February 2025 Volume 7

OPERATIONS & MANAGEMENT

STAY ONE STEP AHEAD OF INVENTIVE CYBER RISKS By Jim Kerr

C ybersecurity remains a top concern of executives in busi nesses of all sizes. Even with layers of security tools in place, up to 95% of compromises are caused by human error. Occasionally, compromises result from deliberate, malicious actions. Far more common, however, are errors caused by lack of knowledge or simple carelessness. Cybercriminals are growing increasingly inventive in their efforts to deceive us. The two examples below highlight real situations experienced by our clients. Online Search Yields Imposter Microsoft Support What Happened It all started with unexplained charges from Microsoft on a personal credit card. Our client called his bank to ask about it, and the bank referred him to Microsoft for clarification. A Google search yielded a phone number for Microsoft billing. When the client called the number, the person on the other end told him his IP address had been hacked and the “tech” needed to connect to his machine to correct the problem. The “tech” connected to the computer and took an unknown action that demonstrated a text box with the word “hacked” in it. From there the “tech” tried to sell a non-Microsoft anti-virus subscription. Our client became suspicious and hung up. When the client realized what had happened, he called us. Unfortunately, a hacker had connected to the machine and taken an unknown action, so it was now unsafe to use. Red Flags • The credit card number in question is not on the work machine so it couldn’t have been stolen through an IP hack. • Microsoft support would generally not connect to an indi vidual user’s machine for this reason. • Microsoft doesn’t try to sell clients over the phone, especially not a competitor’s product. The Results The computer had been compromised and presented a risk to the organization’s network. It was an older computer, and the client chose to replace it rather than reformat it. The staff person was without a computer for a day while a spare computer was repur posed for him.

Key Reminders • Be careful with online searches. Depending on the search terms you use, the phone number or website the search engine finds could be fraudulent. • In this case, the client was looking for a phone number. But false search engine results can also include links that gather any data you enter for use in future scams. • If you are looking for a vendor’s support number, go to their legitimate website first to search. • NEVER give any unknown third-party remote access to your computer. New! Forging Automation Seminar and Plant Tour Fake Sales Order in Legitimate Microsoft Email What Happened A client received a licensing sales order from Microsoft with a phone number to call. The sales order looked real, but she wasn’t expecting it and became suspicious. She decided to check with us to see what was going on. Red Flags None, other than it was unexpected. The email came from the legitimate Microsoft domain and the formatting of the sales order was correct. The Results The email was a remarkably clever phish with a real sales order. Spam filters allowed the email to pass through because it really was sent from Microsoft. Here’s how it works: the bad actor sets up a trial or tenant for Microsoft 365, completely separate from the legitimate client, and adds an “info@” email as the billing contact. They then purchase a license from Microsoft. In the only editable field allowed, they add wording about calling Microsoft along with a fake number to call and cancel the subscription if it’s unneeded. If you call, the bad guys ask you to download files that are malicious. Key Reminders • If a sales order or invoice is unexpected, even from a known vendor, confirm its authenticity internally. • Don’t call a phone number from an email. Use your own internal contact information. • Be suspicious about downloading files except from confirmed and trusted sources.

FIA MAGAZINE | FEBRUARY 2025 54