There has been an increased number of ransomware attacks reported in the last year including municipalities in the state of Texas, as well as attacks on the cities of Baltimore and Atlanta. It should not be a surprise that data breaches continue to be one of the top fraud trends. Unfortunately, ransomware is not the only fraud scheme that criminals are committing using the breached data. Another type of attack using the breached data that is happening more and more is known as “credential stuffing.”
Credential stuffing is a type of cyberattack that uses the breached data combined with sophisticated software to gain unauthorized access to user accounts. The software allows criminals to quickly test login credentials obtained through data breaches and sold on the dark web against hundreds or even thousands of websites. The credential stuffing software has become so sophisticated that it can slow the speed at which credentials are entered into a website to better imitate a real person inputting their data. This type of attack is effective because many of us re-use the same credentials across multiple websites and if not required to do so, we often do not change our login credentials on a regular basis.
Another fraud trend is for criminals to use our communications technology to gain access to our IT systems and data. While we have all heard of phishing schemes, “smishing” and “vishing” are being employed more frequently by criminals to obtain personal information. Smishing is when someone tries to trick you into giving them your private information via a text or SMS message and vishing is the use of the telephone system to try to gain access to personal and financial information. A common example of smishing is a text message that appears to be from your bank saying that your account has been suspended and requests you open a link to unlock your account. A recent example of vishing, which has happened to many of us, is the call from the Social Security Administration notifying you that your social security number has expired and needs to be renewed.
Regardless of the type of scam, many instances of fraud can be avoided by staying up to date on fraud trends and schemes and then using common sense is generally the best practice against these types of fraud.
If you have any questions on the above, or questions about how to better protect your business in general, feel free to contact a Henry+Horne professional.
Aaron Funk, CPA