Susan Tompor: Cybersecurity threats getting harder to ignore

McClatchy-Tribune Information Services

October 31, 2016

With countries like China, Russia and North Korea becoming more aggressive in cyberattacks, and everyday fraudsters upping their game beyond the once easy-to-spot spam emails filled with bad grammar, cybersecurity threats as a whole are growing more ominous for individuals, small-business owners and large corporations.

That was part of the message delivered by George Smirnoff III, senior vice president and chief information security officer for Comerica Bank, in a speech earlier this month in Detroit.

"In their mind, youíre low-hanging fruit," he said, addressing a group of the bankís customers, which include many small-business owners. "As executives, guess what? Youíre all targets."

Smirnoff talked about a rip-off dubbed "the business email compromise" that involves scammers impersonating a companyís top managers with the goal of initiating an international wire transfer. Such cybercriminals are spoofing emails to make them look legitimate and, in some cases, send messages that include details about new vendors in need of immediate payment, which can rush employees into making bad decisions, he said.

The attacks, a form of phishing, are targeted toward specific individuals, usually those who handle the bills or wire money, he said. And in some cases, the fake emails are strategically sent when the actual business owner is away on vacation or traveling for business.

Some of the scammers are believed to be members of organized crime groups from Africa, Eastern Europe and the Middle East, the FBI has said.

A sophisticated phishing email can bypass filters and anti-virus programs. Even up-to-date, anti-virus software wonít do much good if consumers or employees carelessly download email attachments, experts say.

"These emails are getting very tricky," Smirnoff said.

October is National Cyber Security Awareness Month, a campaign headed by the Department of Homeland Security to raise awareness about combatting online fraud and the protection of personal information.

This October, with all the news about emails being stolen from Hillary Clintonís presidential campaign and the hacking of state voter registration systems, the public canít but be aware of the issue.

Ultimately, thatís probably a good thing. After all, weíre facing phishing scams everywhere, from our homes to our places of work.

Here are some ways to arm yourself against such threats:

óCreate a "coMplic@t3d" password

Itís easy to think we donít have any control over cybersecurity breaches, but a strong password remains a solid defense, said Smirnoff and other experts.

A strong password will have at least 12 characters that include a mix of upper- and lower-case letters as well as numbers and special characters. Donít reuse it on multiple sites.

óBe vigilant and recognize that cybercrime pays

Your personal information has great value to crooks, who can use it to open bogus accounts and file take tax returns. Be sure to shred bank statements and unused credit card offers before throwing anything away. Be cautious downloading apps, especially from sources youíre unfamiliar with.

óBe skeptical when you get an email from a CEO, your bank or even a favorite retailer

Remember, a bank isnít going to ask you to confirm your Social Security number or account number ó or ask for your password ó via email or text.

Stop before making a move and contact your bank directly.