TechViews News …..
Cyberattacks. We hear about them everywhere – from your neighbor whose son downloaded a video game that crashed his computer, to your sister mistakenly clicking a bad link that tricked her into buying shoes she will never get, and even bigger ones, like hackers stealing Target’s entire customer database.
But how much do you really know about cyber security? Do you know the difference between a virus and a spyware? Confused about the difference between ransomware and phishing attacks? And what in the world is a man-in-the-middle?!
To ease your confusion, we discuss the most common form of cyberattack – Phishing. And we’ve created a short summary of common cyber security terms for you to get familiar with. We also included some nice tips to help protect yourself from phishing attacks.
The most prevalent form of attack is through bogus emails and malicious websites.
It has become virtually impossible to distinguish nowadays between a real and a fake email from a well-known company, especially one you’re likely a customer/member of, as the design, logo, and name seem so real. Therefore, knowing which email to give true attention to or not is quite tricky, but doable.
And the most common form of this email breach is through Phishing.
This is a tactic used to try to gain access to a person’s personal information by posing as a well-known person or company. Typically, one receives an email urging them to enter a cloned website that appears legitimate (i.e. to update their credit card details, fill a form for important information, answer questions for a survey, etc.).
Once they enter their login credentials and/or their email address, they are then recorded and stolen on the spoofed site. And those bogus websites look almost exactly like the real ones. These attacks can be targeted towards a specific individual or to the masses at random.
A new phishing site is created every 2 seconds on average, a figure that has grown by 65% over the past year and is continuing to grow in 2020. This form of attack accounts for 90% of all data breaches, costing billions of dollars of losses to the economy and an average of $53,987 annually for a small business.*
Some tips to protect yourself from phishing attacks:
- Trust your instinct that you may have a fake email. When you get an unusual email from your bank saying your account has suddenly closed, most people’s first reaction would be that it makes no sense. Others may panic and senselessly follow the instructions of the email, which attempt to steal your information. Try to relax and not act hasty. Just think through why you have that email and if you should even respond.
- Do you need information you didn’t ask for? So you wake up and see an email offering you information about something that interests you. It may be about a hobby, or a medical condition, a topic of interest, or even a new invention. All you have to do to get that information is to fill out a short form that may include your name, email address, perhaps even your phone number or address to mail something to. But ask yourself, if they already know your email address (they just sent the email to you – right?) they why are they asking for it again? Once you fall for that scam you will see that the requested information never arrives, and the next day you have 100 new emails about all kinds of things, none of which you asked for. The information you gave in the form was sold and now you’ve been ‘spammed’. It’s next to impossible to get away from those emails, especially if you’ve fallen for that trick several times. Your email address will become useless in a short amount of time because it will be flooded with spam emails and you’ll not be able to sort out the real emails from the bogus ones.
- Check the email address of the sender. It may say “Apple”, however when you click on it to see the full email address, it may be something completely different than a normal Apple email, i.e. if it doesn’t end in @apple.com. Or even by clicking ‘reply’ to look at where your message will be sent can give the fraudster away. The return address should be simple and accurate, not filled with a lot of numbers or letters, or an address that has nothing to do with what the sender would have you believe.
- Contact the real company directly, if you aren’t sure whether it’s real or not. Get their contact info by typing out their actual website address or checking on Google. Go to the ‘contact’ page and send them a message describing the email that is posing as them and ask if it is real. They want to know about fraudsters because it hurts their business as well as their reputation.
- Be wary of alarming content. Anything that urges you to act fast and sets deadlines, asks for your financial information, offers you a reward, or just seems overall fishy, is probably phish-y.
Here is a basic glossary of Cyber Security terms to become familiar with:
Malware: Short for malicious software, this is a type of unwanted software that is installed without your consent. Viruses, worms, and Trojan horses are examples of malicious software referred to as malware. Email is the source of 94% of malware.
Spyware: Spyware, which can be legitimate software, monitors a user’s online activity and collects various personal information, such as Internet surfing habits. The presence of spyware is typically hidden from the user and can be difficult to detect.
Virus: Harmful computer programs that are designed to spread from one computer to another and interfere with computer operations. A virus can corrupt or delete data on your computer and damage your hard drive.
Trojan Horse: A Trojan Horse is a destructive computer program that masquerades itself as a benign file or application (such as a .jpg or .doc). It then opens up a “backdoor” or other access to your PC without your knowledge.
Botnet: A botnet is a large network of compromised computers. A “bot” is malicious software that enables cybercriminals to control your computer without your knowledge and use it to execute illegal activities, such as sending out spam, spreading virus, etc.
Ransomware: Ransomware is a type of malicious software that prevents the victims from accessing their files by encrypting them and demanding a ransom to decrypt them back. Or they may even threaten to publish confidential, private, intimate, or any other sensitive material.
Phishing: Phishing is a type of online identity theft that uses email and fraudulent websites designed to steal your personal data or information, such as credit card numbers, passwords, account data, or other information.
Cybercriminal: Criminals such as black hat hackers, who use malevolent programs on a computer and the internet to commit illegal activity. This can be breaking into computers and stealing corporate or personal data or disrupting operations, among many others.
Man-in-the-Middle (MITM): An attack where two people who communicate with one another have their messages altered by an attacker without their knowledge. The entire conversation is controlled by the attacker, or the man-in-the-middle.
*Cybersecurity stats from Checkpoint Security Blog, April 21, 2020.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.