Transcript: Cyber fraud prevention — Ransomware

[Music playing. The CIBC logo appears.] 

[Cyber fraud prevention: Ransomware] 

[A laptop computer is open on a desk. An email notification appears on the computer.] 

A message arrives from a sender you may or may not recognize. 

The message says they are following up on an overdue payment and you must click to review the invoice. 

There’s a file attached that contains the invoice.

[Email is opened and it references an overdue invoice, with a suspicious file attachment.]

Be careful, you may have been targeted by a ransomware attack. 

[After the invoice is opened, a pirate flag flies on the laptop screen, indicating the device is compromised.]

[What is ransomware?] 

More and more, business is conducted online every day, and that puts all of us at increased risk for online fraud. 

[A computer shows an online banking account balance decreasing. Pirate flag flies on-screen.] 

Ransomware is a tool criminals use to extort money from victims. 

And it can be tricky to spot. 

[Magnifying glass hovers over an email inbox.]

In a ransomware attack, a criminal tricks you into downloading malicious software by disguising it as an important document or link.

[User opens the same email from before, and clicks the invoice file attachment.]

When you open the file, a ransomware program steals data and encrypts the files on your device and network, and blocks you from using them.

[A number of file folders move from the user’s system to an encrypted location. User tries to access them and can’t get in.]

Fraudsters then demand a ransom payment to give you back access to your systems and the information they have taken.

[A message from the fraudster is shown.]

Ransomware can also spread through local networks, attacking other computers and servers and potentially infecting the entire company.

[A router is shown beside two laptop computers. The computers are both compromised, with a skull and cross-bones appearing on each screen.]

[Recognize ransomware] 

Not all online fraud is easy to spot. Protect yourself by looking out for the following signs.

[A signpost with four different blank signs branching off from it.]

Emails, SMS or instant messages that contain suspicious links or attachments, even if they come from someone you know. Email addresses are easy to fake.

[Laptop screen with an email inbox open. Two mobile phones with different types of messages. The same ransomware email from before appears again and the suspicious attachment is highlighted. Email address is highlighted to indicate it’s familiar to the user.]

Unusual file attachments, or file types you don’t recognize.

[The suspicious attachment changes to show different suspicious file types.]

Incorrect grammar and spelling errors.

[A typo in the suspicious email is highlighted.]

And branding that doesn't quite match the sender or brand’s usual style.

[Two emails beside each other. One shows the correct logo for a company, the second is the ransomware email from before and the logo is incorrect.]

[Protect yourself]

You can protect yourself and your business by remembering these 5 simple rules.

[A security icon with a lock on the front of a shield. Five dots rotate around the icon.]

[Create an IT plan: To enhance your tech defences] 

Make sure your IT service providers are prepared with enhanced defences.

[Laptop screen shows defensive techniques, as a sports coach would draw up.]

[Create an IT plan: To implement an impact assessment and recovery plan.]

Help them create an impact assessment and put a recovery plan in place.

[Laptop screen shows a wrench with an arrow, indicating use of a tool to fix something.]

[Create an IT plan: To make sure all systems are updated]

And ensure all devices in your network receive regular system updates.

[Laptop screen shows a system update being requested.]

[Back up your data: Frequently and regularly] 

Back up all your files regularly.

[Back up your data: Store backups offline.]

And store your backups offline, in a device that’s not connected to the same network.

[A device is plugged into a laptop to create a backup. The device is unplugged once completed.] 

[Don’t engage: Don’t respond, don’t click, don’t open] 

If you receive a suspicious email or text, don’t respond, don’t click any links, and don’t open any file attachments. 

[Cursor on a computer screen moves to close a suspicious pop-up message and a suspicious email.]

[Protect your accounts: Update your passwords]

Regularly update your passwords and never use the same password across multiple accounts. 

[A login screen shows a password being entered. Two other login screens appear, all with different passwords having been entered.]

[Protect your accounts: Enable two-step or multi-factor login]

Enable two-step or multi-factor login authentication for your accounts. 

[A login screen, with an arrow pointing to a mobile phone. The phone screen shows a pending authentication request from the user’s laptop.]

[Protect your email: Turn on spam filters] 

Turn on email spam filters. 

[Cursor selects filters for spam and unknown senders to turn the filters on.]

[Protect your email: Pay to attention to anti-phishing notifications]

And pay attention to browser and spam-filter warnings. 

[Email requesting login credentials is opened. A warning pops up in front of the message, stating to be careful about a possible fraud attempt.]

Cybercrime is on the rise, but you can protect yourself, and your business. 

[Laptop screen with a pirate flag flying. Flag is replaced by a security icon, and a cup of coffee appears beside the device.]

To learn more about fraud, including what to do if you’ve been a victim, visit cibc.com/fraud. 

[To learn more about fraud, visit: cibc.com/fraud]

[CIBC logo. The CIBC logo is a trademark of CIBC.]