Cybercriminals use these tricks to lure small and medium-sized businesses into a trap

December 9, 2022

Google has declared war on scammers targeting businesses [1]. Cybercriminals posed as the tech giant and got small businesses to pay to create a business profile on Google, which is actually free.

Kaspersky experts support Google’s efforts by highlighting common social engineering methods that cybercriminals are currently using to trap small and medium-sized enterprises (SMEs) and offering tips on how SMEs can protect themselves.

Common social engineering methods

  • Cybercriminals pose as suppliers: Large companies have strict procedures to check (potential) suppliers, but small companies lack these resources. Cybercriminals take advantage of this and lure with lucrative offers, flexible conditions and websites that are deceptively similar to those of legitimate suppliers. After payment, however, companies receive nothing in return.
  • Fake events: Industry events are crucial for businesses. Fraudsters therefore send out invitations with relevant and engaging content for fake events to sell tickets via legitimate-looking landing pages to make a profit.
  • Blackmail using bad reviews: Scammers write negative reviews about hotels, restaurants and other businesses and send them an email offering to remove the reviews in exchange for a sum of money from Google, TripAdvisor or another website that offers review options.
  • Spear phishing: In spear phishing, scammers send emails to a person in charge of the company’s budget, such as the owner or accountant of the organisation. They impersonate a bank, partner or colleague and urgently request a payment or information about the company’s employees or accounts.
    Kirill Kulakov, Technical Advisor at Kaspersky Fraud Prevention, comments:

“Medium-sized companies are of interest to cybercriminals. In contrast to those who focus on private users, B2B fraudsters rely even more on individually tailored and efficient social engineering methods and schemes. They invest a lot of time and effort in developing and implementing methods that are relevant to a specific industry or company – and that pays off, much more so than for an ordinary, private user.”

Kaspersky tips for small businesses

  • Don’t allow yourself to be manipulated or emotionally blackmailed. Scammers always try to pressure and unsettle, leading their victim to take rash actions.
  • Check emails from new, unknown senders for spelling as well as the text displayed with hyperlinks.
  • Introduce a clear password policy that passwords must contain at least eight letters, a number, upper and lower case letters and a special character. In addition, it should be ensured that these passwords are changed if a compromise is suspected. For this, a security solution with a comprehensive integrated password manager [2] should be implemented.
  • Install updates from software and device manufacturers as soon as they are available.
  • Deploy a comprehensive security solution such as Kaspersky Endpoint Security for Business [3] that protects against a wide range of threats, including ransomware.
  • Train employees regularly on cybersecurity. Kaspersky Security Awareness [4] is based on a learning cycle with micro-learning units that are motivating and easy to integrate into everyday work.
  • The GEIGER project [5], co-funded by the European Commission, provides tools to assess the cybersecurity level of small and very small businesses and raises their awareness of data protection and privacy through specific training tools, such as two gamification solutions developed by Kaspersky.
  • Report fraud attempts to the relevant law enforcement authorities.


Related Articles

Collective agreement reached for the 25,000 aviation security workers

Collective agreement reached for the 25,000 aviation security workers

On the 16th May 2023, after countless and controversial collective bargaining negotiations, some of which were accompanied by strikes, a collective agreement was reached for the 25,000 employees in aviation security. The collective bargaining parties BDLS, ver.di and...

Employees accept digital monitoring

Employees accept digital monitoring

Gartner surveyed around 5,000 employees - Not every form of monitoring is desired "Digital workers" in the UK, India, China and the US find digital monitoring OK under certain conditions. This means electronic monitoring systems that continuously check whether company...

Share This