You type it best, when you type nothing at all
The theme for this week is Phishing, an oldie, but a goodie. Phishing and malware are part of a larger scheme which is known as Social Engineering.
Phishing is one of the most popular forms of social engineering.
You would think that these types of attacks don’t work anymore due to the ever-growing knowledge around the structure of these types of scams because people are more aware of what to look out for.
Unfortunately, when an attack involves social engineering, it exploits the weakness of the organisation it is targeting, which means the hacker often can tailor a scam in such a way that it won’t be obvious and will most likely be successful.
With technology being used for most of our daily tasks be it at work or at home, social engineering has changed because physical human interaction is not necessarily needed anymore. The cybercriminals can get the information they want through pop-ups, public Wi-Fi, infected links and emails. This is why you need to always be on alert and having the security measures in place on your devices so that there is another layer between you and the attacker.
Phishing is not only an obvious email with a link to a website to change your login details, it can also be from an official looking sender, requesting information of yours to be sent through to verify an account. This is where they catch you, especially if you are rushing and don’t think before sending.
It is so important to remember that you must think before you type and think before you send, especially in the workplace. They rely on their tactics to derail you from your usual procedure, because you wouldn’t just send information out to anyone (I hope). They find the weak link and they will often use multiple social engineering strategies to get the best results.
J2 Software recommends ongoing user awareness training as part of your overall security strategy. Adding multiple levels of protection and including the end user in the process, you have the ability to limit the risk of a breach. It is only when you empower your end user that they can start to learn to identify the social engineering tactics and be able to put that knowledge into practice.
Awareness is KEY to stop yourself from becoming a victim, and it is no good doing this once or twice, it is a constant learning and relearning, hackers adapt their attacks, and so you should adapt your knowledge.
Let’s get real.
- Hits: 294