Techie Tips: Local Data Breaches on the Rise

There is an adage in cyber security circles. The attacker only has to be right one time, the defenders need to be right every time.It happened at 4:59 p.m. August 24, 2023. An email arrived in my inbox from a large and trusted local company in Wichita Falls. The email title said, “Approved Statements from .” I’ve redacted the specific company name as to not cause them harm by writing about this event. The email immediately raised red flags. I don’t do business with this company, so why would I be receiving a statement? The statement was a PDF, with a clickable link. I explored a bit further, and the link led to a website that looked exactly like the Microsoft login screen, except that the web address was from China.

Without their knowledge, this local well-known organization employing hundreds of Wichitans, had not only sent a phishing email, but they had been hacked and they had a serious data breach. I reached out to my contact at the company and let them know. I don’t know what’s happened in the days since I reported the breach to them, what I do know is that Phishing is a serious cybersecurity threat.

Phishing hacks of local businesses nearly double

In the past two months, I have measured a 93% increase in phishing attacks I’ve received from email addresses associated with local businesses. Local companies are getting hacked, having their email breached, and then the attacker is using their contact list to collect even more information for further phishing attempts. The attackers only have to be right once.

Phishing attacks, akin to modern-day con artistry, involve cybercriminals sending emails masquerading as legitimate entities to deceive individuals into divulging sensitive information such as passwords, credit card details, or personal identification. The complexity and sheer volume of phishing attacks means that everyone needs to be on-guard.

Be skeptical

The first line of defense against phishing attacks begins with cultivating a healthy dose of skepticism. It's crucial to pause and critically assess any incoming communication that demands sensitive information or immediate action. Hovering over hyperlinks to reveal their true destinations, scrutinizing sender addresses for inconsistencies, and verifying the legitimacy of the request through alternative channels are all essential practices.

Build up your defenses

Criminal hackers employing phishing are most interested in passwords associated with online services like Microsoft 365. Multi-factor authentication and strong unique passwords are part of the solutions. Businesses and individuals may want to also consider limiting access only to authorized devices and authorized locations.

Future security an evolving process

The rapid evolution of phishing tactics underscores the importance of cybersecurity awareness education as an ongoing process. Cybersecurity best practices are ever evolving, necessitating a commitment to staying informed about the latest threats and prevention techniques. Individuals and organizations alike should invest in training sessions and resources that empower users to recognize and respond effectively to phishing attempts.

The art of detecting and evading phishing attempts demands a combination of skepticism, education, and technological fortification that our local businesses must invest in. By fostering a culture of cyber vigilance, individuals and organizations alike can protect themselves, their customers, and our community.

Steve Haviland
Steve Haviland

Steve Haviland is the founder and CEO of Business Technology Solutions Group (BTSG) an I.T. management firm serving Wichita Falls, Lawton, and Oklahoma City. You can learn more about Steve and BTSG online at www.btsg.io.

This article originally appeared on Wichita Falls Times Record News: Techie Tips: Local Data Breaches on the Rise