Six months ago a Milwaukee Bucks employee fell victim to a spearphishing scam. The employee who gave the team’s financial documents to an email scammer shouldn’t have to feel that bad.

The same thing almost happened recently to the president and founder of Applied Tech, Kurt Sippel.   Sippel was a target of a similar so-called “spearphishing” target.

His company’s controller thought nothing of the internal email from Sippel, saying she should pay an invoice worth hundreds of dollars. The email addressed her by her first name and was written in Sippel’s usual short message style, plus it had his personal and familiar signature lines and the company’s logo and confidentiality statement at the bottom.

In other words, it looked legitimate in every way – but it wasn’t.

His controller was suspicious that his full name was at the bottom of the message. So using an internal discovery and checking process she had been trained on, the controller discovered the bogus invoice.

“If it can happen to us, it can happen to anyone,” said Sippel.

Most people who work daily on computers know about phishing attempts – those fraudulent email messages from random hackers, but seem like they came come from a large or well-known company or Web site with a broad membership base, such as eBay or PayPal. Most people have learned to be suspicious of those type of unexpected request for personal information or data. Most avoid responding or clicking on links unless they are positive about the source.

In the case of spearphishing, however, the apparent source of the e-mail is an individual within the recipient’s own company and generally someone in a position of authority like the chief financial officer, a director — or like Sippel, the president. That’s what happened to the Buck’s employee.

“These campaigns are amazing,” said Sippel. “The emails are customized to each target by name, job title, telephone number, company name, and subject. Often the information is picked up off public websites such as LinkedIn or the company’s own website. And that lure isn’t the end. The company can even be targeted by region and its business specialty.”
Sippel’s company has seen a spike in the number of businesses looking to install the latest security tools and learn the protocols for using them to protect confidential data.

“Three things are driving this,” he said. “First you have human error. People just lose devices. They also make mistakes about what to trust or how to follow routines set in place. That includes maintaining patches and updating firewalls and licenses.

“Second, you have the rise in mobile computing. People are using all types of devices in the workplace. While you might have protection inside the corporate firewall, what happens when that worker is outside? In these days of working wherever, whenever with whatever, security for mobile devices is often forgotten or even turned off.

“Finally, it’s becoming easier and cheaper to get into the hacking business,” he said, citing a recent study by Dell SecureWorks that all types of malware is becoming much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information.

Among the findings, Sippel said: Hackers are offering to steal personal emails from Gmail or Yahoo accounts for $129. Offers to hack into corporate email accounts cost more: $500 per mailbox. Tutorials for new hackers, such as how to send phishing emails, can be purchased online for $20 to $40. Remote access “trojans,” which allow cybercriminals to secretly control other people’s computers from a distance, can go for as little as $5 to $10.

“You have to try to be a step ahead, or you lose,” Sippel said. “Analysts found hackers hawking their goods like a typical startup company. One ad offered ‘free-trial attacks.’”

One of the more disturbing trends for businesses, he said, is ransomware. A company’s computers are penetrated through some type of security breach and all of the information is locked until a ransom is paid, relatively small in the hundreds to a few thousand dollars. If you don’t pay the criminals, you will lose the files forever.

“Imagine you arrive at your office one day to find all your computers padlocked, and a man in a mask demanding $5,000 to give you the key. That’s what ransomware is like,” he said.

He said two of his Madison clients have been attacked and, with adequate backup, their information was recovered without payment. He said ransomware attacks are growing more frequent thanks in part to two technology trends: the increasing processing powers of computers (which are now so powerful that they can encrypt their own files in a matter of hours) and the rise of anonymous payment systems such as Bitcoin (which make it easy for criminals to accept payment without fear of being traced).

“If your company gets infected, you face two very hard choices,” Sippel said. “Either spend multiple days recovering the locked files from backups—during which time you’ll endure user downtime, lost sales and angry customers—or pay ransom to an organized crime syndicate.”

Sippel noted a recent incident at a California hospital, the Hollywood Presbyterian Medical Center. In February, they were forced to take their PCs offline so their techs could contain a ransomware outbreak and restore their files. They spent 10 days relying on fax machines and paper charts. In the end, they ended up paying $17,000 in ransom, just to avoid even more protracted downtime.

In 2014, the FBI received over 1,800 complaints about ransomware, an estimated loss of more than $23 million. In 2015, the bureau received over 2,400 complaints, and victims lost over $24 million.

“Everyone should be concerned. It’s the number one problem facing the computer security industry and it’s very, very difficult to solve,” Sippel said. “They prey on people’s willingness to click on the latest viral videos; they prey on people’s willingness to click on Facebook links.”

But companies can fight back, he said.

“Good user habits, common sense, backups and patching. With those basic things in place, I think you can minimize your exposure. That’s what we’re here to do.”

The Resource Hub

Get Complete Managed Services Insights

Visit our Resource Center for up-to-date news and stories for technology and business leaders.

8 Critical Priorities Your IT Needs to Nail 

8 Critical Priorities Your IT Needs to Nail 

If you’re a business owner or leader, you know how important it is to have a reliable and effective IT partner that can help you achieve your goals, keep your workforce productive while maintaining a safe and secure network environment.  But how do you know if your IT partner is really delivering on their promises and meeting your expectations? How do you measure their performance and value? ...

Applied Tech Recognized on the CRN MSP 500 List for 2023

Applied Tech Recognized on the CRN MSP 500 List for 2023

March, 2023 – Applied Tech has been named to CRN’s Managed Service Provider (MSP) 500 list for 2023 in the Pioneer 250 category. This annual list recognizes North American companies with innovative approaches to managed services that support customers with the ongoing complexities of IT solutions while optimizing operational efficiencies and systems to maximize return on investment. The Pioneer...

Wisconsin State Journal Names Applied Tech a Winner of Madison’s Top Workplaces 2023

Wisconsin State Journal Names Applied Tech a Winner of Madison’s Top Workplaces 2023

Madison, Wisconsin, March 26, 2023 - Applied Tech has been awarded a Top Workplaces 2023 honor by Wisconsin State Journal Top Workplaces for the second year in a row. The list is based solely on employee feedback gathered through a third-party survey administered by employee engagement technology partner Energage LLC. The confidential survey uniquely measures 15 culture drivers that are critical...

Applied Tech and Platte River Networks Partnership Creates “Strategic IT Powerhouse” for Small and Midsize Businesses

Applied Tech and Platte River Networks Partnership Creates “Strategic IT Powerhouse” for Small and Midsize Businesses

Blockbuster merger expands team and expertise, bringing more knowledge, services, and technical specialization to local growth-minded businesses nation-wide MADISON, Wis. & DENVER--(BUSINESS WIRE)--Two of the IT channel’s top-performing, celebrated managed service providers (MSPs) – Applied Tech and Platte River Networks have partnered to become an MSP superpower serving businesses...

Three IT Service Techs Working

Move Forward with IT Services for Business

Use managed services for small and mid-sized businesses that help you reach your goals.

Work With Us