Archive for February, 2018

Cyber Security Trends To Watch Out For In 2018

 

 

PDF VERSION: Cyber Security Trends To Watch Out For In 2018

 

,

No Comments

All About Spoofing Attacks Launched Through Emails

Spoofing is nothing but a form of cyber-attack in which the hackers camouflage their identity. The term spoofing means to deceive or trick and involves presenting a deceptive thing in the right & truthful way. In this, the hackers disguise their identity to beguile the user and inject malware into their systems. The most common way to launch a spoofing attack is through emails.

How Do Cybercriminals Spoof Emails –

The hacker generally spoofs the email address to makes it look genuine. They work on “From” field such that the sender’s name and email address appear to be legitimate & authentic. This is done so that the receiver opens up the mail thereby giving hackers an opportunity to inject virus.

Another high end attack called BEC (Business Email Compromise) is being initiated by the cyber attackers. It is generally targeted towards executives at the top level in order to gain access to their company’s confidential & sensitive information. The primary loophole is in the SMTP (Simple Mail Transfer Protocol) technology, as it does not verify the sender’s email address. Cybercriminals generally use services of a free SMTP server available online to spoof the email address in order to dupe the target user and steal their private & confidential login credentials.

Ways To Spot Spoofed Emails –

  • The best way to spot a spoofed email is by closely looking at the sender’s name and email id. Do not click any link in a mail that has some strange content that you are wary & suspicious of.
  • Gmail provides an additional security feature and allows the user to check ‘mailed-by’ and ‘signed-by’ fields apart from sender’s email id. If the fields are incomplete then there is high probability that the email is spoofed.
  • If the content in the email is strange and weird then ask for a confirmation by replying the email. Now the best part is that the reply you send is directed at the original address. If you get a genuine reply then its fine. Otherwise, you will get to know if the email was fake or genuine.

What To Do If You Detect A Spoofed Email –

  • If you spot a spoofed email then immediately inform your internet service provider.
  • Next change the passwords for all your email accounts.
  • Ensure that you have enabled sender & recipient filtering options.
  • Make sure that you do not respond to any email you receive from that fake email id in future.

How To Prevent A Spoofing Attack –

  • Don’t open emails that do not contain the sender’s name or are sent from an unknown source.
  • Update your system regularly.
  • Install a good anti-virus software.
  • Enable the feature that allows you to filter blank senders.

Other Common Types Of Spoofing –

  • Caller ID spoofing
  • GPS spoofing
  • Referrer spoofing
  • DNS spoofing
  • IP address spoofing

For more information on IT Security, call Centex Technologies at (254) 213-4740.

, ,

No Comments

Common Phishing Attacks And How To Protect Against Them

Phishing attacks are launched to steal sensitive user data comprising of passwords and important login credentials. The attacker generally masquerades itself as a legitimate sender and sends an email, message or link infected with malware. It is a type of social engineering attack that can have devastating results. There are numerous types of phishing attacks, here we have listed few:

Deceptive Phishing
It refers to an attack in which a hacker deceives the user by impersonating as a legitimate website but steals away a person’s personal information. An email with malicious content often posing as a threat or urgent message is sent to force the user to click it. For example, sometimes they send the user an email posing as a mail from their bank regarding some discrepancy in the account. The user, often in all the haste, clicks on the link and is directed to an illegitimate site that steals away their passwords & login credentials.

Spear Phishing
The hacker personalizes the attack. Emails are specifically addressed and have the target’s name, position, company name etc. mentioned in them to win the user’s trust. This is done to dupe the user and make them click on the malicious link. When once the user parts away with their confidential information, their login credentials and sensitive data is stolen.

Whaling
In this type of attack, the executives at the highest level are targeted. Generally the employees at top level do not undergo a security awareness training program which is why they are prone to cyber-whaling. An attempt is made to pitch the executives using specially designed emails or social engineered attacks. Then the attacker launches a BEC (Business Email Compromise) scam to use the executive’s email to initiate fraudulent wire transfer to a financial institution.

Pharming
This attack resorts to domain name system cache poisoning. The alphabetical website name is converted into numerical IP address which is used to locate computer devices. The attacker then directs the user to a malicious website even if the user entered a correct website name.

Mimic Phishing
An authentic website such as GoogleDocs, Dropbox etc. is mimicked to lure users to sign in. This way their passwords & login credentials are stolen.

How To Protect Yourself Against Such Attacks –

  • Carefully check the URL of the website before clicking on it.
  • Organizations must conduct employee training programs in which every employee should participate.
  • Companies must invest in software that have the ability to analyze inbound emails in order to keep a check over the malicious links/ email attachments.
  • Financial transactions should not be authorized through emails.
  • Only enter the websites that begin with – https as such sites are much secure.
  • Install a high quality anti-virus and update your system on a regular basis.
  • For more information on IT Security, call Centex Technologies at (254) 213-4740.

, , ,

No Comments

Tips For Educating Employees About Cybersecurity

Computers and smart devices have replaced traditional methods of operation at the workplace. Internet has taken over the charge and our world has become a global village. While we have been able to leverage numerous benefits from the technological advancement, complete cybersecurity is still a major question.

Cyberattacks pose a major threat, however not all cyberattacks can be blamed on outsiders. Some of them might just be launched due to the negligence of your employees. Businesses are increasingly becoming vulnerable due to insider threats and the lax attitude of employees. So, in the wake of high ended cyberattacks and with the growing BYOD culture it has become vital to educate employees about cybersecurity.

Here we have listed some tips to educate employees about cybersecurity –

Educate Employees About Social Engineering Activities

Cognize your employees about social engineering attacks. Tell them not to click on suspicious links and emails from unknown sources. If there is something wary about a certain website, blog, link or email and the sender is unknown then it is best to ignore them.

Train Employees At Top Level Of Management

Cybercriminals generally target employees at top level of management who have access to sensitive information and the level of financial damage is greater. So it is important to impart additional training to CEO’S, CFO’S and other employees at that level of hierarchy to safeguard company’s confidential information.

Back To Basics

Provide training about rules for web browsing, email, social networks etc. Through this training they would be able to know the potential ways in which a cyberattack can be made and also take preventive measures to avoid the same. Also, regularly test their cyber security knowledge.

Tell Them What To do In Case They Come Across Something Suspicious

If there is something your employees feel wary of, then they should immediately contact the IT employees who are trained in handling them. Also they should notify the administrator if they come across a suspicious email, link or unusual activity. In case something major happens then unplug machine from the network.

Create A Formal Plan

Have a pre-listed set of instructions about what to do if an employee witnesses a cyberattack. The employees should be well trained to handle this situation and should know what to do if they are hacked. IT team should also draft a formal plan for cybersecurity training, This plan should be reviewed and updated every now and then keeping in mind the latest attacks and risks.

Also, important & confidential passwords as well as information should not be shared with all your employees. Practice the golden rule of giving limited access to only trusted employees. This will ensure that only those people have access to company’s sensitive information who actually need it for performing their operations.

Thus, it is extremely important to train employees about cybersecurity in order to prevent a cyberattack. For more information on IT Security, call Centex Technologies at (254) 213-4740.

,

No Comments