HUNTERSVILLE – Detective Rick Rojas, of the Huntersville Police Department, explained to Lake Norman Chamber of Commerce members July 18 how to protect their companies from computer attacks on confidential records and what to do if they become victims.
Rojas has worked since 2010 as a detective in the criminal investigations division with an emphasis on financial fraud. He opened the seminar with the example of the Target breach last December when millions of social security and credit card numbers were confiscated.
“Target will recover because they have the resources and small businesses do not,” Rojas said. “And reputation is key.”
Rojas describes cybercrime as any crime or illegal activity on the Internet through the Internet. He said it’s hard to prosecute guilty participants who steal essential information because they could be located anywhere around the world.
According to a 2014 McAffe Cybercrime report, the number of attacks specifically aimed at small to mid-size businesses more than doubled and the cost of global cybercrime has reached $114 billion annually.
He said small business owners are more vulnerable to cybercrimes because they do not believe they are a valued target to cyber thieves and cannot afford sophisticated systems to secure information. They rely more on anti-virus software and lack the training to protect their databases.
The detective explained phishing, pharming and ransomware.
Phishing is the act of sending a false or spoofed email as an established business to trick the customer into sharing private information. Fraudsters compile stolen data after a victim clicks on a link in an email, taking them to a familiar website.
“PayPal uses your first and last name in emails. If it doesn’t, it’s not real,” Rojas said, referring to the concept that an email with poor grammar and a salutation of “Dear valued customer” is not legitimate.
Pharming is the act of installing a malicious code on a computer or server that brings users to a fraudulent website without their knowledge or consent.
Some tips Rojas gave to stay clear of pharming and phishing include not responding to unknown email senders and clicking on email links.
“A personal friend of ours email was hacked. She said she got mugged and someone stole her cards. She needed money to get home and requested a wire transfer through Western Union,” said Kevin Lorton, CEO of Patronus Background Services. “But we talked with other people and it was a scam. The email looked like it came directly from her.”
Rojas said the email sent to Lorton acted as a ghost email expressing urgency to send over money. He said customers should verify any or messages with their company before responding or entering data. Checking the IP address of a computer’s network can determine the location where an email was sent.
Ransomware occurs when a criminal installs malware that restricts access to a computer system and demands the user pay $60 to $200 to lift the restriction.
“These are criminals. There is no guarantee they will pay you back,” Rojas said. “Money could be picked up somewhere across the world.”
To prevent ransomware, Rojas said small businesses should install updated security software.
“Taking a couple minutes of detective work can save you,” Rojas said.
Small business safeguards
• If you have a server, make sure it is locked
• Have a password policy, nothing simple like “12345.”
• Use a dedicated computer for banking.
• Educate your staff, deal with reputable people when asking for assistance.