TL;DR
In this episode, you’ll learn why securing your online accounts is crucial for your solopreneur business.
We discuss the three pillars of digital security, internal and external security threats, motivations behind cyberattacks, and ways hackers can monetize compromised accounts.
You’ll discover real-life examples, including how a friend was scammed out of $24,000.
Past episodes or seasons mentioned during the show
- Season 4 on Process efficiency
- MP097: Why do solopreneurs need to be proactive about digital security?
Understanding Cyber Threats
Protecting our Mac, iPhone, and iPad is just one part of staying safe online. The other part is securing our online accounts. Imagine your finance, marketing, and operations accounts—all essential for your solopreneur business—being at risk.
This episode is divided into three parts:
- A quick recap of Episode 97, discussing why solopreneurs need to proactively manage digital security.
- An explanation of the six main motivations behind hackers’ actions.
- An in-depth look at how hackers make money by compromising online accounts of solopreneurs like us.
Components of Digital Security
Let’s kick things off by understanding why solopreneurs need to be proactive about digital security.
Security has three key components: confidentiality, integrity, and availability. Confidentiality means making sure only authorized people can access your business data. Integrity ensures your data is accurate and untampered with. Availability means your data and IT systems are accessible whenever you need them.
Security incidents can come from two sources: internal and external.
Internal incidents might be caused by mistakes from you, external contractors, or bugs in the operating system or software.
External attacks are from cybercriminals trying to access your data, whether it’s on your Apple devices or online.
Often, I hear solopreneurs say, “But I’m nobody,” or “My business is too small, so why should I care?”
Well, there are two types of attacks: opportunistic and targeted.
Most attacks are opportunistic. Think of hackers like fishermen casting millions of lines into the sea. If a fish happens to bite, it gets caught. Statistically, some people will always fall for these attacks. The payoff for hackers is worth the effort, and they don’t care who gets caught—anyone vulnerable can be a victim.
Targeted attacks are rarer and usually pose a lower risk to solopreneurs. However, the risk isn’t zero, especially if you offend someone online or a competitor gets jealous of your success.
So, why should you be proactive about digital security?
Understanding the consequences of security incidents is key. These can be direct and indirect.
Direct consequences include lost time, unexpected expenses, and lost revenue while dealing with the incident.
Indirect consequences, like reputation damage, can be even more harmful and long-lasting. For example, if your client’s data gets hacked, not only will you spend time and money fixing the breach, but your clients might lose trust in you, affecting your business relationships and future opportunities.
For more on this topic, including basic prevention and contingency techniques, check out episode 97 at macpreneur.com/episode97.
Motivations Behind Cyber Attacks
Why would someone attack you? Based on my research, there are six main motivations:
- Money: This is the most common reason, accounting for 60 to 75 percent of cyberattacks. I’ll explain later how attackers can make money by compromising your online accounts.
- Revenge: This could come from a disgruntled customer, an ex-business partner, or even a competitor.
- Spying: Attackers might want to gain intelligence on your business model, processes, proprietary frameworks, or customer information.
- Hacktivism: This involves using hacking techniques to promote social or political ideologies. Maybe someone didn’t like your social media post or disagrees with how you do business.
- Cyber Warfare: Being caught in the middle of conflicts, like those between Ukraine and Russia or in Israel, can make online businesses targets as attacks on communications infrastructure increase.
- Fun: Some people find joy in the challenge of breaking into systems when they get bored.
These motivations often overlap. For example, an attacker might start with political reasons, spy on you to understand your weaknesses, and then realize they can also make money.
How Hackers Make Money
Let’s talk about how attackers can make money by compromising your online accounts.
Direct Theft: Hackers can go straight to the source by draining your business bank account or maxing out your credit card. This involves compromising your e-banking credentials. While multi-factor authentication makes this tough, the risk isn’t zero.
Payment Processors: If they take over your online payment processor like Stripe or PayPal, they can change the payout destination.
Website or online store: If you use a platform like Shopify, Etsy, or Gumroad, any sales could be redirected to the attacker’s account until you fix it.
Ad Platforms: If you run ads using Meta Business Suite or Google Ads, attackers can hijack your account and run ads for themselves, charging your business credit card. A client of mine experienced this when their Facebook page was hacked, and their credit card was maxed out in a few hours. They never managed to recover their page or speak with Facebook.
Social Media: Breaking into your social media accounts allows attackers to promote scammy products or services to your followers. They might also impersonate you to trick your family and friends into sending money for a fake urgent issue.
Email Accounts: If your business email or email marketing service is compromised, attackers can send emails with links to fake websites or online stores. They might also sell your contacts’ information on the dark web or demand a ransom.
Cloud Storage: Taking over your cloud storage account (like Dropbox, Google Drive, or OneDrive) allows attackers to blackmail you. Instead of paying for a decryption key, the new threat is leaking your stolen data publicly if you don’t pay.
These are just some ways solopreneurs can be targeted. It’s crucial to stay aware and take steps to protect your accounts.
Scams Without Account Compromise
Some scams don’t even require compromising your online accounts.
Here are three scenarios, including a real-life example:
Ransom via DDoS Attack: Attackers might launch a DDoS (Distributed Denial of Service) attack on your website or online store, making it inaccessible by overwhelming it with traffic. They then demand a ransom to stop the attack. These attacks can be bought on the dark web and can last from a few hours to a few days.
Supplier Email Hack: Another scam involves hacking into your supplier’s email system. The attacker then sends you an email claiming their bank account has changed. If you pay the next invoice to this new account, the money goes to the attacker instead of your actual supplier.
Subcontracting Scams: These can be particularly tricky if you rely on freelancers. A friend of mine who owns a translation services agency lost around $24,000 in such a scam.
Here’s what happened:
- She was contacted by a seemingly legitimate university requesting translation services for hundreds of documents.
- Coincidentally, she received a social media DM from a freelance translator fluent in one of the required languages.
- She signed a contract with the university, which started sending documents for translation.
- The university provided positive feedback about the freelancer’s work, and the freelancer sent invoices.
- My friend made the mistake of paying the freelancer before receiving payment from the university, which turned out to be fake. Someone had impersonated a university representative, and my friend had already sent around $24,000 to the freelancer before realizing it was a scam, putting her business in a tough financial spot.
Recap & next
We started by emphasizing the importance of being proactive about digital security for solopreneurs.
Then, we discussed the main motivations of hackers and seven ways they can make money by compromising our online accounts.
Lastly, we covered three scams that don’t require hacking our accounts but are still crucial for every solopreneur to be aware of.
That’s it for today.
In the next episode, I’ll talk about the different attack vectors used to compromise our online accounts and how to defend ourselves.
Make sure to subscribe or follow this podcast so you get it automatically next week.
Cheers,
Damien
Subscribe from your favorite podcast player
FULL TRANSCRIPT (Click here)
Exposed! The Silent Threat That Could Cripple Your Solopreneur Business
The Importance of Securing Online Accounts
Imagine waking up one morning to find one of your online accounts hacked and your solopreneur business paralyzed.
Scary, right?
Today, we’re diving deep into why securing your online accounts is just as important as securing your Apple devices.
Stick around until the end because I’ll share a real-life story of how a fellow solopreneur got scammed and lost nearly $24,000.
I’ll unpack all of this after the intro.
Introduction to Macpreneur Podcast
Hello. Hello, and welcome to episode 103 of the Macpreneur Podcast.
Whether it’s your first time or you’re a long-time listener, I appreciate that you carve out some time in your busy solopreneur schedule.
I’ve created Macpreneur to help as many solopreneurs as possible save time and money running their businesses on their Macs.
Now, in order to give you the most relevant Mac productivity tips and information, I need to know how well you’re currently dealing with the three killers of Mac productivity, namely unnecessary clicks, repetitive typing, and file clutter.
For that, just visit macpreneur.com/tips and answer a few questions, which will take you less than two minutes.
After submitting your answers, you will receive personalized, time-saving tips based on your results.
Once again, visit macpreneur.com/tips and start boosting your efficiency today.
Understanding Cyber Threats
Securing our Mac, iPhone, and iPad is only half the battle against cyber threats. The other half is keeping our online accounts secure too.
Think about it, your finance, marketing, and operations accounts, all crucial to your solopreneur business, are at risk.
Now we covered ways to streamline all those processes during Season 4, and if you missed it, I recommend visiting macpreneur.com/season4, where you will find all the episodes in reverse chronological order.
Now, Season 5, this season, is dedicated to helping you protect your devices and processes from cyber threats, and it all starts with awareness.
Now, I’ve split this episode into three parts.
First, I’ll do a quick recap of Episode 97, which covered why solopreneurs need to be proactive about digital security.
Then, I will explain the six main motivations of hackers.
And finally, I will expand on the different ways that they make money by compromising the online accounts of solopreneurs like you and me.
Components of Digital Security
Okay, let’s start by reminding ourselves why it’s important for solopreneurs to be proactive about digital security.
Security has three components: confidentiality, integrity, and availability. Confidentiality means ensuring that only authorized people have access to our business data. Integrity means making sure that our business data is accurate and untampered with. And availability means ensuring that business data and IT systems are accessible at all times.
At a high level, there are two possible sources of security incidents: internal and external.
Internal incidents might involve mistakes by you, external contractors, or a bug at the operating system level or at a software level.
External attacks are from cybercriminals trying to directly access your data, whether on your Apple devices or online.
And when I talk about cyber attacks, most of the time I get the following statement, “But Damien, I’m nobody, or My business is too small, so why should I care?”
The thing is, there are two types of attacks: opportunistic ones and targeted ones.
And the vast majority of attacks are opportunistic. Now imagine hackers like fishermen who would launch millions of baits in the sea. If a fish happens to pass by and get lured into eating the bait, it gets caught. Statistically speaking, there will always be a fraction of people who get caught.
The payoff is always worth the effort, and in this scenario, they don’t really care who gets caught, so anyone vulnerable could be their victim.
Targeted attacks, on the other hand, are much rarer and the risks for solopreneurs are relatively low. However, it is not entirely zero, especially when you offend people online, even inadvertently, or when a competitor gets jealous of your success, for instance.
So, apart from mitigating the risk of getting hacked, why should you be proactive when it comes to digital security?
Well, for that, it’s important to understand the consequences of security incidents, which can be direct and indirect.
The direct consequences include lost time, unexpected expenses, and lost revenue while dealing with the incident.
And indirect consequences, like reputation damage, could be even more harmful and long-lasting. For example, imagine a scenario where your client’s data gets hacked. Not only will you need to spend time and money fixing the breach, but your clients might lose trust in you, affecting your business relationships and future opportunities.
You can go deeper on this topic, especially basic prevention and contingency techniques, by checking out episode 97.
If you missed that episode, you can check it out by visiting macpreneur.com/episode97.
Motivations Behind Cyber Attacks
The next question is, why would anyone try to attack you? And based on my research, there are six main motivations.
The first and most prevalent motivation is money. Between 60 and 75 percent of cyberattacks are launched for that reason alone.
Which is why I will expand later on the different ways that an attacker can make money by compromising your online accounts.
The second motivation is revenge, which could originate from a disgruntled customer, ex-business partner, or even a competitor.
The third reason is simply to spy on you with the aim of gaining some intelligence on your business model, your solopreneur processes, proprietary frameworks or solutions, as well as customer information.
The fourth motivation is hacktivism, spelled H-A-C-K-T-I-V-I-S-M, which is the use of hacking techniques to promote social or political ideologies. Maybe someone didn’t like a social media post or comment of yours, or they disagree with the way you do business or the suppliers that you use.
Regardless, it’s enough for them to want to disrupt your solopreneur business.
Reason number five is getting caught in the middle of cyber warfare, which is sadly the case as a result of the conflict currently going on between Ukraine and Russia, as well as in Israel. Regardless of the camp you’re in, operating an online business from a war zone faces many challenges. Some of them are the result of attacks on the communications infrastructure.
The sixth and final main motivation is simply for the fun of it. Some people unfortunately get bored very easily. And one of the things that makes them come alive is the challenge of finding a way to break in.
Now, these motivations are not mutually exclusive. In other words, an attacker might be motivated by political reasons and then start by spying on you to better understand how you operate and what your online weaknesses are, and then they might realize that they could make some money as well.
How Hackers Make Money
And speaking of making money, let’s have a look at the different ways that attackers can achieve that by compromising one or more of your online accounts.
One way would be to go directly to the source by siphoning your business bank account or maxing out your business credit card limit. How? By compromising your e-banking credentials. This is not an easy feat, since most banks now have implemented strong multi-factor authentication systems. However, the risk is not zero.
Another way would be to take over your online payment processor of choice, like Stripe or PayPal, and then change the payout destination.
If you have an online store on Shopify, Etsy, Gumroad, and the like, chances are that you’ve configured an online payment processor. So, by changing it to theirs, any sale made on your store would get credited to them until the situation gets resolved.
If you run ads using Meta Business Suite or the Google Ads Platform, you have configured a way to pay for those ads, most probably via your business credit card. About two months ago, a client of mine got scammed and lost control of one of its Facebook pages. In a couple of hours, the attacker maxed out my client’s credit card by running ads for themselves.
And the worst thing is that my client never managed to speak with anyone at Facebook and still to this day has not recovered access to his business Facebook page.
Next, if someone manages to break into your social media accounts, they can start promoting scammy products or services to your followers, either publicly or via DMs.
And by impersonating you, attackers can also induce your family and friends to send them money, pretexting a random urgent issue that you might have.
And whether it’s your business email account or the email marketing service you use, getting it compromised allows an attacker to send emails with links to a lookalike website or an online store.
Another way they can make money is by reselling your contacts’ information on the dark web or by asking you for a ransom.
And talking about ransom, the same thing applies if an attacker manages to take over the cloud storage account you use for your business, whether it’s Dropbox, Google Drive, OneDrive, or any other.
In the past, paying the ransom was done in exchange for the decryption key, but there is no reason to pay if you have got an offsite backup. Nowadays, attackers blackmail their victims by saying that if they don’t pay the ransom, the stolen data will be leaked publicly.
This list is far from being exhaustive; however, as solopreneurs, I feel those are the ones that we need to be mostly aware of.
Scams Without Account Compromise
Before concluding this episode, there’s one more thing I’d like to mention. Some scams don’t require our online accounts to be compromised, and I will go over three situations, including a real-life example.
First, they could ask you for a ransom after launching a DDoS attack on your website or online store.
So, DDoS stands for Distributed Denial of Service, and it consists of sending thousands of concurrent connection attempts, which chokes the server, making your website inaccessible to legitimate visitors. This kind of attack can be easily purchased on the dark web and can last from a few hours to a few days.
Another way they can make money would be to hack one of your suppliers, especially their email system. Their next step would be to send you an email telling you that their bank account has changed. And the next time you pay an invoice by bank transfer, the attacker will get the money, not your actual supplier.
And finally, some scams revolve around elaborate subcontracting schemes. This could happen if you rely heavily on other freelancers to serve your clients.
A friend of mine, the owner of a translation services agency, lost around $24,000 that way a few weeks ago.
First, she got contacted by what appeared to be a legitimate university requesting the translation of hundreds of documents.
Then, as if by chance, she received a DM on social media from a freelance translator who happened to be fluent in one of the languages requested by that university.
She sent a contract to the university, who then started sending documents to be translated.
The university sent positive feedback about the “work” done by the freelancer, who consequently started sending invoices.
The mistake that my friend made was to pay the freelancer before getting paid by the university, which turned out to have never asked for translation work.
Someone impersonated a person at that university, and my friend never got paid.
And when she realized it was a scam, she had already sent around $24,000 to the freelance translator, putting her business in a dire financial situation.
Conclusion and Recap
So, to recap, the episode started by reminding why it’s important for solopreneurs to be proactive about digital security.
Then, we covered the main motivations of hackers and 7 ways that they can make money by compromising our online accounts.
Finally, I went through three scams that don’t require our online accounts to be hacked and that every solopreneur should be aware of.
If you enjoyed this episode, please share it with a fellow solopreneur and DM me on Instagram. My handle is @macpreneurfm.
So that’s it for today.
In the next episode, I will discuss the different attack vectors by which our online accounts could be compromised and what to do to defend ourselves.
So, make sure to subscribe or follow this podcast to get it automatically next week.
And until next time, I’m Damien Schreurs, wishing you a great day.
Thank you for listening to the Macpreneur Podcast. If you’ve enjoyed the show, please leave a review and share it with a friend right now.