October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes
- Week 1: You Got Phished
- Week 2: Where, Why and How It Happens
- Week 3: Prevention
- Week 4: Putting It All Together
This week’s theme, “Where, Why and How It Happens”, focuses on what phishing is, where it happens, the motivation behind cyber threats and how it works.
What is Phishing?
Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.
What are the different types of phishing?
Phishing can take on many different forms, as well as come from a variety of mediums including email, phone, online shopping, gaming, social media, and direct messages. The following is a quick overview of the most common types of phishing campaigns that cybercriminals use to steal your information.
Smishing
Smishing is a phishing attempt that occurs through text message (SMS) and involves a cybercriminal impersonating someone to steal information from you. In many cases, smishing messages contain a link they are trying to get you to click on.
To protect yourself against smishing attacks, always be cautious about the messages you receive from people you do not recognize. If you are unsure, try to verify the information and confirm if the identity they are taking on is legitimate. For example, if you receive a message claiming to be your school, call your school using the contact information available on their official website and verify whether the request is real or smishing.
Spear Phishing
Spear phishing is a message that is tailored to the target's potential line of work, interests, and/or personal characteristics. To do this, cybercriminals conduct research about their victims and use their findings to make their messages seem authentic. They then send these spear phishing attempts disguised as a credible source, with the subject being something relevant to their victims in hopes to increase the success rate of their attempts. When successful, victims hand over their personal information, such as a credit card number, to the cybercriminal.
Whaling
Whaling attacks are sophisticated messages that target high-profile victims who have the authority to issue large payments. Whaling attempts are designed to trick these victims into thinking they must make a payment to another organization, but in reality, the payment is directed to the pockets of the cybercriminal.
Phishing Trends
Now that you know the various types of phishing, it’s important to be aware of phishing trends so that you can spot any potential attempts.
Banking Scams
Cybercriminals will pose as your financial institution and send urgent, or too good to be true messages in hopes of their victims taking action. If you receive a phone call, email, or message that asks you to claim the money in exchange for verifying your credit card number or asking you to pay for outstanding banking fees, be wary and do not give over your information. Always verify with your banking institution by visiting in person, or calling the phone number listed on their official website to verify if the request is legitimate.
Romance Scams
There is plenty of phish in the sea! Looking for companionship online has been made easy with the help of dating websites and apps, but sometimes profiles are too good to be true. Romance scams happen often when a cybercriminal creates a fake profile with the goal of taking advantage of someone looking for romance.
To avoid becoming a victim of a romance scam, always be cautious about what information you share on dating websites and apps. Never give your personal information such as your SIN number, banking information, or even the answers to security questions such as your mother’s maiden name.
Event-Based Scams
Event-based scams happen when cyber criminals take advantage of events, such as a concert or sports games, to steal information and money from their victims. When it comes to phishing, cyber criminals will typically send out messages posing as event organizers and include a link. When the link is clicked, you are likely to be prompted to enter sensitive data such as a credit card number or credentials to your financial institution.
Spoofing is a tactic that is often used with event-based scams, which is when a cybercriminal will create a fake look-alike website or app to trick users into making fake purchases. Be sure to guard your personal information and always verify that the websites you are using to purchase event tickets are legitimate.
Malware and Ransomware
Malware is one of the most common ways people experience a cyber attack. Malware is software specifically designed to interfere with, damage, or gain unauthorized access to a computer system. If your device is infected, it can cause freezing and crashing, poor performance, unwanted pop-ups, and toolbars, and even send out unwanted emails.
Malware presents itself in many forms, including viruses, worms, trojan horses, spyware and adware, and ransomware.
With a ransomware attack, access to your computer or electronic device is blocked until a ransom is paid to the cybercriminal. These common forms of malware are sometimes difficult to recognize. The following best practices can help you protect your computer system against malware:
- Install and use anti-virus software
- Avoid suspicious links and email attachments
- Download only from trusted sources
- Use a VPN on unsecured networks like public Wi-Fi
Beware of Social Engineering
A social engineering attack is a web user is tricked into doing something dangerous online. There are various types of social engineering attacks, with a prominent form of it being phishing. Always think twice before you share your information online and take actionable steps to protect your devices against phishing, malware, and ransomware.
Stay Cyber Safe
Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe.
(Originally published on 10.12.22)
No comments:
Post a Comment