Common Phishing Attacks And How To Protect Against Them

Phishing attacks are launched to steal sensitive user data comprising of passwords and important login credentials. The attacker generally masquerades itself as a legitimate sender and sends an email, message or link infected with malware. It is a type of social engineering attack that can have devastating results. There are numerous types of phishing attacks, here we have listed few:

Deceptive Phishing
It refers to an attack in which a hacker deceives the user by impersonating as a legitimate website but steals away a person’s personal information. An email with malicious content often posing as a threat or urgent message is sent to force the user to click it. For example, sometimes they send the user an email posing as a mail from their bank regarding some discrepancy in the account. The user, often in all the haste, clicks on the link and is directed to an illegitimate site that steals away their passwords & login credentials.

Spear Phishing
The hacker personalizes the attack. Emails are specifically addressed and have the target’s name, position, company name etc. mentioned in them to win the user’s trust. This is done to dupe the user and make them click on the malicious link. When once the user parts away with their confidential information, their login credentials and sensitive data is stolen.

Whaling
In this type of attack, the executives at the highest level are targeted. Generally the employees at top level do not undergo a security awareness training program which is why they are prone to cyber-whaling. An attempt is made to pitch the executives using specially designed emails or social engineered attacks. Then the attacker launches a BEC (Business Email Compromise) scam to use the executive’s email to initiate fraudulent wire transfer to a financial institution.

Pharming
This attack resorts to domain name system cache poisoning. The alphabetical website name is converted into numerical IP address which is used to locate computer devices. The attacker then directs the user to a malicious website even if the user entered a correct website name.

Mimic Phishing
An authentic website such as GoogleDocs, Dropbox etc. is mimicked to lure users to sign in. This way their passwords & login credentials are stolen.

How To Protect Yourself Against Such Attacks –

  • Carefully check the URL of the website before clicking on it.
  • Organizations must conduct employee training programs in which every employee should participate.
  • Companies must invest in software that have the ability to analyze inbound emails in order to keep a check over the malicious links/ email attachments.
  • Financial transactions should not be authorized through emails.
  • Only enter the websites that begin with – https as such sites are much secure.
  • Install a high quality anti-virus and update your system on a regular basis.
  • For more information on IT Security, call Centex Technologies at (254) 213-4740.

, , ,

Tips For Educating Employees About Cybersecurity

Computers and smart devices have replaced traditional methods of operation at the workplace. Internet has taken over the charge and our world has become a global village. While we have been able to leverage numerous benefits from the technological advancement, complete cybersecurity is still a major question.

Cyberattacks pose a major threat, however not all cyberattacks can be blamed on outsiders. Some of them might just be launched due to the negligence of your employees. Businesses are increasingly becoming vulnerable due to insider threats and the lax attitude of employees. So, in the wake of high ended cyberattacks and with the growing BYOD culture it has become vital to educate employees about cybersecurity.

Here we have listed some tips to educate employees about cybersecurity –

Educate Employees About Social Engineering Activities

Cognize your employees about social engineering attacks. Tell them not to click on suspicious links and emails from unknown sources. If there is something wary about a certain website, blog, link or email and the sender is unknown then it is best to ignore them.

Train Employees At Top Level Of Management

Cybercriminals generally target employees at top level of management who have access to sensitive information and the level of financial damage is greater. So it is important to impart additional training to CEO’S, CFO’S and other employees at that level of hierarchy to safeguard company’s confidential information.

Back To Basics

Provide training about rules for web browsing, email, social networks etc. Through this training they would be able to know the potential ways in which a cyberattack can be made and also take preventive measures to avoid the same. Also, regularly test their cyber security knowledge.

Tell Them What To do In Case They Come Across Something Suspicious

If there is something your employees feel wary of, then they should immediately contact the IT employees who are trained in handling them. Also they should notify the administrator if they come across a suspicious email, link or unusual activity. In case something major happens then unplug machine from the network.

Create A Formal Plan

Have a pre-listed set of instructions about what to do if an employee witnesses a cyberattack. The employees should be well trained to handle this situation and should know what to do if they are hacked. IT team should also draft a formal plan for cybersecurity training, This plan should be reviewed and updated every now and then keeping in mind the latest attacks and risks.

Also, important & confidential passwords as well as information should not be shared with all your employees. Practice the golden rule of giving limited access to only trusted employees. This will ensure that only those people have access to company’s sensitive information who actually need it for performing their operations.

Thus, it is extremely important to train employees about cybersecurity in order to prevent a cyberattack. For more information on IT Security, call Centex Technologies at (254) 213-4740.

,

Safeguard Your Business From Cyber Attacks

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PDF VERSION: Safeguard Your Business From Cyber Attacks

, ,

Tips For Safer Online Banking

21st century man is highly reliant on internet and web services for performing most activities in order to save their time and effort. Internet has made things easier and banking sector has witnessed a major shift with online banking gradually replacing traditional banking systems. More and more people are opting for it, owing to the benefits it has. However, in the wake of increasing cyber-crimes, it has become important to perform online banking with utmost care. Here we have listed certain tips for a safer online banking experience as you would surely not want losing your hard earned money to the hands of hackers.

Opt For An Account With Two Factor Authentication –
You must choose a two factor authentication in some form or the other. Most banks today provide a unique code each time you decide to bank online. Apart from your login credentials you would require a one-time password or code which is valid for a short span of time to gain access to your online account. This ensures complete security.

Use Strong Passwords –
The key to safe transacting is a strong password that cannot be guessed easily. Use a combination of upper & lower case characters, numerals, symbols and special characters. Setting your name or birthdate as the password is nothing but an open invitation for hackers to gain access to your account. Try to change the password after every few months if your bank permits you to do so.

Keep Your System Secure & Updated –
It is essential to turn on firewalls and ensure that you have an antivirus software installed on your system. Since your system is exposed to a number of cyber and virus attacks such as malware, Trojans etc. it is important to take every possible step to prevent them from gaining access to your vital financial information.

Avoid Clicking Through Emails –
No financial institute would send you an email asking for your bank account or other important details. So, be wary of emails that masquerade themselves as an email from your bank and ask for your login credentials.

If you come across an email and sense suspicion then it is best to avoid them. It might just be a hoax email sent by an unknown sender with an intention to steal your valuable information such as username, password etc.

Don’t Forget To Log Out –
The smartest move is to log out your account after ending your online banking session. Clear off the cache when once you are done. This will prevent loss of vital information.

Account Notifications Are A Must –
Most banks nowadays offer an account notification facility to their customers. It is meant to notify and keep them updated about certain activities in their account.

Regular Monitoring –
Since online accounts can be accessed at any time, you must keep a check and monitor your accounts on regular basis. Go through the bank statement online and if you spot any anomalies then contact your bank immediately.

Access Your Accounts From A Safe Location –
Never log on to your bank account at a common computer that is shared by many people. Also do not use public Wi-Fi while banking online.

For more information, call Centex Technologies at (254) 213-4740.

, ,

How To Defend Yourself Against Adware

You might have come across a number of advertisements while browsing on web. Have you ever wondered why such advertisements pop up from nowhere and sometimes even crash the programs that might be running on your system.

Adware is nothing but an advertizing based software. The advertisements that are displayed on your screens may seem legit and harmless but can install adware into your computers. When once it is installed, it can track your personal information such as age, location, buying habits etc. Also it can gain access to your browser history which means your personal and confidential information is no more private. The main reason behind the whole mechanism is to fool you and make you install illegitimate programs that display hoax advertisements.

How Do You Know If Adware Is Installed In Your Computer?
You can identify if your computer has an adware in it or not. Here are some signs that you must lookout for –

  • You are subjected to a numerous number of pop- ups and advertisements.
  • The performance and speed of your computer becomes slow for absolutely no reasons.
  • An unfamiliar search bar appears in the web browser.
  • There is continuous change in the browser homepage.
  • You search for some website but you are redirected to another website.
  • Programs start crashing.

How To Defend Yourself –

  • Don’t download free programs as they can increase the chances of injecting adware to your system.
  • Install pop-up blockers to keep unnecessary advertisements at bay.
  • Be wary of files and links from untrusted sources. Make sure that you do not download or click them.
  • If you are suspicious of the content of a particular website then it is best to avoid it for security reasons, lest you will lose your important information and credentials.
  • Usually permission to install such adware’s is deeply embedded in the licensing agreement. So ensure that you read it thoroughly before granting any permission to install or download a particular program or file.
  • Do not click on forwarded emails and messages unless you are sure about the source from which it is sent.
  • Update your system regularly.
  • Install an appropriate anti-virus software.
  • Remove the cookies every now and then.
  • Install a firewall to stay away from such adware.
  • Do not click ‘OK’ or ‘YES’ without reading what a particular pop up says, as this sudden haste can lead to a multitude of problems.
  • Adjust your browser settings such that your internet zone setting is on medium security or above.
  • Do not install an unwanted program or software even if it is free.
  • Run an anti-adware software on regular basis to prevent any major issue.
  • If you witness a suspicious activity which can result in installation of adware or some malware onto your system, then it is best to turn off your computer using the power button.

It is extremely important to be aware about adware and the effect it can have. For more information on IT Security, call Centex Technologies at (254) 213-4740.

, ,