Cybercriminals will continue to prey on unsuspecting individuals at any time. During crises, they are quick to take advantage of the outpouring of support as people reach out to help one another. In times of tragedies, emotions run high and people let down their normal guard – and are far more likely to spontaneously click on links that they would usually subject to greater scrutiny.
Analyze the Intent of the Email
Keep in mind that the cybercriminal is thinking about three things:
- How can I capitalize on this issue for monetary gain?
- How many individuals do I need to contact?
- How should I position this scheme?
The attacker is seeking either cash or your Personally Identifiable Information (PII), which they can sell on the dark web or use to steal your identity.
How Do We Protect Against This Cyber Threat?
Before you click on a link or provide a donation, validate the following:
- Sender: Who is this from? Do you know them? Look closely to ensure the address isn’t spoofed or manipulated in a way that makes it appear legitimate. For instance, has the author replaced the “m” in a domain name with an “rn” to make it appear like an “m.”
- Time Sent: If the email is sent on a weekend or very early in the morning, is that a time when you would have expected the email to be sent?
- Subject: Is the subject what you would expect to receive from the sender?
- Content of the Body: Is the grammar correct? Are logos used correctly? Is the organization branding what you would expect? If there is a URL provided, mouse over it without clicking to see the actual destination. Is the URL pointing where you expect it to go?
- Signature Line: Is the signature from the sender? Does the signature look legitimate? Is the right title, address, phone provided?
These are all indicators of malicious emails. If any or all of the indicators above are present, taking the time to validate these may save you from a costly donation or identity theft. These types of cyberattacks do not have to be sophisticated. The attackers are weaponizing language – emotional triggers – that compel you to click on a link or take other action without your usual measure of caution. Don’t fall for this.
When All Else Fails
Of course, an added layer of protection in the form of cyber insurance may also be helpful. Tammy Stephens, CCIC, Senior Vice President and personal cyber insurance expert with Marsh Private Client Services shared, “With a personal insurance solution in place, you could have 24/7 access to experts who can help manage a threat, such as a ransomware attack, while in progress. It may also provide reimbursement for money paid due to extortion or the loss of non-recoverable funds, in addition to other valuable features.” Depending on the circumstances, family office social engineering losses may be covered under a commercial cyber, crime or kidnap and ransom policy.
In any event, stay alert and cautious. Be safe.