SCGhealth Blog


Watch out! Small businesses being targeted by malware, scammers

Monday, July 02, 2018

By Marla Durben Hirsch, contributing writer

It’s hard enough for physicians to operate their practices. But in recent weeks it’s gotten tougher as small businesses are being specifically targeted by criminals. 

There may be malware in your router.

The Federal Bureau of Investigation (FBI) released a warning on May 25 that foreign cyber actors had compromised hundreds of thousands of small office and home routers with malware known as VPNFilter. The malware can render the router inoperable. It can also collect information, exploit devices, cut off internet access and block network traffic.

The warning is related to a Department of Justice (DOJ) investigation of the cyberattacks. The DOJ obtained a court order on May 23 enabling the government to seize a domain that’s part of the malware’s command and control infrastructure. The infection will then be redirected to an FBI-controlled server, which can then capture information about the perpetrators and help identify victim devices. 

The FBI recommends that the routers be rebooted to temporarily disrupt the malware and aid in the potential identification of infected devices. Note that the routers can still be reinfected after the reboot, so the FBI also suggests that router owners consider disabling remote management settings on devices, securing the routers with strong passwords and encryption when enabled, and updating to the latest available versions of router firmware.

Several router manufacturers have issued their own instructions to deal with this malware threat. For instance, Linksys provides a link to its latest firmware update and recommends that passwords be changed periodically. If an owner believes that his/her router has been infected, Linksys also recommends that the owner perform a factory reset of the router. 

FTC: Watch out for scammers

So many small businesses have been taken advantage of by scam artists that the Federal Trade Commission (FTC) launched “Operation Main Street” with the Better Business Bureau and law enforcement on June 18. Operation Main Street will educate small business owners on how to recognize and prevent scams. The guidance lists some of the most common scams, such as:

  • Imposters claiming to be from the government or the utility company
  • Fake invoices
  • Unordered office or other supplies
  • Directory listing and advertising scams
  • Tech support scams
  • Offers to change online reviews
  • Credit card processing scams

The FTC flags the tactics that scammers use, such as using untraceable payment methods like wire transfers; pretending to be someone trustworthy, perhaps from a company you may know; and creating a sense of urgency, so you make a quick decision before checking out the situation.

Some of the protections the FTC recommends small offices take include:

  • Verify invoices
  • Secure files, passwords and financial information
  • Make sure that employees are familiar with the scams
  • Don’t believe caller ID or email/web addresses
  • Have a clear procedure for approving expenditures

The FTC also recommends that businesses report any attempted scams to the government. 

Takeaways:

To protect your practice as much as you can, follow the instructions in any relevant warnings. 

And to make sure you’re on top of these warnings, sign up for email alerts from the United States Computer Emergency Readiness Team (US-CERT). 


Comments [0]

Comment


No Very





Captcha Image


SCG Health blog by Email

Recent Posts


Archive


Tags

SCG Health is a tradename of the Searfoss Consulting Group, LLC. You may reproduce materials available on this site for your own personal use and for noncommercial distribution. For more information, please read the Content Sharing Policy. Art & design by SCG Health. DISCLAIMER: You should consult an attorney for individual advice regarding a particular set of facts and circumstances. SCG Health reserves the right to change the information on this website without notice.