Cybersecurity Attacks: How To Prevent Them
This year Cybersecurity Awareness month occurred during the month of October. Cybersecurity is a topic that should be a concern all year round. One of the most common cybersecurity challenges faced by companies and individuals is how to keep important and private information secure.
Cyber criminals are always looking for ways to gain access to our personal information, such as passwords, credit card information and other sensitive data.
Hackers attempt to use email, social media, phone calls and other forms of communication to steal our personal and sensitive information. One of the most common ways to steal information is by means of Phishing or using a phishing attack.
What is Phishing?
Phishing is a fraudulent attempt to obtain sensitive information and is considered a form of social engineering. Social engineering is considered the art of exploiting human psychology. The attacker does not employ technical techniques to gain access to sensitive data but uses manipulation of people into performing actions that end the end divulges confidential information. Some of the methods used in the exploitation is to gain entry to sensitive data via email or malicious websites. The person attempting the attack is basically posing as a trustworthy person, company, or entity.
The most common method is the use of email. The goal of Phishing in this case is to trick the recipient of an email into believing that the message they receive is something that they want or need. For example, you may receive a request from a bank that appears to be legitimate or a note from someone you are familiar with in a company or you know personally. The phishing attempt is designed to get the recipient of the email to click on a link or open an attachment included in the email. Once you click on the attachment or link, you are taken to another page (which is actually a fake login page). If you were to enter your personal or sensitive information, the cyber criminal now has access to your private information.
Phishing Attack Examples
One of the best ways to identify Phishing attacks, especially in emails is to examine the emails you receive even though you may be familiar with the recipient. When studying the emails look for the following:
Emails requesting personal information. Legitimate Companies will never email you requesting your login information. This usually comes in the form of asking you to click on a link that will take you to a website (which is a malicious website) and you will be asked to enter your login and password information. Your reaction should be: DON’T DO IT!!
Emails that state your account has been hacked. The email you receive may contain threats that if you do not act within a certain time, something serious will happen to your computer, an account, or something else that you want to protect. Sometimes, depending on the source of the email, you will notice these emails do not contain proper grammar. When reading the contents of the email you are able to discern that the sender is not very knowledgeable of the subject discussed. Your reaction should be: BE ON THE LOOKOUT and DO NOT PROVIDE ANY INFORMATION!!
Emails sent that claim to represent well known companies. This could be from the IRS, SSI or A banking institution. It should be noted that the IRS would not contact you via email. The goal of the email is to scare you into clicking on a link or button in hopes that you will reveal or enter important information such as a username and password or even social security number. Once you have entered this personal information, it can be used to gain access to an account or in the case of a corporation a business system containing sensitive information. Your reactions should be: BEWARE!! DO NOT PROVIDE YOUR INFORMATION!!
Emails requesting a payment. The malicious email in this situation will contain enough information to trick you into thinking that it actually came from a company that you routinely make payments to or conduct business with. The way to try to avoid a Phishing scam in this case would be to make sure that you are familiar with the company's way of processing payments or contact the company directly to inquire about the email. This is especially true when it comes to emails received from banking institutions. Your action should be: WHEN IN DOUBT, REACH OUT TO THE COMPANY BEFORE PROVIDING INFORMATION.
Emails containing informal greetings: Hello Customer. An email addressed in this manner is more than likely an email that was sent to not only you, but many recipients. The attacker may have obtained email addresses of a company or from a contact list and is sending the malicious email in hopes that you as well as the others will provide your personal information. Your first reaction should be: YOU'RE NOT ALONE!! THIS INFORMATION HAS BEEN SENT TO OTHERS.
Email or text messages containing links called spoof links. Spoof links are masked to look like a link from a legitimate source, however, it is designed to steal your data. Just clicking on the link could be enough to infect your computer with malicious software (malware) designed to either harm or exploit your computer. Malware can extract financial data, healthcare records, personal email, passwords and other types of sensitive data. If clicking on the link does not affect the computer at that time, it could take you to another webpage in hopes that your information can be extracted by means of you typing in the information. Your first reaction should be: DO NOT CLICK ON THE LINK IF YOU DO NOT KNOW THE SOURCE OF THE LINK!!
PHISHING vs. SPEAR PHISHING
Phishing and spear phishing share the common goal of manipulating persons into exposing sensitive data. The difference is spear phishing is a more targeted and personal technique. The purpose of spear phishing is to increase the chance of fooling you into giving up or providing sensitive information. Attackers use your public information in an attempt to impersonate those you are familiar with such as relatives, coworkers or others you trust. The types of information that can be used is personal information, employment information, organizations you belong to, your interests. Most of this information can be gathered from social media.
AVOIDING PHISHING SCAMS
The best way to avoid phishing scams is to educate yourself on the many ways you can detect and protect yourself from these attacks. This discussion only touched the surface and cybersecurity is a topic that will be discussed in future articles.
Have you ever been a victim of phishing? If so, share your experience and what measures you have taken to prevent another attack.