The second week of Prosource’s National Cyber Security Awareness Month (NCSAM) Campaign features cyber security tips complementing the theme, “How Does the Mind of a Cyber Criminal Work? Understand How Cyber Criminals Plan Attacks”.
Social engineering is a term that encompasses a broad range of malicious activity and uses a variety of media, including email, phone calls, and social media, to trick people into offering hackers access to sensitive information. The success of social engineers relies solely on the hackers’ ability to exploit the one weakness that is found in every company – human psychology.
[You Might Also Like: Blog Article – “5 Types of Social Engineering Scams”]
Phishing is a leading tactic used by social engineers. In a phishing attack, the attacker impersonates a trustworthy company or person in email or another communications channel. Attackers utilize link shorteners or embed links that redirect users to suspicious websites in URLs that appear legitimate. Once redirected, threats, fear, and/or sense of urgency are used in attempt to manipulate the user into acting quickly. The attacker’s goal is to obtain personal information, such as names, addresses, and social security numbers.
Tip #15: Phishing Attacks are Designed to be Broad & Affect as Many People as Possible
Human error accounted for nearly 30% of worldwide data breaches.[1]
Under traditional phishing attacks, hackers send fraudulent, malicious messages to as many people as possible. Since traditional phishing attacks are designed to be broad and affect as many individuals as possible, they are generally written vaguely and are easy to identify.
[You Might Also Like: Blog Article – “How to Spot Common Cyber Scams”]
Tip #16: Spear Phishing Attacks are Targeted, Customized, and Convincing
In 2017, 71% of all targeted attacks started with spear phishing to infect their victims.[2]
Spear phishing attacks are targeted, convincing, and sophisticated. Cyber criminals narrow their attack list to a smaller group of people. Once the attacker has their list, they research the individuals and customize the message of the attack to be more convincing. Attackers use the internet, company websites, social profiles, etc. to gather the information they need to make a convincing targeted attack. The customization used in spear phishing attacks make them more likely to succeed than traditional phishing attacks.
[You Might Also Like: Blog Article – “How to Prevent Common Cyber Attacks”]
Tip #17: Phishers Manipulate Victims by Using Sender Addresses & Names That Appear Legitimate
By the end of 2017, the average user was receiving 16 malicious emails per month.[4]
Spam filters and other tools can help prevent phishing emails from affecting your SMB; however, no tool is 100% effective. Phishers can break through by tricking your email filters into thinking the email was sent from a legitimate source. Often, the phisher will use an email address that is appears to be valid and will use a display name that looks like it’s from a safe source. This can make it difficult for the victim to pinpoint the email as a phishing attack since it uses specific names and/or companies that the victim will recognize.
Tip #18: Phishers Use Convincing Messaging to Lure Victims
92.4% of malware is delivered via email.[3]
After the phisher gathers all relevant information needed, they craft a well-thought-out email that may include company logos and official language to mirror popular websites (Amazon & PayPal). Typically, emails ask for a username and password. The message will be written with a sense of urgency, so the victim feels like they will lose their account or money if they don’t comply immediately.
Tip #19: SMBs are Prime Targets for Phishing Attacks
51% of SMB leaders don’t think their business is a target for cybercriminals.[5]
Every employee represents a potential exposure to phishing attacks. Hackers often don’t care about how big or small a business is – they care about financial gain, stealing corporate data, or committing corporate espionage. SMBs with weak security practices are much easier to obtain financial gain from than large corporations with a dedicated IT team and strong security measures.
Tip #20: Phishing Attacks Easily Get Through Standard Security Measures
76% of organizations say they experienced phishing attacks in 2017.[6]
Phishing messages can easily bypass standard anti-virus software and pass through spam filters, making these types of attacks one of the most dangerous types of cyber crime.
[You Might Also Like: Blog Article – “Layered Security Key to SMB Cyber Protection”]
Tip #21: Understand What’s at Risk Following a Phishing Attack
Business email compromise scams cost organizations $676 million in 2017.[7]
If your SMB is infected, you may experience the loss of login credentials, banking credentials, credit and debit card information, addresses and other personal information, trade secrets, confidential documents, and/or medical information. By infecting a single user, hackers can continue deploying attacks your SMBs network, stealing credentials, disrupting critical processes, or encrypting data and making it impossible to access.
[You Might Also Like: eBook – “Cyber Security Toolkit”]
Check back next week for week 3 of Prosource’s NSCAM tips and tricks: “How Can Your SMB Avoid Becoming Prey? Today’s Top Cyber Criminal Strategies”.
About Prosource NCSAM: As declared by the U.S. Department of Homeland Security and the National Cyber Security Alliance, October is National Cyber Security Awareness Month (NCSAM). The cyber security experts at Prosource created their own version of NCSAM to help SMBs across the United States increase their understanding of common strategies used by cyber criminals and ways to keep their SMBs protected against cyber attacks.
Every Monday in October we’ll send out an email with the week’s 7 cyber security tips and tricks to help your business become more vigilant against cyber threats. You can also check our Facebook, LinkedIn, and Twitter pages for daily tips and tricks. To sign up to receive our weekly emails, click here.
[1] Risksource [2] https://interactive.symantec.com/ISTR?CID=70138000001MD17AAG [3] https://blog.barkly.com/phishing-statistics-2018 [4] https://blog.barkly.com/phishing-statistics-2018 [5] https://www.hitechanswers.net/51-of-smb-leaders-think-their-business-isnt-a-target-for-cybercriminals/ [6] https://blog.barkly.com/phishing-statistics-2018 [7] https://blog.barkly.com/phishing-statistics-2018