Cyber criminals use a wide variety of scam tactics to gain access to a device or network, to ask for ransom or to steal valuable information.
Understanding today’s threats, how to protect and secure your company against those threats, to know the various techniques in which social engineering can be very beneficial. People can minimize the impact of cyber scams by knowing the most common methods used by cyber criminals.
Phishing attacks are very common in corporative networks just like with personal networks. These attacks take place when a hacker send an email pretending to be someone else to get or access credentials, personal information, financial information or sensitive information related to the company the person works for. Here are some advices to put into practice to recognize malicious emails:
– Check the contact’s name: Be careful if you receive an email from an unknown source asking you to do certain things like providing personal information or logging in a web page. Check the emails address or phone number and share it with the person or company that says to be associated with to find out if there are inconsistencies.
– Poor grammar or grammar mistakes: Professional organizations take time to read their information before sending it. Very often, hackers do not do that. If you receive an email from a supposedly reliable source that has typos, a poor grammar, or bad punctuation, is likely to be a scam.
– Aggressive behavior: If the topic or tone is too aggressive, it may be scam. Have you ever received an email on SPAM that says something like “This is urgent! Your bank account is overdue by X days. Contact us ASAP!” The idea is to make you feel uncomfortable, to scare you, and to act as the scammers want.
While phishing is massive and offers relatively easy hints to detect it, spear phishing is more specific and sophisticated. Scammers doing this kind of phishing do in-depth investigations about their victims, and take time to understand the company, colleagues, and personal interests. You have to consider the following to better protect yourself from spear phishing:
– Be discrete when giving information: It sounds simple, but if users did not give away voluntarily their personal information to these criminals, phishing would not the most efficient scam.
– Have good security hygiene: If you have basic security hygiene, it will take away many of the common attack vectors scammers use to infect computers and to gain access to your information or the network’s organization. Implementing simple habits can greatly reduce the chances of scams affecting your device or network.
Baiting or scam baiting aims to persuade unsuspected users to do a specific action like downloading a virus on imputing personal information in exchange of the “bait.”
Cyber criminals can offer anything from free antivirus software, downloadable movies, or even physical bait like a memory unit with the label “Corporative Salary Information” that the victim can find and connect to his computer.
This kind of scam has many shapes, but the objective is the same: lure users to install malicious software. Some common indicators are:
– Avoid free offers: Many cyber scammers try to attract their victims with promises of free downloads, free shipping, free subscriptions, etc.
– Avoid external flash units or unknown hard drives: Attacks can be done digitally or with physical units that install malicious software. Make sure you know the owner of the unit before you connect it to your computer.
Attacks to mobile devices
Mobile devices are also targeted by scammers. Fake apps or ransomwares are used to extract information. These are widely available especially for Android devices. Keep the following in mind:
– Avoid malwares masked as apps and updates: A growing number of fake apps are available in third parties stores. Moreover, implants and updates that exploit apps and devices are also common (crypto mining malware.)
– Use a safe Wi-Fi: Public spaces and stores offering free Wi-Fi are common spaces for attacks for criminals that often transmit the availability of the Wi-Fi services to steal information. When using a public Wi-Fi, use a VPN and avoid confidential transactions.
Attacks on IoT devices
IoT devices are also target of attacks. These attacks are becoming more popular with each passing day. Many of these devices are easily exploitable because they a persistent Internet connection, and they use potent GPU processors. This makes them ideal for crypto mining and DDoS vulnerabilities. So, how can you be prepared?
– Update credentials: The most common exploitation strategy is simply trying to connect to IoT devices by using the predetermined username and password. Whenever you can, change the password of your routers, smart TVs, and home entertainment systems.
– Be careful with connected cars: As more and more devices interconnect, they become more vulnerable for they are the weakest link of the chain. Devices like connected cars are not only attractive targets for cyber criminals because they have the users information, phone information, and even payment information, but also they represent a risk to drivers and passengers if they are ever compromised.
When buying a connected car, check carefully and change the predetermined security configurations, and avoid installing apps from unknown sources.
Cyber scams can affect anyone who is not aware of the warning signs. As people continue to adopt more and more devices connected to networks, the risk of being a victim of scams only rises.
Knowing the usual cyber scams directed to people, and being able to recognize them, can protect your valuable information and the information of the network in which you connect.