There has been a recent increase in phishing attacks and scams. Bad actors are taking the current vulnerabilities in our systems – working from home, unsecure Wi-Fi/network connections, unprotected computers accessing company networks, etc. – to create cyber attacks related to Coronavirus (COVID-19).
The Gaming Industry is extremely vulnerable now more than ever. A cyberattack just occurred this week involving online gambling sites – Some US Online Gambling Sites Down Following Cyberattack On SBTech.
As a business, it is important to keep employees informed and aware of the recent threats. As with all suspicious/unsolicited messages, caution must be taken in handling any email with COVID-19 in the body or subject line, attachment(s), and hyperlink(s). Additionally, attacks can occur through social media, text messages or telephone calls.
Casino Essentials offers CyberSecurity training that ensures your business is aware of cybercrimes that can occur at your home front.
Scroll to the bottom of this page to read the course descriptions for the IT & General Security training suite.
Vector Solutions is sharing how we keep our team on high alert and trained on taking extra precautions when it comes to cybersecurity. This includes:
- Defining phishing attacks
- Identifying the most common indicators for phishing attempts
- How to avoid becoming a victim
- What to do when you’ve become a victim
DEFINE PHISHING ATTACKS
Phishing is a type of social engineering cybercrime in which targets are contacted by phone, text message, and most commonly, email by someone who is posing as a trustworthy source. The purpose is to lure individuals into providing sensitive data/information such as, personally identifiable information, passwords and banking/credit card details. When targets respond to the attacker with the requested information, attackers can use it to gain access to sensitive accounts.
Business must take extra precautions during vulnerable times/events, like our current state, and certain times of the year, such as:
- Natural disasters (i.e., Hurricane Katrina, Indonesian tsunami)
- Epidemics and health scares (i.e., H1N1, COVID-19)
- Economic concerns (i.e., IRS scams)
- Major political elections
IDENTIFYING THE MOST COMMON INDICATORS FOR PHISHING ATTEMPTS
Suspicious Sender’s Address
Most commonly, the sender’s address looks as though it is from a legitimate sender. Cybercriminals imitate a common email address received. The cue to confirm if the sender is legitimate is to check if any characters are omitted, (i.e., email@example.com)
Generic Greeting and Signature
Strong indicators of a phishing email are general greetings such as, “To Our Valued Customers”, and minimal contact information in the signature block. Trusted sources typically address their customers directly and provide all contact information in their signature blocks.
Incorrect Hyperlinks and Websites
If the body of the email includes hyperlinks and websites, it’s always encouraged as a best practice to hover your cursor over the links prior to clicking. If the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (i.e., .com vs. .net). It is also common for cybercriminals to use a URL shortening service to hide the true destination of the link. (i.e., https://bit.ly/3aXDhNZ)
Grammar Mistakes and Urgency
Grammatical errors in the body of the email can be considered as the first clue when identifying a phishing email. Reputable organizations have trusted employees to review and generate customer correspondence prior to sending.
Malware is commonly delivered to a target in an unsolicited email requesting a user to download and open an attachment. Be wary when the email is creating a sense of urgency to download the contents. This tactic is used to help persuade the target to open the attachment prior to examining it first.
Suspicious Requests for Financial Actions
Never respond directly to requests involving financial requests such as, bank transfers and gift card scams. A rule of thumb is to always contact the requester directly or your supervisor for assistance.
HOW TO AVOID BECOMING A VICTIM
Be wary of suspicious and unexpected emails, phone calls or text messages. It’s important to keep your team informed about the phishing techniques that are commonly used. For IT administrators, ongoing cybersecurity awareness training and simulated phishing exercises company-wide is highly recommended. Training ensures the team will think before they click. When in doubt, always start a new tab in your web browser and go directly to the source, rather than clicking on a suspicious link.
Never reply to a suspicious email. Always verify the sender’s address. Never reveal or provide personal information or business information, this includes it’s organizational structure. Always pay attention to the website’s security – an indication the site is secure is if the URLs begin with “https”, rather than “HTTP”.
WHAT TO DO WHEN YOU’VE BECOME A VICTIM
It is a best practice to contact the business IT department and your supervisor when a team member may have fallen victim to a cybersecurity attack. If financial information may have been compromised, contact the bank and close any accounts that were shared. Immediately change any passwords that were revealed and watch for signs of identity theft.
CASINO ESSENTIALS TRAINING
IT & General Security Training Suite Course Descriptions:
- Cybersecurity Awareness for the Workplace
- The course presents a variety of precautions you, as a casino employee, should take to avoid cyber attacks against you and your company. The course discusses the different types of cyber attacks (i.e., phishing, viruses, malicious software and phone scams) and how to stay clear of them, as well as real-life scenarios so the learner may interact and understand just how serious cyber security may be.
- SAR Incident Reporting For IT
- With a rapidly growing trend in cyber-events and cyber-enabled crime, the Financial Crimes Enforcement Network (FinCEN) is requiring casinos to report certain activities as part of the casino’s Title 31 obligations. In this lesson, we will learn how to respond to cyber-events and cyber-enabled crime.
- PCI Credit Card Fraud Prevention
- Fraud costs businesses and consumers billions of dollars annually. This course is designed to teach Casino employees to detect and prevent credit and debit card fraud so as to keep criminals from stealing and victimizing unsuspecting individuals and businesses. This course meets PCI requirements from front line staff training.
- PCI Compliance For IT Professionals
- PCI security standards are technical and operational requirements set by the PCI Security Standards Council to protect card-holder data. PCI standards apply to all organizations that store, process and transmit card-holder data.
- Internal Fraud Awareness & Prevention
- Occupations fraud and abuse is a major concern to organizations around the globe. According to the Association of Certified Fraud Examiners, organizations lost approximately 5% of their annual revenues to employee fraud and abuse in 2013. This course covers identifying issues that may lead to fraud abuse, the red flags to identify internal fraud and how to handle instances of fraud in an organization.