What is a cyber attack?
Cyber attacks are actions carried out by hackers. They aim to damage a system, access confidential information or collect money. A cyber attack has different faces, and for this reason, it is essential to set up a secure work environment to protect yourself from potential risks. Hacking is often done in a subtle way. Would you be able to know if you were a target? Here are a few tips on how to identify cyber attacks.
1. Malicious Software (Macro Malware)
The use of malicious software (better known as macro malware) is a fairly common cyber attack. It consists of installing firmware in a document and sending it to a correspondent in order to damage his computer. Hackers often invite their victims to activate the software themselves by clicking on a link.
How does it work?
The hacker plays on your good nature and creates a feeling of insecurity. The message linked to the document encourages victims to seek more information about possible unpaid bills, default on loan payments, etc. You have to be careful. When you receive a document from an unknown sender, do not open it. Also, if you receive an illegible document and the only way to read it is to click on a link, don’t. Be vigilant and take the necessary precautions.
2. Email Phishing
Email phishing is done in two different ways. The first one is the best-known form of cyber attack: fraudulent emails. These include messages requiring you to reset a password or track a package.
Lucky for us, these fraudulent emails have a few red flags. First, pay attention to the spelling and punctuation; if the grammar and syntax are suspicious, it’s probably a scam. Then, take a look at the civilities at the beginning and at the end of the email.
A company you are familiar with or bought items from will know your information, including your name. Hackers sending fraudulent emails do not have this information and are not likely to use it in the greetings.
Also, be aware when you don’t know the sender, but the sender seems to know you. A final way to identify these attacks is to move your mouse over the link provided by the scammers. In the case of fraudulent emails, there is a heavy use of tools aiming to hide a URL, such as bit.ly. Normally, we use bit.ly on a Twitter account, for example, to reduce the number of characters. Hackers use it to camouflage the real landing page of their attack.
BEC – Business Email Compromise
Another form of email phishing targets primarily businesses. These attacks are carried out over the medium and long term. The ultimate goal is to collect a significant amount of money that will be transferred internationally.
In order to do so, hackers proceed in stages. The first step consists in targeting people who are able to make payments and transfers within a company, including people working in finance or accounting departments. The target will receive a malicious software contained in an email. Then, the software will analyse the target’s digital movements in the weeks and months to come.
Who is the target talking to? How does the target communicate with his bosses? Who are his administrators? Which words do they use? This software will even be able to create a document listing the target’s accesses and passwords.
What is this type of cyber attack?
The software establishes when circumstances are conducive to attack (bosses are away on a business trip, decision makers are absent, etc.) The hackers will then send an email to the target, impersonating his boss. He will mention being unavailable, out of the office, about to hop on a plane or enter a meeting and demand to immediately transfer a large sum of money. Moreover, it is not uncommon for these emails to feature the mention “urgent” in the subject line. Be careful. Even if you don’t want to bother your boss, a large money transfer should always require a double check. Call your boss and make sure he confirms it in person.
Better safe than sorry. You will have foil a cyber attack targeting your company. Stay on the lookout by going over your company’s cyber security policies.
Smishing, or SMS phishing, is phishing by text message. Here, the scammers are looking to steal the victims’ personal data and banking information. They go so far as to use a pseudonym that everyone knows (iCloud, Apple, banking institutions, etc.). Have you ever received a text message from iCloud asking you to validate certain information? Don’t. You could also receive an SMS from your bank telling you to log in to accept a transfer. Please don’t.
The important thing to remember when receiving such text messages is to never open the links. By “confirming” your information or accepting a suspicious money transfer, you are giving away your personal and banking information to scammers, who will certainly use it instantly.
Smishing is becoming more and more popular. It is the new trend, replacing fraudulent emails asking you to accept several million dollars that a distant member of your family in Africa is bequeathing you after his death. Smishing is effective since we always have our phone with us. Also, since the screen is small, we all tend to want to click on a link to find out more and to see more. This is where the attack happens. Smishing has a fast response rate.
How do you avoid it?
Obviously, don’t click on any links sent by text message! Moreover, don’t reply or engage in any conversation. The best way to protect yourself is to do nothing except, of course, block malicious numbers. Although you won’t be receiving any more text messages from this number, you should stay on the lookout. Scammers have more than one trick up their sleeve and more than one number to use!
Like all other types of cyber attacks, vishing is designed to access the target’s computer. However, it does so in a different way: over the phone.
We’ve all heard of those government fraud charges or that fancy cruise you win every month… Classic vishing.
The best way not to get caught is to simply hang up. You can also contact the organization the scammers say they work for. Why should you do that? Because otherwise, they will keep on calling potential victims who are not as informed as you are.
Ransomware is a malicious software that blocks access to the computer system and encrypts data. It aims to create a feeling of anxiety among targets by accusing them of committing illegal actions or storing illicit documents.
Scammers then act on behalf of the government and demand a financial penalty (ransom). The ransom is often demanded in cryptocurrency. Upon receipt of the payment, the scammers promise to unlock the system. True or false? It depends. You should know that a cyber attack like this, like any other, leaves traces in the target’s computer system. The installed malware won’t be deleted from the computer, which suggests a new attack in the future.
Being malicious software, a ransomware reaches your computer through a downloaded attachment or an infected website. To minimize the risks of becoming a target of this type of cyber attack, updates must be done regularly. Software, antivirus, firewall, operating system, etc., everything must be up to date on your computer. Also, don’t forget to make periodic backups and store the copy on the Cloud or on an external hard drive. In case of a cyber attack, you will still be able to access all your files.
So, here you have the 5 most common cyber attacks. Hackers act mainly for two reasons: to access your personal information or company data and to collect money. In any case, you must be careful at all times. Cybersecurity can be achieved not only through the work environment, but also through vigilance and awareness. Knowing about the red flags of cyber attacks is the best way to avoid them.
Do you take all precautions when surfing the web?
Image source : Unsplash