There are plenty of instances where real people in real life are making very costly mistakes because they are opening emails and following links that are dangerous. Hackers are getting very smart, and cyber defense needs to be a top focus at all times.
What can happen
One such example takes place in Western Poland at a local counsel office. The morning was running smoothly, just like any other morning. Joanna was a senior specialist within the accounting department. She was in a good mood, but running a little late. She had some coffee, played some music on her computer, and sat down to work.
A few days before, she had installed a music app on her computer that would allow her to listen to all of her favorite songs while she worked. She needed administrator access to the computer in order to download the app. She pleaded, and the IT guy finally gave in. What she didn’t know at this time was that it was opening a dangerous hole within the entire IT system.
Joanna launched a budget management application that was issued by the government, just as she had done 1 million other times. With just a few clicks of the mouse, she made a transfer order for approximately 20,000 zloty. The recipient of the money was the company that had won a renovation contract for one of the main roads in town. The entire operation only took a few seconds.
A few days later, the owner of the company phoned and was asking about when they were going to receive the money. She was surprised and contacted the bank. The bank confirmed the operation and said that there was nothing suspicious.
Joanna worked with the head of the IT department and backtracked across all of the events that took place on the day of the transfer. Nothing was out of the ordinary. They started checking on Joanna’s computer. This is when they found something. The week prior to the missing transfer, Joanna received an email from the developer of the software that she uses for budget management.
Joanna did not see any red flags with the email because it contained a reminder about the software update. She said that it looked legitimate, containing the contact data, logo, and everything.
Here’s one little problem, though. There was a single letter change within the address. A “t” and then “f” can look very similar when you read quickly. She followed the link that took her to the website for update. It ultimately affected every resident within the town. She didn’t actually update anything, what she did was download a dangerous spyware onto her computer. Cyber criminals were then allowed to gain access to the accounting department and they were the ones responsible for transferring the money. It was a digital trap that Joanna fell for.
Don’t be an easy target for hackers
After the attack, the police had to launch a full investigation, and it was found that Joanna was one of many victims. There was a malware infection on the computer, which could have potentially been found prior to all of this if there was better software installed on the computer that would look for spyware, viruses, and other suspicious code.
Additionally, Joanna and people in similar positions need to be trained not to download, update, or do anything on their computer unless they are 100% sure about where it comes from. It’s best to work with an IT department head in order to determine if something should be updated or downloaded.
This was one of the largest mass cyberattacks in Poland, and it isn’t going to be the last one. There are small and medium-sized enterprises every day that lose a significant amount of money as a result of insufficient cybersecurity.
There are security management solutions and end-point protection that can be utilized in order to prevent such attacks. This can save a local business, a large corporation, or even a local government a significant amount of money because they will no longer be an easy target for hackers.