Pushed by a national task force including in particular the ANSSI, the CNIL as well as the National Gendarmerie and the National Police, a guide to help companies succeed in the containment of their activity by avoiding scams is launched. From fake transfer orders to phishing to ransomware, the main cyber threats and the means to prevent them are covered.
With the Covid-19 pandemic, threats of all kinds have multiplied. Including those related to cyber risk and using social engineering and the exploitation of data from social networks for the purpose of false transfer orders, identity theft … In order to help companies to fight against fraud and scams, a national task force has been mobilized to produce a practical guide for businesses to help them identify and contain risks and cyber risks.
“Fraud is very varied and affects both consumers and businesses: purchase of sanitary products (hydroalcoholic gel, masks, etc.), miracle products or methods, false transfer orders, identity theft by professionals, false administrative sites illegally collecting personal data or bank details, fraud based on the generosity of donors, offers of savings and credit products with particularly attractive conditions, unsolicited commercial prospecting (SPAM), phishing / phishing, etc. “, Explains the guide.
Strong passwords, recurring backups and updates
To help businesses, the government task force including several ministries and organizations (ANSSI, CNIL, Ministry of the Interior, DGCCRF …) produced 9 files: online shopping scams, need for hydroalcoholic gel, savings / loans, false transfer orders, phishing / phishing, fraudulent calls for donations, repair fraud, theft of bank details and ransomware. All these files highlight points of attention, prevention messages as well as the organizations to contact in case of concern.
Regarding good practices to adopt in the fight against malware and ransomware, the guide reminds to update its systems, not to click on links from unknown or known message chains or senders but whose the message structure is unusual or empty, make regular backups, use complex passwords and change them regularly … In the event of a successful attack, advice is given, such as disconnecting the machine from the Internet or the network IT, isolate the affected media, immediately alert the IT department, do not pay the ransom, file a complaint with the police or the gendarmerie, approach their anti-virus supplier or service provider.
False technical supports to detect to better avoid them
Fraud from false repairs and / or false technical supports is also legion but can be identified. “Victims while browsing the Internet are unexpectedly interrupted by an anxiety-provoking security message that appears to be a legitimate operating system alert window. This message is frequently generated by the internet browser. This alert can indicate the presence of malware or any other form of technical problem a priori outside the field of competence of the average user. This alert encourages the victim to contact a technical support service in order to remedy the fictitious difficulty with the help of a teleoperator. The message generally includes a time constraint indicating that after a period of a few minutes the compromised device will be rendered unusable unless contacting the service indicated “.