Small Businesses Face Sophisticated Scams

Online and email scams are nothing new, and most SMBs long ago implemented at least rudimentary antivirus and antispam filters to help protect against hidden viruses, phony emails and the like. However, a new report from SMB security specialist GFI Software demonstrates that internet scammers are employing highly sophisticated methods that in many cases may require SMBs to seek MSP assistance.

Scammers Prove Master Thespians

Fans of “Saturday Night Live” may recall that about 25 years ago former cast member Jon Lovitz had a recurring character known as The Master Thespian, who would fool people with a simple-minded ruse and then let them in on the joke with the catchphrase “Acting!” The humor came from how bad The Master Thespian’s acting actually was.

According to GFI Software research, internet scammers are proving themselves to be legitimate Master Thespians, fooling SMBs with complex, hard-to-detect ruses that have decidedly unfunny results. For example, one SEO poisioning attack told users that "Google systems" had detected malware on their computer and directed them to download a rogue antivirus program. Scam artists also sent email messages containing fake announcements for "Google Pharmacy," with the body of the email including a single image rather than text in order to circumvent spam filters. Victims who visited the URL contained in the image spam were directed to a well-known spam attack site.

Other successful scams targeting SMBs last month included fake LinkedIn invitation reminders that sent users to a BlackHole exploit and infected their machines with Cridex, a Trojan that has targeted banks, social networks and CAPTCHA tests. Other cybercriminals targeted Skype users with a spam campaign claiming to offer free Skype Credit, but instead directed users to a compromised site hosting malicious Java code. And messages claiming to come from the U.S. Securities and Exchange Commission warned business recipients that a complaint had been filed against their company and would result in an investigation if not handled within 28 days. Users who were frightened into clicking on the nonexistent "complaint details" were directed to a page containing a Blackhole exploit kit targeting vulnerabilities in Adobe and Microsoft products.

Routine SMB Cybersecurity Not Enough

The type of routine cybersecurity packages most SMBs use are not enough to prevent these sophisticated attacks, which are designed to bypass most standard spam filters, from reaching the inboxes or browsers of their employees. Compounding the threat is the proliferation of remote devices accessing SMB networks from non-work locations that are difficult to properly link to corporate security systems. MSPs with a specialized security practice scaled to meet the specific requirements of SMBs can help ensure that these and other threats never find their way into SMB networks.

A typical spam filter is like a lock on a door – it keeps out amateur criminals, but professionals can easily bypass it. A managed anti-spam/antivirus service is like an advanced home security system with multiple features and redundancies that can repel even experienced burglars, who will eventually give up and target the less protected house down the street.