With technology playing an increasingly important role in our world, it is important to be aware of the potential for scams. We need to be informed on the different types of cybersecurity threats and be ready to take the necessary measures to protect ourselves against a cyber-security breach of our electronic data (our passwords, online accounts, etc.). At Shobe Financial, our team completes an annual educational program to remain alert. We want to share this critical information with you.
Types of Cybersecurity Threats
The most prevalent IT security threats include:
- No longer limited to direct email, spam is now one of the main methods of attack via social media. When someone “invites” you to connect on LinkedIn, for example, that invitation may arrive in your email, but its effectiveness is directly related to your trust of various social media sites. Cyber criminals can even embed password-stealing malware from within a simple LinkedIn invitation.
- Phishing is a common practice whereby hackers go after a broad target of users with emails that look genuine, but are actually intended to lead you to click on dangerous links — possibly divulging usernames, passwords, personally identifiable information, or even financial information. Phishing is akin to throwing out a wide net full of bait and pulling in whatever they catch.
- While phishing schemes cast a wide net, spear phishing takes a highly targeted approach to attacking specific individuals. The most infamous spear phishing attack in recent history was on John Podesta, then-chairman of the Hillary Clinton presidential campaign. Spear phishing attacks target high-profile individuals or people with access to valuable digital assets. The email is usually hand crafted, and uses all available information to make the email read like an actual email from a friend or colleague.
- Short for “malicious software”, malware refers to any type of software designed to cause harm to a device such as viruses, rootkits, spyware, worms and Trojan horses. Advanced malware has a specific target and mission typically aimed at an organization or enterprise. In 2017, the malware program known as WannaCry spread throughout the world, crippling hundreds of organizations.
- Similar to malware, ransomware is used by attackers to extort money (or possibly other resources) from the target organization. It encrypts files on the drive, requests money, attempts to steal credentials in the memory and attempts to propagate through the network using stolen credentials or exploits.
- Social engineering is the use of deception to manipulate you into divulging confidential or personal information that may be used for fraudulent purposes. At its core, social engineering occurs when one person fools another into giving up access to a resource. Social engineers use a variety of tools to gain access to targeted resources, but the one-on-one direct attack remains the same.
- If you receive an email that doesn’t completely make sense, has typos or odd grammar, or asks you to spend money, buy something, or give personal information, call the sender directly (using the number you have for them – not the one in the email) to verify the communication is real.
- Hover over the email “from” to see the email address that sent the message. Make sure the email address is consistent with the information (if the email says it is from your bank contact, be sure the email address shows that contact’s email).
- Hover over links – but do not click the links – to verify the links take you where they say they will (if the email is from a bank, the link takes you to the bank website).
- Also, if you work with an IT professional contact them right away about your cyber security concerns