Need-To-Know Guide on Phishing & Social Engineering Attacks
Phishing and social engineering attacks are relentlessly on the rise and increasingly sophisticated. And while you might think that your personal information isn’t worth the trouble to cyber criminals or that your bank will protect your funds, this is unfortunately not the case. A mere email, if connected to a company you do business with, can cause a breach of their security, which in turn could release sensitive information that company has collected about you.
The following guide will explore what phishing and social engineering attacks are, plus outline ways to guard against them so that your Internet security isn’t compromised.
Phishing and Social Engineering Attacks Explained
Phishing
This type of cyber criminal activity involves a scam in which the attacker sends an email which seems to be from a valid financial or eCommerce provider. The objective is to entice or scare you into visiting a bogus website posing as the real thing. Once you click into it, you’ll be asked to login to your account and enter personal information such as your PIN number, National Insurance number, mother’s maiden name, etc. This puts your details in the hands of the criminal, who can then use them to carry out bank fraud or even identity theft.
Social Engineering Attacks
This is a blanket term for any situation where you get tricked into doing something that a cyber criminal wants. It often means clicking on a link which directs you to a malware infected website, dupes you into entering your banking details or gets you to download a virus disguised as something useful.
The ways that the scam artists get you to open the doors to their criminal objectives are varied – it often happens through phishing emails disguised as news alerts, great deals or greeting cards. Social engineering attacks also often try to make users infect their computing devices with malware, such as by responding to alerts to download a video codec or Flash update. Other methods which criminals are increasingly targeting are app downloads and dodgy links posted on social networking sites.
Top Tips to Protect Yourself
Antivirus Software
It cannot be overstated how important having an up-to-date antivirus program is to the security of your computing devices.
Trusteer Rapport
In addition to your antivirus protection, Trusteer Rapport adds an important layer of security, particularly for online banking. When you access a designated site, Rapport goes into stringent defence mode to recognise and prevent breaches of your Internet security. It can effectively help to block keyloggers, screen catchers, phishing and other socially engineered attacks.
Passwords
As a rule of thumb, never re-use the same password to login to multiple websites. This might seem difficult as it means having a long list of different passwords that are hard to remember. To get around this, keep a list of all your passwords. The main thing is to keep cyber criminals guessing when online.
Links
The more cautious you are of clicking on links, the less chance criminals have of gaining entry into your computer. In addition, never respond to a login demand when you click on a link and always be suspicious of any request for personal information that doesn’t come from a legitimate website that you know.
Scareware
Scareware generally amounts to those nasty alerts which suddenly tell you that your computer is infected to get you to download malware masquerading as virus protection. The problem is more rife with Windows operating systems as they often allow scareware to install without your knowledge as part of a hidden drive-by download. The rule of thumb here is never respond to popup alerts – instead, always go directly to the website of a trusted provider.
Security Responsibility
You cannot reply entirely on your service providers to safeguard you online, it’s important to take matters into your own hands as well. Examples include providing your mobile number to your bank or webmail supplier (those that allow it such as Gmail) so they can notify you if there are any suspicious password reset requests, plus asking your bank for alerts on any transfers over a certain limit made from your account.
In addition, train your instincts to spot suspicious activities or requests – if an email or website doesn’t feel right to you, chances are you’re right. In any case, as the saying goes, it’s always better to be safe than sorry.
Conclusion
As technology advances, we’re all tending to use computing devices for an increasing number of activities, but this also means that our personal information is made more easily available. This is why Internet security is vital – in the same way that you wouldn’t leave your doors and windows open at night, lacking caution online leaves you dangerously open to theft.
About the Author: Peter McKiel is an independent IT Consultant and Internet security advisor.
Processing your request, Please wait....
