With countries like China, Russia and North Korea becoming more aggressive in cyberattacks, and everyday fraudsters upping their game beyond the once easy-to-spot spam emails filled with bad grammar, cybersecurity threats as a whole are growing more ominous for individuals, small-business owners and large corporations.
That was part of the message delivered by George Smirnoff III, senior vice president and chief information security officer for Comerica Bank, in a speech earlier this month in Detroit.
"In their mind, you're low-hanging fruit," he said, addressing a group of the bank's customers, which include many small-business owners. "As executives, guess what? You're all targets."
Smirnoff talked about a rip-off dubbed "the business email compromise" that involves scammers impersonating a company's top managers with the goal of initiating an international wire transfer. Such cybercriminals are spoofing emails to make them look legitimate and, in some cases, send messages that include details about new vendors in need of immediate payment, which can rush employees into making bad decisions, he said.
The attacks, a form of phishing, are targeted toward specific individuals, usually those who handle the bills or wire money, he said. And in some cases, the fake emails are strategically sent when the actual business owner is away on vacation or traveling for business.
Some of the scammers are believed to be members of organized crime groups from Africa, Eastern Europe and the Middle East, the FBI has said.
A sophisticated phishing email can bypass filters and anti-virus programs. Even up-to-date, anti-virus software won't do much good if consumers or employees carelessly download email attachments, experts say.
"These emails are getting very tricky," Smirnoff said.
October is National Cyber Security Awareness Month, a campaign headed by the Department of Homeland Security to raise awareness about combatting online fraud and the protection of personal information.
This October, with all the news about emails being stolen from Hillary Clinton's presidential campaign and the hacking of state voter registration systems, the public can't but be aware of the issue.
Ultimately, that's probably a good thing. After all, we're facing phishing scams everywhere, from our homes to our places of work.
Here are some ways to arm yourself against such threats:
_Create a "coMplic@t3d" password
It's easy to think we don't have any control over cybersecurity breaches, but a strong password remains a solid defense, said Smirnoff and other experts.
A strong password will have at least 12 characters that include a mix of upper- and lower-case letters as well as numbers and special characters. Don't reuse it on multiple sites.
_Be vigilant and recognize that cybercrime pays
Your personal information has great value to crooks, who can use it to open bogus accounts and file take tax returns. Be sure to shred bank statements and unused credit card offers before throwing anything away. Be cautious downloading apps, especially from sources you're unfamiliar with.
_Be skeptical when you get an email from a CEO, your bank or even a favorite retailer
Remember, a bank isn't going to ask you to confirm your Social Security number or account number _ or ask for your password _ via email or text.
Stop before making a move and contact your bank directly.
