There has been a recent increase in phishing attacks and scams. Bad actors are taking the current vulnerabilities in our systems – working from home, unsecure Wi-Fi/network connections, unprotected computers accessing company networks, etc. – to create cyber attacks related to Coronavirus (COVID-19).
The Gaming Industry is extremely vulnerable now more than ever. A cyberattack just occurred this week involving online gambling sites – Some US Online Gambling Sites Down Following Cyberattack On SBTech.
As a business, it is important to keep employees informed and aware of the recent threats. As with all suspicious/unsolicited messages, caution must be taken in handling any email with COVID-19 in the body or subject line, attachment(s), and hyperlink(s). Additionally, attacks can occur through social media, text messages or telephone calls.
Casino Essentials offers CyberSecurity training that ensures your business is aware of cybercrimes that can occur at your home front.
Scroll to the bottom of this page to read the course descriptions for the IT & General Security training suite.[/vc_column_text]Vector Solutions is sharing how we keep our team on high alert and trained on taking extra precautions when it comes to cybersecurity. This includes:
DEFINE PHISHING ATTACKS
Phishing is a type of social engineering cybercrime in which targets are contacted by phone, text message, and most commonly, email by someone who is posing as a trustworthy source. The purpose is to lure individuals into providing sensitive data/information such as, personally identifiable information, passwords and banking/credit card details. When targets respond to the attacker with the requested information, attackers can use it to gain access to sensitive accounts.
Business must take extra precautions during vulnerable times/events, like our current state, and certain times of the year, such as:
IDENTIFYING THE MOST COMMON INDICATORS FOR PHISHING ATTEMPTS
Suspicious Sender’s Address
Most commonly, the sender’s address looks as though it is from a legitimate sender. Cybercriminals imitate a common email address received. The cue to confirm if the sender is legitimate is to check if any characters are omitted, (i.e., [email protected])
Generic Greeting and Signature
Strong indicators of a phishing email are general greetings such as, “To Our Valued Customers”, and minimal contact information in the signature block. Trusted sources typically address their customers directly and provide all contact information in their signature blocks.
Incorrect Hyperlinks and Websites
If the body of the email includes hyperlinks and websites, it’s always encouraged as a best practice to hover your cursor over the links prior to clicking. If the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (i.e., .com vs. .net). It is also common for cybercriminals to use a URL shortening service to hide the true destination of the link. (i.e., https://bit.ly/3aXDhNZ)
Grammar Mistakes and Urgency
Grammatical errors in the body of the email can be considered as the first clue when identifying a phishing email. Reputable organizations have trusted employees to review and generate customer correspondence prior to sending.
Malware is commonly delivered to a target in an unsolicited email requesting a user to download and open an attachment. Be wary when the email is creating a sense of urgency to download the contents. This tactic is used to help persuade the target to open the attachment prior to examining it first.
Suspicious Requests for Financial Actions
Never respond directly to requests involving financial requests such as, bank transfers and gift card scams. A rule of thumb is to always contact the requester directly or your supervisor for assistance.
HOW TO AVOID BECOMING A VICTIM
Be wary of suspicious and unexpected emails, phone calls or text messages. It’s important to keep your team informed about the phishing techniques that are commonly used. For IT administrators, ongoing cybersecurity awareness training and simulated phishing exercises company-wide is highly recommended. Training ensures the team will think before they click. When in doubt, always start a new tab in your web browser and go directly to the source, rather than clicking on a suspicious link.
Never reply to a suspicious email. Always verify the sender’s address. Never reveal or provide personal information or business information, this includes it’s organizational structure. Always pay attention to the website’s security – an indication the site is secure is if the URLs begin with “https”, rather than “HTTP”.
WHAT TO DO WHEN YOU’VE BECOME A VICTIM
It is a best practice to contact the business IT department and your supervisor when a team member may have fallen victim to a cybersecurity attack. If financial information may have been compromised, contact the bank and close any accounts that were shared. Immediately change any passwords that were revealed and watch for signs of identity theft. CASINO ESSENTIALS TRAINING
IT & General Security Training Suite Course Descriptions: