Skip to content

CyberLiability Report | November 2017

Gone Phishing?

Apparently, a lot of people have gone phishing and are now flooding your email inbox. Webroot Quarterly Threat Trends reported (on that nearly 1.4 million (yes, MILLION) phishing websites are created every month. That number seems almost unbelievable, but the sites aren’t all up at the same time, so the number is reasonable. Actually, most sites are only active for a few hours so that they can avoid being detected.

What exactly is phishing? ComputerWorld defines phishing as “a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.”

Phishing sites impersonate companies that we all do business with such as Google, Dropbox, Apple, PayPal, etc.. It’s no wonder that many people fall prey to these phishing attempts. There is really no fool proof way to be completely free of phishing emails, but there are steps you can take to protect yourself. Following are some suggestions from

  • Think before you click
  • Verify a site’s security
  • Check your online accounts
  • Keep your browser up-to-date
  • Be wary of pop-ups
  • Never give out personal information
  • Use antivirus software

The best advice is to “think before you click” and always trust your instincts!

Hackers, LinkedIn and Spearphishing

Hackers are now using LinkedIn to create personalized phishing attacks. LinkedIn has become the “go to” social platform for business professionals to expand their business contacts, so it was just a matter of time before hackers caught on.  According to a report by USA Today, hackers figured out how to infiltrate your network by posing as average, authentic business people. Remember the days when Facebook was full of fake news and catfishing? Today it’s LinkedIn.

Sadly, it’s now important to be wary of LinkedIn connection requests. This new wave of attacks is called spearphishing. And the attack is most likely not on you personally, but rather where you work. Think about it. Your LinkedIn account is chock full of information – email addresses, work histories, connections, etc.

Be careful who you connect with. If you don’t know the person, view their profile and see what mutual connections you have. And if you have any doubts, don’t connect!


Game maker used son’s name “Joshua” as the password.

How many passwords do you have? Security Magazine ( says the average “business employee must keep track of 191 passwords”. Yikes! No wonder we all get confused and forget our passwords. The magazine found that most people underestimate the number of accounts they have, and aren’t aware that 81% of confirmed data breaches are due to passwords.

McAfee is in the business of protecting data and suggests that you change your passwords periodically and avoid re-using an old password for at least a year. Create a password that makes sense to you and to you alone. Make sure it’s comprised of at least eight characters using both lowercase and uppercase letters, numbers and symbols. Yes, that makes the passwords harder to remember, but it’s worth it to keep your data safe.

Do write down the passwords on a list in “tip format”. Instead of writing down the exact password, write down a clue that will prompt your memory of the password. But don’t keep that list in your computer! And, use different passwords for each of your accounts. Another tip is to avoid entering passwords in unsecured Wi-Fi locations, like coffee shops or the airport for example. These are prime locations for hackers to intercept your passwords and data. Also, always log off an account if you are leaving your computer unattended as it’s easy for someone who knows what they’re doing to quickly change your password and gain access to your account.

And last but not least, don’t use personal information like names (your name, a pet’s name, family names, etc.) for your passwords. These can be easily discovered by visiting any of your social media accounts where that information may be in your profile. With a little planning and some creativity, you can come up with passwords that will protect your accounts.

Small Business Cyberattacks

Most small businesses aren’t aware of the fact that they’ve been the victim of a cyberattack. Hard to believe, but it’s true. An article by David Jones in, cites an October 2017 Nationwide ( survey showing that nearly 60% of small business have been victims.

Nationwide surveyed 1,069 businesses that had fewer than 299 employees. Only 13% of the participants said they had been a victim of a cyberattack. But that figure was low because they hadn’t factored in all of the types of attacks. Once shown a list of typical cyberattacks, the figure went from 13% to 58%. The survey showed that almost half of the company participants had been victims of cyberattacks. That’s a real eye opener. Following is the list of cyberattack types. See if any of them apply to you or your company.

  • Computer Virus
  • Phishing
  • Trojan Horses
  • Hacking
  • Data Breach
  • Ransonware
  • Issues Due to Unpatched Software
  • Unauthorized Access to Company Info
  • Unauthorized Access to Customer Info

Cyberattacks are a big threat to all of us and recovery can be a long and expensive journey. It’s something we all need to be concerned about. Symantec’s director of security, Kevin Haley, states “Small businesses can be a really sweet spot for cybercriminals. They have more money to steal than a consumer and less security in place than a large business.”

This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice.  Should you have any questions or would like to discuss your risk exposure with your company’s  cyber security insurance, please contact the insurance pros at ARCW Insurance.  We are here to help.