Cybersecurity and data breaches are becoming so common that you have probably been involved and never even knew it. Attacks and breaches are a huge struggle for business and people alike as the use of mobile and IoT* (Internet of Things) devices become more commonplace. According to Varonis.com, the amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well.
There are hundreds of types of attacks and more are created daily. In this blog, we will go over the 2 most common attacks, how to spot them, and how to protect yourself and your personal information.
1. PHISHING
Phishing is a form of social engineering where a hacker tries to trick the user into clicking a malicious link or downloading an infected attachment; or divulging sensitive or confidential information. According to Verizon’s 2019 Data Breach Investigations Report it was revealed that 32% of data breaches were due to phishing.
There are 3 types of phishing, vishing, smishing, and spear phishing. Voice phishing or ‘vishing’ is conducted by phone. Most vishing attempts try to get the victim to reveal information like PINs, payment card details and passwords. SMS (text) phishing or ‘smishing’ is becoming increasingly common due to how much we rely on our smartphones. Spear phishing is a targeted form of phishing – usually conducted to seek financial gain or obtain insider information – where cyber criminals adapt their methods to reach a specific victim.
2. COMPUTER VIRUSES
A computer virus is a type of code or program written to alter the way a computer operates. It is designed to spread from one computer to another (without the user’s knowledge) by:
- Opening an infected email attachment;
- Clicking an infected executable file;
- Visiting an infected website;
- Viewing an infected website advertisement; or
- Plugging in infected removable storage devices (e.g. USBs).
It seems like everyone is falling prey to these attacks, but there are really easy ways to protect yourself and your data.
- If a website, bank or business is asking you for confidential personal information or financial information in an e-mail, you should treat it with suspicion. It is a huge red flag to be asking for any of this information over email. Especially if the email is claiming that timing is “urgent” and repercussions will follow if you fail to act, that is a common tactic used by hackers and cyber criminals.
- The first phishing giveaway is the sender’s e-mail address. Even if the e-mail itself looks legitimate or the senders name is correct, look at the actual email address. For example, if you receive an e-mail from Target and the sender’s address is Target765@hotmail.com, this is clearly a scam and not from Target.
- Since the objective of a phishing attack is to get you to download an attachment or click a link, you should use extreme caution when receiving emails or texts with attachments or links. Don’t click links within an e-mail that you are suspicious of. When in doubt, hover your mouse over the text of the hyperlink and you should see the full URL, which will help to show whether it leads to a legitimate website. If someone you know sends you an out of character email don’t click on anything, their e-mail account has most likely been hacked and all of their contacts are now targets of a spear phishing attack.
- One of the easiest ways to spot an e-mail sent as part of a phishing attack is typos. Most are full of spelling errors, poor grammar and syntax.
- Some Internet security packages have a feature that automatically detects and blocks fake websites, adding a fail safe in case you accidentally click on link you shouldn’t. And you should be using a unique password for each website where you are required to log in.
If you follow these steps, you will minimize your risk of becoming a cyber-attack victim and will be better protecting your personal information.
*IoT devices are “systems of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction” Wikipedia. Examples are Google Home, Amazon Echo, Ring Doorbell, and other smart devices.
Sources:
https://www.varonis.com/blog/cybersecurity-statistics/
https://www.itgovernance.co.uk/blog/different-types-of-cyber-attacks