Social Engineering
This is one of the easiest ways cyber criminals manage to gain access to your data and cause major damage.
All the patching, firewalls, antivirus and other various software become useless when your users fall victim to a social engineering attack. Here are two very real and dangerous examples from our J2 Cyber Security Centre’s findings:
1. Tax Invoice
The screenshot below shows an email that multiple clients were sent but because of the tools that we put in place; they were not delivered. The email urges you to open an attachment disguised as a Tax Invoice.
If you pay attention to the extension you would be able to tell that it is out of the ordinary, how would you pick this up? Because it is a .cab file and it should be a PDF or .zip file! If you open the attachment and the file you would unknowingly be installing malicious malware onto your computer, which in turn would infect the entire network.
2. CCMA Final Reminder
We also encountered a very convincing email imitating a CCMA final notice. The notification appears as
below. This notifies the recipient of a final reminder on a case lodged against you and advises you to
check the attachment for case and venue details.
However much like the first case the attachment contains malware. The attachement contains a double
extension, “pdf.gz.” As gz is a archive file which means that it contains more files inside of it. A more indepth analyis will reveal that the email was sent from a different mailserver/domain than the authorised
ccma.org.za mailserver.
How can you protect yourself from Social Engineering?
Apart from having all the software installed to detect these types of attacks, you can protect yourself and your network through education. Human error is to blame in more than 95% of all breaches. You need to make sure that you have a comprehensive User Awareness Training program in place. An effective user awareness training program uses engaging content and real life scenarios and simulations.
This approach will educate and test your people to help make sure that they are part of the fight, rather than becoming the next victim.
Allowing real time results and evaluations allow you to understand the areas that you need to focus on.
The combination of real User Awareness Training along with your multi-layered security infrastructure will ensure that everyone on your network is learning and adapting to the ever-changing attack methods.
Don’t think it won’t happen to you, because it will happen and the damage will be catastrophic.
Educate and protect yourself and those around you!
Would your IT security Provider have assisted you with this?
Martin Erasmus
- Hits: 2160