Whilst ghouls, ghosts, tricks and treats are in season this Halloween there is never a time for the digital ghoul, Cybercriminals. Cybercriminals are falsifying virtual treats in social engineering attacks to unsuspecting victims who wind up with a nasty trick. These attacks are often executed in the form of phishing emails.
The Phishing Scare
Phishing attacks are like the classic haunted house of the cyber world. They are specially designed by cybercriminals to lure a victim in using deceptive tactics. This will commonly look like a genuine email that is delivered from a trusted source, such as an update from your bank, a social media platform or sometimes even someone you know, such as a colleague. These emails almost always have a call to action, requesting you to click a link, verify personal information or download an attached file.
As these criminals are cleverly trained, they try to make these emails look as genuine as possible however there are some key red flags to keep an eye out for:
- Poor spelling and grammar
- Unusual sender address
- Incorrect URL link
- Unexpected content
It is important to verify that the content of a message is genuine before acting on the request if you have any suspicions there might be something wrong. This can be done by speaking to the sender directly, such as via a phone call, or by contacting them using an alternative channel you communicate with them.
The Social Engineering Spell
Phishing attacks are a type of social engineering attack. Social engineering is like meeting a hypnotist’s gaze (if that hypnotist also happened to be a cybercriminal), that would manipulate you into revealing sensitive information. There are a variety of psychological tactics used to deceive you, from impersonation of someone such as a colleague, to threatening, through authority such as pretending to be a manager or using embarrassing facts they have stolen about you.
These attackers exploit key vulnerabilities in human nature, such as curiosity, trust and fear.
For example, the attacker might claim that negative things would happen such as account deletion if action were not taken immediately. This sense of urgency and fear increases the likeliness someone would fall victim to this attack.
To defend yourself, it is always important to be sceptical of requests received online and if something doesn’t look right, always verify with the sender through an alternative method of communication.
Defending against these horrors
Protecting yourself from these e-nightmares doesn’t require a magic wand or special potion but it does require vigilance and awareness.
Some top tips to keep yourself safe from falling victim to social engineering and phishing attacks.
- Stay informed. Keeping up with the latest phishing and social engineering tactics helps you know what to look for. A great way to do this is by following our Cyber Wise page on LinkedIn.
- Verify Senders. Double-checking the legitimacy of messages is always important. Never trust a message solely based on its appearance.
- Use Multi-Factor Authentication (MFA). MFA adds an extra layer of security to any account it is enabled on, making it more difficult for an attacker to seize.
- Keep software and applications updated. Regularly updating applications and software allows security patches to be installed, which prevents known access routes for cybercriminals.
- Beware of Urgency. cybercriminals will often create a sense of urgency to pressure you into making a hasty decision. Taking your time before acting can be the reason an attack is prevented.
- Report Suspicious Activity. If you receive suspicious messages or notice suspicious activity, report it to the relevant party.
- Use Strong Passwords. Using strong, unique passwords across all your accounts will help prevent cybercriminals from successfully breaching your account.
A treat from CTRL-S
CTRL-S are currently running a 50% off promotional offer. Take advantage of 3 months half-price Cyber Wise packages for your whole business if you sign up before November 17th.
Cyber Wise is a tool, powered by the experts at CTRL-S, specially designed to provide you and your business with relevant security training, and simulations and to inspire a strong culture of information security and increase cyber attack resilience across the whole business.
To learn more about our amazing offer, or to sign up, click here