The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

All About Spoofing Attacks Launched Through Emails

By

On February 26, 2018

In Security

Spoofing is nothing but a form of cyber-attack in which the hackers camouflage their identity. The term spoofing means to deceive or trick and involves presenting a deceptive thing in the right & truthful way. In this, the hackers disguise their identity to beguile the user and inject malware into their systems. The most common way to launch a spoofing attack is through emails.

How Do Cybercriminals Spoof Emails –

The hacker generally spoofs the email address to makes it look genuine. They work on “From” field such that the sender’s name and email address appear to be legitimate & authentic. This is done so that the receiver opens up the mail thereby giving hackers an opportunity to inject virus.

Another high end attack called BEC (Business Email Compromise) is being initiated by the cyber attackers. It is generally targeted towards executives at the top level in order to gain access to their company’s confidential & sensitive information. The primary loophole is in the SMTP (Simple Mail Transfer Protocol) technology, as it does not verify the sender’s email address. Cybercriminals generally use services of a free SMTP server available online to spoof the email address in order to dupe the target user and steal their private & confidential login credentials.

Ways To Spot Spoofed Emails –

  • The best way to spot a spoofed email is by closely looking at the sender’s name and email id. Do not click any link in a mail that has some strange content that you are wary & suspicious of.
  • Gmail provides an additional security feature and allows the user to check ‘mailed-by’ and ‘signed-by’ fields apart from sender’s email id. If the fields are incomplete then there is high probability that the email is spoofed.
  • If the content in the email is strange and weird then ask for a confirmation by replying the email. Now the best part is that the reply you send is directed at the original address. If you get a genuine reply then its fine. Otherwise, you will get to know if the email was fake or genuine.

What To Do If You Detect A Spoofed Email –

  • If you spot a spoofed email then immediately inform your internet service provider.
  • Next change the passwords for all your email accounts.
  • Ensure that you have enabled sender & recipient filtering options.
  • Make sure that you do not respond to any email you receive from that fake email id in future.

How To Prevent A Spoofing Attack –

  • Don’t open emails that do not contain the sender’s name or are sent from an unknown source.
  • Update your system regularly.
  • Install a good anti-virus software.
  • Enable the feature that allows you to filter blank senders.

Other Common Types Of Spoofing –

  • Caller ID spoofing
  • GPS spoofing
  • Referrer spoofing
  • DNS spoofing
  • IP address spoofing

For more information on IT Security, call Centex Technologies at (254) 213-4740.

Common Phishing Attacks And How To Protect Against Them

By

On February 21, 2018

In Security

Phishing attacks are launched to steal sensitive user data comprising of passwords and important login credentials. The attacker generally masquerades itself as a legitimate sender and sends an email, message or link infected with malware. It is a type of social engineering attack that can have devastating results. There are numerous types of phishing attacks, here we have listed few:

Deceptive Phishing
It refers to an attack in which a hacker deceives the user by impersonating as a legitimate website but steals away a person’s personal information. An email with malicious content often posing as a threat or urgent message is sent to force the user to click it. For example, sometimes they send the user an email posing as a mail from their bank regarding some discrepancy in the account. The user, often in all the haste, clicks on the link and is directed to an illegitimate site that steals away their passwords & login credentials.

Spear Phishing
The hacker personalizes the attack. Emails are specifically addressed and have the target’s name, position, company name etc. mentioned in them to win the user’s trust. This is done to dupe the user and make them click on the malicious link. When once the user parts away with their confidential information, their login credentials and sensitive data is stolen.

Whaling
In this type of attack, the executives at the highest level are targeted. Generally the employees at top level do not undergo a security awareness training program which is why they are prone to cyber-whaling. An attempt is made to pitch the executives using specially designed emails or social engineered attacks. Then the attacker launches a BEC (Business Email Compromise) scam to use the executive’s email to initiate fraudulent wire transfer to a financial institution.

Pharming
This attack resorts to domain name system cache poisoning. The alphabetical website name is converted into numerical IP address which is used to locate computer devices. The attacker then directs the user to a malicious website even if the user entered a correct website name.

Mimic Phishing
An authentic website such as GoogleDocs, Dropbox etc. is mimicked to lure users to sign in. This way their passwords & login credentials are stolen.

How To Protect Yourself Against Such Attacks –

  • Carefully check the URL of the website before clicking on it.
  • Organizations must conduct employee training programs in which every employee should participate.
  • Companies must invest in software that have the ability to analyze inbound emails in order to keep a check over the malicious links/ email attachments.
  • Financial transactions should not be authorized through emails.
  • Only enter the websites that begin with – https as such sites are much secure.
  • Install a high quality anti-virus and update your system on a regular basis.
  • For more information on IT Security, call Centex Technologies at (254) 213-4740.

Tips For Educating Employees About Cybersecurity

By

On February 14, 2018

In Security

Computers and smart devices have replaced traditional methods of operation at the workplace. Internet has taken over the charge and our world has become a global village. While we have been able to leverage numerous benefits from the technological advancement, complete cybersecurity is still a major question.

Cyberattacks pose a major threat, however not all cyberattacks can be blamed on outsiders. Some of them might just be launched due to the negligence of your employees. Businesses are increasingly becoming vulnerable due to insider threats and the lax attitude of employees. So, in the wake of high ended cyberattacks and with the growing BYOD culture it has become vital to educate employees about cybersecurity.

Here we have listed some tips to educate employees about cybersecurity –

Educate Employees About Social Engineering Activities

Cognize your employees about social engineering attacks. Tell them not to click on suspicious links and emails from unknown sources. If there is something wary about a certain website, blog, link or email and the sender is unknown then it is best to ignore them.

Train Employees At Top Level Of Management

Cybercriminals generally target employees at top level of management who have access to sensitive information and the level of financial damage is greater. So it is important to impart additional training to CEO’S, CFO’S and other employees at that level of hierarchy to safeguard company’s confidential information.

Back To Basics

Provide training about rules for web browsing, email, social networks etc. Through this training they would be able to know the potential ways in which a cyberattack can be made and also take preventive measures to avoid the same. Also, regularly test their cyber security knowledge.

Tell Them What To do In Case They Come Across Something Suspicious

If there is something your employees feel wary of, then they should immediately contact the IT employees who are trained in handling them. Also they should notify the administrator if they come across a suspicious email, link or unusual activity. In case something major happens then unplug machine from the network.

Create A Formal Plan

Have a pre-listed set of instructions about what to do if an employee witnesses a cyberattack. The employees should be well trained to handle this situation and should know what to do if they are hacked. IT team should also draft a formal plan for cybersecurity training, This plan should be reviewed and updated every now and then keeping in mind the latest attacks and risks.

Also, important & confidential passwords as well as information should not be shared with all your employees. Practice the golden rule of giving limited access to only trusted employees. This will ensure that only those people have access to company’s sensitive information who actually need it for performing their operations.

Thus, it is extremely important to train employees about cybersecurity in order to prevent a cyberattack. For more information on IT Security, call Centex Technologies at (254) 213-4740.

Safeguard Your Business From Cyber Attacks

By

On January 31, 2018

In Security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

PDF VERSION: Safeguard Your Business From Cyber Attacks

Tips For Safer Online Banking

By

On January 30, 2018

In Security

21st century man is highly reliant on internet and web services for performing most activities in order to save their time and effort. Internet has made things easier and banking sector has witnessed a major shift with online banking gradually replacing traditional banking systems. More and more people are opting for it, owing to the benefits it has. However, in the wake of increasing cyber-crimes, it has become important to perform online banking with utmost care. Here we have listed certain tips for a safer online banking experience as you would surely not want losing your hard earned money to the hands of hackers.

Opt For An Account With Two Factor Authentication –
You must choose a two factor authentication in some form or the other. Most banks today provide a unique code each time you decide to bank online. Apart from your login credentials you would require a one-time password or code which is valid for a short span of time to gain access to your online account. This ensures complete security.

Use Strong Passwords –
The key to safe transacting is a strong password that cannot be guessed easily. Use a combination of upper & lower case characters, numerals, symbols and special characters. Setting your name or birthdate as the password is nothing but an open invitation for hackers to gain access to your account. Try to change the password after every few months if your bank permits you to do so.

Keep Your System Secure & Updated –
It is essential to turn on firewalls and ensure that you have an antivirus software installed on your system. Since your system is exposed to a number of cyber and virus attacks such as malware, Trojans etc. it is important to take every possible step to prevent them from gaining access to your vital financial information.

Avoid Clicking Through Emails –
No financial institute would send you an email asking for your bank account or other important details. So, be wary of emails that masquerade themselves as an email from your bank and ask for your login credentials.

If you come across an email and sense suspicion then it is best to avoid them. It might just be a hoax email sent by an unknown sender with an intention to steal your valuable information such as username, password etc.

Don’t Forget To Log Out –
The smartest move is to log out your account after ending your online banking session. Clear off the cache when once you are done. This will prevent loss of vital information.

Account Notifications Are A Must –
Most banks nowadays offer an account notification facility to their customers. It is meant to notify and keep them updated about certain activities in their account.

Regular Monitoring –
Since online accounts can be accessed at any time, you must keep a check and monitor your accounts on regular basis. Go through the bank statement online and if you spot any anomalies then contact your bank immediately.

Access Your Accounts From A Safe Location –
Never log on to your bank account at a common computer that is shared by many people. Also do not use public Wi-Fi while banking online.

For more information, call Centex Technologies at (254) 213-4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)