When Maryland Attorney General (AG) Brian E. Frosh issued a warning to the state’s small business (SMB) owners last week, he shed light on the fact that, despite business owners’ rising focus on cyberattacks, some scammers continue to use legacy tactics to target their victims.
AG Frosh’s warning pertained to a specific small-business cybersecurity threat. A recent string of attacks in the state has seen criminals seeking payment via prepaid card solution Green Dot, urging small business owners and professionals to load money onto the Green Dot card and sent it to them.
The scam entails a scammer posing as a legitimate business partner or vendor, claiming over the phone that the SMB owes them money, then demanding payment in the form of a Green Dot card. It’s a twist on the business email compromise (BEC) scam that typically involves scammers emailing business owners and seeking payment via wire transfer, ACH or paper check.
“No legitimate business or utility will call you and ask you to make a payment using a Green Dot card,” AG Frosh said in a statement. “This is a scam, pure and simple. Don’t become a victim; just hang up if you receive a suspicious call.”
Clearly, scammers continue to use old tactics like the telephone to target their victims, but experts warn that cyberattacks remain a rising threat as well. In a new report from SCORE, researchers revealed just how large of a target small businesses are for cybercriminals, deploying a range of technologies to carry out their crimes — 43 percent of cyberattacks targeted SMBs last year. PYMNTS rounds up more top data points from SCORE’s report below.
Last year, 113,000 incidents of macro malware hit U.S. small businesses, making it the most popular type of cyberattack on the small business community. Attackers embed macro malware into email attachments like word processing documents, which is then unleashed as soon as someone opens that attachment. While spam filters can cut down on a business’ exposure to these attacks, the volume of this threat is significant: 39 percent of the 269 billion emails sent and received last year were spam, SCORE found. Researchers advised small business owners to not download any email attachments from an unnamed address.
In 2017, 66,000 online banking malware attacks targeted small businesses, SCORE said, explaining that this type of malware, once unleashed on a computer, is able to obtain online banking login credentials and credit card information when a user logs into their account. That’s because this malware masquerades as a legitimate online banking portal. To protect themselves, small business owners should type their online banking web addresses manually into their web browsers, SCORE said.
Nine minutes: the length of time it takes for a cybercriminal to use the data stolen from an online banking malware attack. According to SCORE, considering how popular online banking is for small business owners (71 percent of survey respondents use online banking and 43 percent use mobile banking, the report said), there is a broad opportunity for this type of attack to be successful, and cybercriminals quickly make use of the information they steal.
$133,000: the average cost of a ransomware attack on a small business. It’s significantly higher than $1,077, the average sum demanded by an attacker in this scenario. However, SCORE took into account the cost of recovering data, the cost of downtime and lost business opportunities to calculate the true cost of a ransomware attack on a small business. Cyberattackers may send ransomware via email with links that will lock out a device owner’s access to files when that link is clicked. SCORE recommended that small businesses, again, do not click on links or download attachments from unknown addresses.