How to Protect Yourself against Social Engineering

Hacking, Ophtek, Phishing, Phishing Email, Security Threats, social engineering, , , ,
04
Aug 2020

 

Hackers thrive upon deception and the result of this endeavor is social engineering. It’s a powerful tactic and one you need to protect yourself from.

Social engineering has been used to deploy attacks such as the Coronavirus malware and the recent attack on high profile Twitter accounts. The method is intriguing due to its sophistication and its human element. Rather than relying on complex coding techniques to outwit computer systems, social engineering takes advantage of human naivety. More importantly, however, is the sheer destruction that it can cause.

The world is a perilous place at the best times, but now more than ever we need to make sure we protect ourselves and our businesses. One of the best ways to get started is by reinforcing the barricades against social engineering.

What is Social Engineering?

Manipulation is, in a word, exactly what social engineering is. But you’re going to need a little more information than that, so let’s take a closer look.
Social engineering is a process in which one party seeks to deceive individuals into revealing sensitive information. When it comes to the world of IT this sensitive data tends to relate to login credentials, but can also involve transferring sensitive documents such as employee records. These attacks are commonly executed through the use of phishing emails, but this is not the only technique. It’s possible for hackers to carry out social engineering attacks over the telephone and even face to face.

The Best Ways to Protect Yourself

Protecting yourself against social engineering takes a concerted effort. You can’t rely on software alone to protect you. Luckily, you can strengthen your personal defenses by practicing the following:

Take Your Time: Social engineering relies on a lack of caution on the victim’s part. Therefore, it’s crucial that you always take your time when it comes to any form of communication. A social engineer will do their best to force you into making a quick decision e.g. clicking a link or disclosing your password. To counter this, evaluate all requests and press for answers if you feel even slightly suspicious.

Use Email Filters: There have been great advances made in email filters over the course of the last 20 years. Where these junk filters once had relatively little use they are now highly intelligent. Enabling your email filters will enhance your security and prevent the majority of phishing emails making their way into your inbox. This reduces your risk and stops you from engaging with a social engineer.

Too Good to Be True: As with all areas of life, if something sounds too good to be true then it makes sense to be suspicious. After all, it’s unlikely that a representative for an African prince wants to deposit millions of dollars into your bank account. And, if they did, why would they require your social security number? And your workplace login credentials? As a rule of thumb, if it sounds like a scam then it probably is and should be deleted.

Is the Source Genuine: If an email says that it’s from your bank then this doesn’t mean it’s from your bank. Likewise, a phone call from your HR team isn’t necessarily genuine. Hackers specialize in trickery and deception, so they won’t shy away from such blatant and direct approaches. Always check every request for details such genuine URL details (by hovering over a link) and only transmitting sensitive data to internal email addresses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Coronavirus Malware Spreads Round the World

Ophtek, Phishing, Phishing Email, Security, Security Threats, , ,
18
Feb 2020

The coronavirus is the latest health scare to be spreading across the globe. Hackers, as clever as ever, are using this fear to spread malware.

Hackers are innovative criminals and are constantly on the lookout for exploits. Sometimes these are software vulnerabilities that leave back door opens. But these exploits can also take the form of social engineering. And this is how hackers are taking advantage of the panic caused by the coronavirus.

It’s always important to safeguard your defenses with the best security software, but this isn’t enough. Threats such as social engineering require a concerted effort to be made by individuals. So that’s why we’re going to take a look at the threat posed by the coronavirus malware.

What is the Coronavirus Malware?

The entire planet is preparing and educating themselves for the fight against the coronavirus. Naturally, this means that millions of people are heading online to learn more about the disease. Now, although the internet poses no threat to your physical health, the same cannot be said for your digital security. And this is because cyber criminals are disguising malware as educational documents on the coronavirus.

These documents, which have been detected as docx, pdf and mp4 variants, promise to be helpful. But, rather than containing useful information on the coronavirus, these documents actually contain a wide range of malware threats. So far, Kaspersky, have identified 10 file variants that include various Trojans and worms. However, given the on-going threat of the coronavirus, it’s likely that the number of malware threats will increase.

The most common method to spread this malware is through phishing emails. And, as with all social engineering, the bait is very convincing. The emails claim to be distributed by the Centers for Disease Control and Prevention, but this is a false claim. If you look a little closer you will discover that the domain these are sent from is incorrect. The official domain for the CDC is cdc.gov but these malicious emails actually originate from cdc-gov.org. These emails contain a link which, rather than taking you to an advice page, takes you to a fake web page that aims to steal your credentials.

How to Protect Yourself Against the Coronavirus Malware

Hackers are using a variety of methods to exploit the coronavirus to cause digital chaos. Infected documents threaten the security of your PC systems and phishing emails have the potential to steal personal information. Therefore, you need to protect yourself by following these best practices:

  • Only Open Trusted Files: The only files that you should ever open on a PC are ones that come from a trusted source. If there’s even the smallest doubt over the legitimacy of a file you shouldn’t download it. Always check with an IT professional before going any further. 
  • Always Hover Over Links: Emails, and websites, can easily display a web link which disguises its true destination. A link that, for example, claims it will send you to an official government website can easily send you somewhere else. However, if you hover your mouse cursor over a link, this will prompt a popup which displays exactly where it will take you. 
  • Install Security Software: A sure fire way to avoid the wrath of malicious websites is by working with security software. These applications are regularly updated with details of malicious websites and will put an instant block on visiting them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What are the Telltale Signs of a Phishing Email?

Ophtek, Phishing, Phishing Email, Security, Security Threats, , ,
21
May 2019

Email is an integral part of business communication for any organization with an IT structure, but there’s a significant danger posed by phishing emails.

When it comes to IT security, you want to make sure your defenses are as strong as possible in order to repel any hackers. However, human error will always play a factor in this and hackers are well aware of this vulnerability. Phishing emails are the latest evolution in the age old scenario of a confidence trick and present a major issue not just to individuals and businesses, but also political parties. Given the damage that phishing emails can cause to your data security and IT infrastructure, it’s important to understand the telltale signs of a fishing email, so let’s take a look.

Four Telltale Signs of a Phishing Email

If you know what you’re dealing with then a phishing email can be quickly identified and deleted from your server within a few seconds. However, understanding what does and doesn’t make a phishing email is a learning curve. In order to get up to speed on what constitutes a phishing email make sure you look out for the following:

  1. A Suspicious Email Address: Although it’s possible to mask the true identity of the original sender of a phishing email, the chances are that the hacker will instead use an email address that appears to be genuine but, upon investigation, is false. A good case in point is when the email address is clearly not official e.g. it’s common to find phishing emails pretending to be from Microsoft, but with a domain name which clearly isn’t Microsoft such as microsoft_support@yahoo.com 
  1. A Vague Greeting: Phishing emails are rarely sent to a single individual. Instead, hackers tend to send the same email to thousands upon thousands of different people. This approach ensures that there’s a higher chance of someone falling for the scam. However, addressing each email to each individual would be incredibly time consuming. Therefore, a sure sign of a phishing email is one that commences with a vague greeting such as “Dear Sir/Madam” or Dear Customer” 

  1. A Fake Link: Phishing emails almost always contain a link that takes users to either an infected website or downloads malicious software. And, often, these links will appear to be genuine. So, for example, there may be a phishing email that lands in your inbox from your bank that asks you to click a link to confirm some security details. However, while that link may read as bankofamerica.com it may be hiding a different destination. The only way to verify this without clicking is by hovering your mouse cursor over the link and verifying the address revealed in the popup box. 
  1. A Sense of Urgency: Hackers want you to click on the fake links contained within their phishing emails, so their approach tends to use fear to encourage clicking the link. Phishing emails, therefore, tend to carry some type of warning in order to trick you into thinking that it’s in your best interests to click the link. This can be as mundane as asking you to enter a survey to win a million dollars or more serious warnings such as the imminent closure of your bank account.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Understanding the Basics of Ransomware

Ophtek, Phishing, Ransomware, Secure Database, Secure Flashdrive, Secure Website, Security, Updates, , , , ,
07
May 2019

Ransomware has been causing trouble for businesses for many years, so it’s clearly a form of hacking which needs greater understanding to avoid its wrath.

The name ransomware sounds a little threatening and, as with all hacks, it’s hardly the friendliest of exchanges. However, whilst most forms of malware – which ransomware is a strain of – tend to disrupt day to day operations of your IT equipment by either stealing data or putting a strain on your network through DDoS attacks, ransomware is different. Not only does it disrupt your IT operations, but it also delivers a financial threat to your organization.

Due to the double whammy contained within ransomware, it’s crucial that you understand the basics of ransomware, so let’s take a quick look.

What is Ransomware?

Believe it or not, but the very first recorded ransomware attack dates back to 1989 when a hacker was able to hide the files of an infected PC on its hard drive and encrypt the file names. And, to be honest, modern day ransomware still operates in a similar, if not more sophisticated, manner.

Ransomware is a form of malware which, when executed on a user’s PC, is able to take over the victim’s system and encrypt their files. Naturally, files are essential for any organization to operate efficiently and to their maximum productivity, so this is clearly a very debilitating attack. However, to add insult to injury, the hackers then demand a ransom fee to release a key which can decrypt the files and return them to a usable state.

How is Ransomware Executed?

The most common method employed by hackers to execute ransomware on a user’s PC is through phishing emails. These emails, which appear to be genuine, are highly deceptive methods of communication which convince the recipients that they need to open an attachment bundled with the email. However, these attachments are far from genuine and the most likely result of clicking them is that malicious software such as ransomware will be executed.

How Can You Combat Ransomware?

With the average ransom fee demanded by ransomware totaling around $12,000, it’s clearly an irritation that your organization can do without. Thankfully, there are a number of actions you can take to protect your business:

  • Regularly Backup Your Data: As long as your data is regularly backed up, there should be no need to pay the ransom fee. With a comprehensive backup route in place you will be able to easily retrieve your files from an earlier restore point when they weren’t encrypted. 
  • Work with Anti-Malware Software: Most ransomware can be detected by anti-malware software, so it stands to reason that installing this software should make a significant difference to your defenses. Updating this software as soon as any patches or upgrades become available, of course, should be made a priority as it could make a real difference to falling victim to newly released ransomware. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Why are Cloud Networks at Risk of Being Hacked in 2018?

Cloud, Cloud Backup, Cyber Attack, Hacking, IT Mistakes, Phishing, Secure Database, Security, , ,
06
Nov 2018

 

Cloud networks are the most important newcomers to storage and networking in a long, long time, but why are cloud networks at risk of being hacked in 2018?

With cloud network revenue set to hit $228 billion in 2019, it’s clear to see that cloud networks have become phenomenally successful and their popularity doesn’t appear to show any signs of slowing down. However, hackers are exceptionally interested in this new slice of digital real estate and, accordingly, are beginning to tailor attacks towards cloud providers. Naturally, new technology is prone to teething issues, but when there’s so much data at risk, it’s understandable that organizations may be a little concerned by the risk of cloud networks being hacked.

Let’s take a look at exactly why there’s a risk of your cloud network being hacked and having all its data compromised.

Hackers Like to Target Big and Sensitive Data

Cloud networks have been readily adopted by many organizations due to the vast benefits they offer, so it should come as no surprise that hackers have followed consumers to the cloud. Organizations are frequently storing entire databases packed full of confidential data which, to a hacker’s eyes, is the ultimate prize. Rather than embarking on time consuming hacking strategies which yield only one employee’s details, hackers are going to go straight to the cloud to obtain as much data as possible.

 

The Cloud Brings New Technology

While organizations are more than aware of firewalls and passwords, cloud networks bring a whole new range of technology that has shifted the goalposts of cyber-security. For example, the cloud is a virtual network rather than a physical network and, accordingly, can’t be treated in the same way as previous technology that organizations have used. New security tools are required to marshal data warehouses in the cloud and, at present, the level of knowledge is, even in many IT professionals, at a naive level.

Human Error is Always an Issue

Employees of any organization that accesses a cloud network are perhaps the biggest threat to cloud security. All it takes is one mistake for a hacker to gain access to your network and, if they access your cloud, this could have catastrophic effects for your organization’s data. As ever, the risk of falling for phishing scams puts the security of your cloud network at risk, but, as covered earlier, the new technology also brings a number of problems to the table such as configuration errors. Amazon, for example, exposed nearly 48 million data profiles earlier this year due to not configuring their cloud correctly.

The Danger of State Sponsored Attacks

Huge organizations that are integral to the running of the country have invested heavily in cloud networks to help store the vast amounts of data that they generate. The result of this is that hackers are continually searching for new and innovative ways to breach cloud security. While their main target may be major corporations, the knowledge that these hackers are gaining means that the ease with which cloud networks can be hacked is increasing. As this knowledge builds and builds, attacks on cloud networks will become easier to execute and more commonplace.

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More
1 4 5 6 7 8