Antonio A. (Tony) Rucci
Independent CyberSecurity Consultant
865.719.1715 | Tony@TonyRucci.com
Dear POOL Members:
I was notified by a few of our Members receiving fraudulent emails from scammers in the last couple of days. We suspect that other members may have received these as well, which should heighten awareness of current threats. We want all our members to be as successful in thwarting these attempts. This is an opportunity for a timely reminder of the importance of CyberSecurity knowledge and vigilance.
We are in the middle of the holiday season and want to remind you about the heightened risk of Business Email Compromise (BEC) scams. Cybercriminals are increasingly employing sophisticated tactics to deceive businesses into clicking on malicious links or paying fraudulent invoices. Your vigilance during this during this holiday season (and always) is crucial. Cybercriminals always seem to step up their game this time of year... and it’s time to Step Up Our Vigilance!
Our Members, just like other public entities across the country, are High-Value Targets (HVT) for a variety of cybercrimes. We talk about it regularly during our CyberSecurity Webinar Series here at POOL/PACT.
Important Points to Remember and Review:
·Have Your Cyber Incident Response Plan Ready: In case of a suspected BEC attack, have a clear plan in place. This should include isolating affected systems from the network and contacting your IT support immediately. This REALLY paid off for one of our POOL Members in the last few days. Their CIRP and CyberSecurity Training and Awareness allowed employees and IT staff to recognize the threat, respond quickly, and report promptly. Through their quick actions, the threat was mitigated quickly, and no harm was done to their systems, or integrity of data. This is an excellent success story.
Implement Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it harder for cybercriminals to gain access to your systems and data.
Regularly Update Software and Firmware: Keep your systems, including anti-virus and anti-malware software, up to date to protect against known vulnerabilities.
Verify Unexpected Invoices: If you receive an invoice from a new or existing supplier that seems out of the ordinary, confirm its authenticity directly with the supplier through a known and trusted communication method. Call them! We see cybercriminals Spoofing as Vendors, sending malicious attachments and false invoices in their attempts to compromise networks and/or trying to get businesses to pay those erroneous invoices. Please Stay Alert!
Be Skeptical of Urgent Requests: Scammers often create a sense of urgency. If an email demands immediate action, especially involving financial transactions or sensitive information, take a moment to verify its legitimacy. Don’t be afraid to ask for a “second set of eyes” from a coworker, your IT support, supervisor, or me.
Double-Check Email Addresses: Pay close attention to the sender's email address. Scammers may use addresses that closely resemble familiar ones, with subtle differences.
Beware of Links and Attachments: Don’t click on links or download attachments from unfamiliar sources. They could lead to malicious websites or contain malware.
Educate Staff: Ensure employees are aware of these tactics. Regular training can significantly reduce the risk of falling prey to these scams. POOL’s KnowBe4 CyberSecurity Awareness Training provides an excellent platform for awareness and has proven its value to our members, time after time.
Remember, Your Vigilance is Key!
While technology plays a significant role in safeguarding against these threats, the first line of defense is always employee awareness and caution.
If you have any concerns or need further assistance in strengthening your cybersecurity posture, please do not hesitate to reach out to us here at POOL/PACT. We are here to support you in ensuring a safe and secure holiday season.
Tony Rucci email@example.com
Donna Squires Donna.Squires@us.davies-group.com
Marshall Smith firstname.lastname@example.org
Wishing You a Peaceful and Scam-Free Holiday Season,