, it quickly spiraled into a nightmare. By clicking on this attachment, Nghia triggered the installation of a keylogger (an application that runs discreetly in the background, recording every keystroke the user enters) allowing the cybercriminal to gain access to their company’s computer network.

Over the next few weeks, the cybercriminal was able to monitor all the company’s online activity, including their banking and financial transactions. They were careful with their money and kept a close eye on their accounts, but it took a while for them to realize that something was wrong. When they finally received their bank statements, they were shocked to see unauthorized transfers and transactions. They immediately contacted their bank to report the fraud. But by this time, it was too late. Their business suffered a substantial loss. Large sums of money had been stolen from their personal and business accounts along with confidential company data.

Nghia and Trang were devastated. They put everything they had into their business, and now their livelihood was in jeopardy. They felt violated and helpless, and it was a long time before they were able to trust the internet again. The cybercriminal was eventually caught, but the damage had already been done. Nghia and Trang had to work hard to recover their losses and rebuild. They learned a valuable lesson about the dangers of the internet and the importance of being vigilant when it comes to online security.

Stories like this are statistics that rapidly become a growing concern in this day and age. It is painful to see good people like Nghia and Trang swindled from right under their noses. It is also a reminder to be vigilant with our online presence, whether it is professional or personal. Let’s lay down some numbers so we can understand the gravity of cybercrimes.

According to Proofpoint, Inc, a leading cybersecurity and compliance firm’s 2023 State of Phish Report, which analyzes data based on approximately 135 million simulated phishing attacks sent by Proofpoint customers to their employees over a one-year period and approximately 18 million emails reported by end users over the same time period, 44% of people think an email is safe when it contains familiar branding. To put this statistic into perspective, there are more than 30 million malicious messages sent in 2022 that included some sort of Microsoft branding or its related products. Additionally, to drive this statistic home, approximately a third of users clicked on links or opened an attachment from the 135 million simulated phishing attacks. [1]

Do these numbers only affect large corporate businesses? Think again. According to Verizon, Inc.’s 2022 Data Breach Report, 46% of all cyber breaches impact businesses with fewer than 1,000 employees. [2] Surveys show that 47% of businesses with fewer than 50 employees have no cybersecurity budget [3], 51% of small businesses have no cybersecurity measures in place at all, and 36% of small businesses are “not at all concerned” about cyberattacks. [4] At the end of the day, hackers exploit the human condition, knowing that we are creatures of habit that will respond to urgency, personalization, and pressure. We have seen the internet evolve within the past decade to be a greater force for all businesses. However, with any tool designed for good, there will always be someone willing to exploit it for their own gain

Founded in 2021, RVL8 (Revelate) is a Managed Security Services Provider (MSSP) that provides comprehensive Managed Security Services that help businesses protect their networks, data, and operations from cyber threats.

Founders: Caroline Doan (Software/Network/Infrastructure Engineer), Thanh Phan (Edge/Site Reliability/Security Engineer)

If you are interested in ways to protect your professional or personal data, please feel free to reach out to us. 

949.565.5656

References:

[1] https://www.proofpoint.com/us/resources/threat-reports/state-of-phish

[2] https://www.verizon.com/business/resources/reports/dbir/2022/master-guide

[3] https://insights.corvusinsurance.com/cyber-risk-insight-index-q1-2022/survey-findings-smb-cyber-readiness

[4] https://digital.com/51-of-small-business-admit-to-leaving-customer-data-unsecure

More articles

Latest article