Phishing is one of the most pervasive forms of cyber crime. Let’s look at some examples:
- You get an email from your bank telling you that there were problems with your account. Click on the link provided to verify your information and keep your account from being closed. The criminals are attempting to get you to provide your banking information.
- You’re on and you get a flirtatious request to chat by an unknown member of the opposite sex. After a few minutes of chatting, they want to send naughty pictures but can’t do it through Facebook so you’re invited to join them at a chat room that allows you to send pictures and say intimate things, maybe even video chat.
You can log in using your Gmail account, or Facebook account.When you get there, you log in several times but can’t get in. They’re collecting all of your log in attempts and will use that information to access your accounts, send out messages disguised as coming from you, and will gather more information about your life to steal your identity.
- Everybody’s has gotten the “Secret Shopper” emails to the point where I’m amazed that anybody falls for them. However, the new spin is “New exciting job opportunity at Google” (Insert the company of your choice). All you need to do to apply is fill out their application, which just happens to include all the information they need to do a complete profile of you.
- Phishing happens across the spectrum of electronic media. I was talking with a client who had been job hunting on Craig’s list. He clicked on a link to what sounded like a fantastic opportunity. Nothing happened, so he clicked again. He dismissed it as a broken link and moved on. Nothing could have been further from the truth. He clicked on a link that downloaded code that extracted all of his access and login information.
How your information is used depends on the nefarious person(s) behind the attack. Sometimes it’s as simple as adding your computer as a robot cog in a much wider network – aka a bot-net – controlled by a bot-herder. We’ve all gotten those emails from friends saying, “You’ve got to see this.” When get open the email, there’s just a link.
The next time you get out of these emails, you’ll notice that the list of people to whom the email was sent includes a lot of addresses similar to yours alphabetically. Sometimes, the sending email isn’t from your friend but an email address that looks very close. For instance, instead of the email address email@example.com the sending address would be firstname.lastname@example.org or email@example.com.
These are messages that have been sent by a bot on a bot-net. Someone downloaded malevolent software that has accessed the command and control module and is now sending out messages infected with worms and viruses in the hopes that you’ll open one and infect your machine. They are spoofng those other addresses because statistics show you’re much more likely to click on links from people that you know and trust. Once you click on that link or open that email, they have you in their clutches.
Study after study shows that the greatest vulnerability to the best security systems is the human element. Greater than 68% of all breaches are caused by employee behaviors. It’s estimated that only 9 percent of the breaches are caused by malicious behavior of employees. This means that, through education and diligent oversight, companies can significantly reduce their exposure to cyber criminal behaviors.
How to avoid getting infected:
- No social media on the company computers – the risk is too high.
- Don’t download apps or programs except from sites approved by your IT department
- If a friend sends an email with just a link, drop them a line asking for them to confirm that they sent that email. Chances are, they have no idea that they’ve been spoofed. Don’t click on the link until you hear from them. If they didn’t send the message, report the message to your email network security.
- Keep your anti-virus applications and operating system updated. Many of the updates are security patches of vulnerabilities that have been identified and patched.
- Limit on-line shopping on company computers.
“an ounce of prevention is worth more than a pound of cure.”
Through continued employee education and keeping the security message front and center with employees, MCB has been able to raise awareness and decrease cyber incidents within our client base.
. MCB provides outsourced IT services for the Metropolitan Oklahoma City area. We can be reached at firstname.lastname@example.org.