phishing

4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

by
4 Types Of Phishing Attacks And 10 Signs To Know A Phishing Email

Phishing is a type of social engineering attack built on manipulating and deceiving people to reveal confidential and private information which is then used to carry out further crime against them.  This attack takes advantage of gullibility and vulnerability of human emotion to steal from people. Phishing attacks have become a popular, easy to use and very dependable tool for cyber criminals. When in operation; criminals would reach out to users through any communication channel, pretend to represent a legitimate authority; maybe a financial service provider, health insurance provider, a family member or trusted friend, proffer assistance, then request for inimical action from the user. Actions that maybe required from users during phishing attacks include but not limited to; Reveal private and confidential information, e.g. password, date of birth, social security number, BVN, code, etc. Click a link that will further direct users to secondary resource where confidential information will be stolen. Open attachment which in most case will contain malwares that will launch further attack on the device and network. Request for cash to enable a staged problem to be solved. Reveal a sent code to enable completion of a proposed solution. With automation and Artificial Intelligence dominating and directing modern interactions and commerce, people shall depend more on digital channels of communication. Available facts have proven that oftentimes, phishing attacks regardless of its type have more success rate than failure. This means more people are falling victim to these exploits. Hence, the benefits of deepening your understanding about them. Let’s dive into four common types of phishing attack. And how to identify email based phishing attack. Four types of phishing attacks. Spear phishing – this type targets specific category of persons, e.g. insurance or bank customers, students, male mine workers, etc. Whaling attack: is a sub-spear type of attack that targets high net worth and high-profile individuals like company executives, politicians, celebrities, etc. Just like implication of the name “Whale” biggest fish – this attack targets only “big fish”. That is, wealthy people. Smishing attack: this is an SMS based phishing where short message service is used to deceive a receiver into providing private and confidential information or taking other action. This is catchy because, it does not require internet connectivity to hit its intended targets. Vishing attack: this type is a direct opposite of smishing. It uses voice call to reach out and deceptively request for confidential and private information from receiver. In the same vein, internet connectivity is not required to execute this attack. Ten Signs to know a phishing email It will come from a stranger: oftentimes phishing emails come from unknown person or agent. It will come from a public email domain: examples of public email domains are yahoo.com, gmail.com, hotmail.com. Domain name will either be misspelt or corrupted: when it pretends to come from private domain, such domain will never spell correctly as the genuine one. There will be a form of misspelling or corruption of it. It will disguise as proffering assistance: merchants of phishing attacks always pretend to offer one form of assistance or the other. Shylock assistance you may call it. The mail content will be poorly written: content of mail will likely lack expected quality of a business communication. Mail will include suspicious attachment or link: this would require further actions like follow or open. It calls for urgent action: whatever is the call for action from phishing attack always comes with “urgency”. It will request user to provide personal information to enable closure of an event. It may request user to send cash to enable a staged problem to be solved. It will appeal to a defined sentiment. Phishing is a low end and cost-effective tool for cybercrime. It is a social engineering attack that exploits inherent weakness in people to get through and steal from them or carry out other crimes against targets. Getting basic knowledge about method of attacks and the techniques to identify them is a better way to go to prevent being a victim. ALSO READ: Cybersecurity Threat Of Social Engineering

Your Email Security Best Practices

by
Your email security best practices

Email has become a significant part of modern-day digital relationships. You can hardly have online presence without a functional email address. Most digital interactions in one way or the other would require sign-in, sign-up, or both using email address. For instance, handheld mobile device like iPhone or android cannot function without optimizing it through email sign-in. What this means is that if you do not have working email address, you cannot fully access and activate the capabilities of these mobile devices. Our email; whether private or professional one deserves special security attention. Hackers knew the importance of this tool as introduced above, hence it has become their main route to scout for unsuspecting or ignorant online users from whom confidential private information is generated for criminal acts. For instance; through emails these hackers deploy phishing, spoofing, whaling, and baiting as popular methods to gather private information from online users. having said this, note your email can be safely used when you are conscious of the presence of cybercriminals who are targeting victims in various ways through it. Make effort to protect your emails by following best security practices. See below list and brief description of some best practices for your email security. Use strong password: for password to be considered strong, it must have minimum of eight letters. These letter must contain alphanumeric characters like abc123&*@. Strong password is a good security practice that will keep your email protected from cybercriminals who may attempt to have unauthorized access to such it with intent to steal confidential information. Keep your password confidential: your password is part of your private information, as such it should never be disclosed to anyone. protect and keep it confidential. Review and update password periodically: to use one password too long will make your email vulnerable and expose it to avoidable security risk. Change and update your password from time to time. Active two-factor authentication: this is an electronic access authentication method whereby a user will be asked to present two or more levels of private information as proof of identity and ownership before access is granted to an application. Activating two-factor-authentication (2FA) will further protect your email from unauthorized access by criminals. Avoid opening strange links: online shared links received from unexpected and unknown sources should first be seen and treated as malware. Cyber space is full of malicious files, codes, applications and software. These malwares are oftentimes shared to unsuspecting and ignorant online users as links. To protect your email; open only links received from known and trusted source, and delete the ones from unknown sources. Avoid public wifi network: free public wifi is a potent avenue for security attack. Cyber criminals sometimes provide and use it to monitor and generate confidential information from unsuspecting and ignorant users. To play safe and protect your information requires you should avoid it. Pause and check before you click: the human error of unconscious surfing internet is what hackers take advantage of to share malwares.  It is a good security practice not to haste to click on anything, e.g., pop-ups, links, download, etc. Always stop, check, and verify what it is before you decide. Avoid download from strange source: it is a good security practice to avoid random online downloads. Files shared from unexpected and strange sources should be seen and treated as malware. Download files from trusted source. Avoid strange sign-in or sign-up: most online transactions would require you to sign in or sign up. In either case, use of email is a precondition. When this request come from unexpected and strange source, it should be avoided. Update system software periodically: to keep a system (computer or mobile device) safe, its software and applications need to be updated from time to time. Such updates can enhance its security capability to protect against malwares and other security threats. Review and update security and privacy setting: your email contains privacy and security setting where it is required that updates should be carried out periodically. It is a good security practice to routinely check it and activate necessary updates. Email has become a very important part of our digital lives. It has also become prime target for cyber criminals. To use it safely requires conscious security practices. ALSO READ: Cybersecurity Threat Of Social Engineering

Cybersecurity Threat Of Social Engineering

by
Cybersecurity threat of social engineering

Cyber security threat is any criminal activity that has potential to take place through the use of computer devices and the internet. There are many types of cybersecurity threats today – they include social engineering, malware attack through viruses and warms, man-in-middle attack, denial of service attack, inject attack and supply chain attacks. This article will focus on and briefly introduce cybersecurity of social engineering. Cyber security threats may come different sources technically known as vectors. Such sources may include state actors, terrorist groups, organized criminal groups, hackers, malicious insiders like; employee, supplier, vendor, competitor, etc. Social engineering happens when a criminal deceives internet users to provide sensitive personal information; the information given is oftentimes used to commit various kinds of crimes against the person or the organization they represent. Social engineering attack makes use of tricks and games to get information from ignorant people and use such information to commit cybercrime. It is a malicious activity. Social engineering is gaining popularity. The trend is also disturbing due to increasing presence of innocent and ignorant computer users who knew next to nothing about it. Social engineering exploit human curiosity, feeling, ignorance, greed, naivety and mistakes to strike. Common types of social engineering attacks include; baiting, phishing, vishing, pretexting, and smishing. See below, brief description of these various methods of social engineering. Baiting: the attacker would lure the user through free gifts and/or others largesse. Phishing: the attacker would send fraudulent email pretending to have come from a trusted source. Vishing:   the attacker would use voice phone call and pretend to come a trusted source. Pretexting: the attacker pretends to represent a trusted authority so as to elicit information from the user. Smishing: the attacker would use fraudulent text message to trick the user. Every act of criminality takes advantage of weak controls or ignorance in some cases. This is technically known as opportunity. With this in mind, the dark web guys (the criminals) prowl on cyber space; spying, hunting, exploiting and experimenting with many of the weak links and the ignorance of users; oftentimes they are successful. To avoid being a victim of social engineering see below; a few recommended guidelines you should practice so as to keep you protected from this menace. Activate 2-factor authentication in all online accounts, including social media. Avoid accessing shared links from strangers, always reconfirm shared links from a known sender. Avoid use of public wifi; if you must use it, do not expose personal information while there. Avoid sharing personal information publicly on social media, it exposes you to criminals. You may wish to patronize software which protects against the threats of social engineering. Do not share personal information or “sent code/pin” to those who would call on phone and claim to be agents from your bank or financial service providers. Visit your bank/others for transactions and confirmations. Do not disclose or click a shared link/code/pin from strangers who would claim to be “Admin” from a WhatsApp group you belong to. Call the Admins to verify and reconfirm before taking decision to accept. Maintain situational awareness (that is, alertness) at all times. Cyber security threat of social engineering is real. It is very common in cyber space where contemporary presence is gaining increasing dominance. Many internet users are not aware of this threat, hence this enlightenment. ALSO READ: CYBERCRIME OF IDENTITY THEFT