Criminals are always preparing for the next major event from which to hitch a ride and launch an attack in an effort to dupe us into believing their lies. What is it about these attacks that manage to fool so many people and what can we do to protect ourselves?
1. Top of the list is the plain old phishing attack. Primarily to steal our credentials, we’ve all be warned about them and smiled smugly as we’ve deleted the ones from Nigeria telling us we’re just a click away from becoming millionaires. Yet for some reason if the scammers manage to strike a chord with the recipient, a case in point is the recent World Cup lottery examples, people will drop their guard and click on the link.
2. A fairly new scam doing the rounds is the faked communication from the IT department asking staff “to upgrade” their system with a link harboring malicious malware waiting to download directly to the “always does as he’s told’ employee’s device.
3. The “official’ phishing attack pertaining to be from a well known bank, government department such as HMRC tax form / refund etc or other authoritative. This type of attack can take a number of formats but all have the same thing in common – they’re extremely well executed. Criminals will painstakingly recreate letterheads, legitimate looking email addresses and domain names with the sole purpose of tricking you into believing their legitimacy. What they’re really after is your credentials.
4. The Domain Name scam primarily targets business/domain owners. There are two types of attack: 1) to make you buy more domain names than you need for fear of losing them and 2) to make you pay to renew your domain name, effectively transferring it to the scammers, and leaving yourself open to being held ransom over your domain name.
Here is a checklist for you to follow that will help you stay one step ahead of the criminals and their increasingly sophisticated communications:
1. Make sure you are always up to date with the latest operating system, browser and security software. As you’ll come to see you need to be cautious of unsuspectingly downloading malware so always use a reputable site, such as Adobe, Microsoft, etc.
2. When surfing the internet, keep your “gut instinct’ radar tuned in and try to avoid questionable sites. It’s worth noting that, even if a site is returned by a search engine – even the reputable ones, you should still exercise caution when visiting them as it is possible for any site to harbor malicious code and its better to be safe than sorry. In fact, a perfectly legitimate site with inadequate protection is perfect prey for a hacker who installs malicious code to steal credentials, often for a short period of time then slips away undetected. Always check the address bar at the top of the screen states https:// before entering any log in details or submitting personal information, especially credit card details. With newer browsers this domain bar will be green for safe sites with [red] warning that the site really shouldn’t be trusted.
3. Always question the legitimacy of attachments to emails, even from close friends and family, as they may unwittingly be passing on a virus.
4. Exercise caution when downloading software from the internet especially from sites that you’re unfamiliar with. It is worth doing a little background on the forums to make sure that the software hasn’t been previously discussed as potentially hazardous.
5. Be suspicious of emails claiming to be from your bank, IT department, Microsoft or other software vendor etc asking you to execute files unless you are expecting a communication of this nature. If in doubt visit their websites/departments, although not through any embedded links within the communication, and check to see if there have been any reports of these messages as fraudulent.
6. By the same token if you receive an email that claims to be from your bank, IT department, Microsoft or other software vendor etc asking you to disclose personal information – even what looks like a legitimate email from IT asking for your password alarm bells should be sounding. None of these organizations will ever ask you to disclose your password.
7. As alluded to in tip 5, never click on a link in an unsolicited email especially one that requires you to “update your details’.
I’m sure, having read this list, there will be some of you that think you’ll never fall foul of another scam again, and that’s great. There will be others who question why we haven’t suggested the use of anti-virus software while the majority of you will probably be thinking that this advice is not foolproof and it’s just a matter of time before I slip up and fall foul of a cybercriminal.