Recent Cyber Attacks and Scams

Recent Cyber Attacks and Scams

June 5, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

There are so many stories on the Internet about cyber attacks and/or scams that it would be a full time job to keep track of them. These are just a sample of what has been posted in the last month and a half.

  • Students and faculty at Texas State were targeted by phishing attacks according to the school’s website (star.txstate.edu/2019/04/cyber-attacks-scam-students-take-identities/). The attacks were used to obtain students’ information.
  • Ransomware attacks continue. An April survey of 1,035 small and medium size business decision makers showed 55% would pay in order to recover stolen data (it’s preferable to increase security to prevent or limit attacks).
  • According to the Finextra website, financial crimes are at an all time high. Cyber criminals infiltrate their targets to identify security and due diligence gaps they can exploit. Smaller banks are the most frequent targets. Financial institutions should be proactive by using multiple security tools, check sources of payment messages for authenticity, look for unusual behavior that can be signs of a security breach, and keep updated lists of trusted beneficiaries especially for high value transactions. (This is also good advice for non-financial companies.)
  • “Credential stuffing” is an emerging security threat according to www.bbntimes.com. When a data breach occurs, hackers will steal login credentials with other personal identifiable information. This enables them to perform more illegal activities. Individuals can counter these attacks by strong passwords, safe storage such as a password manager, two factor authentication and changing passwords regularly. Organizations should use techniques like JavaScript challenge, device fingerprinting and behavior based detection systems.
  • Cyber Security Today reports that businesses mostly in Canada have received fraudulent emails saying they have been sued. (Legitimate lawsuit threats are not delivered by email.) Another scam targets Android phone users with “missed call” messages. If you don’t recognize who is calling, delete (or don’t reply to) the message.
  • Online association member directories can be targets of phishing attacks. Members need to connect with the public and each other while safeguarding personal information. A solution is a public database limited to telephone numbers and email addresses, and a private directory requiring a username, password and two factor authentication.



About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.