Learn about the latest online scams and what you should know to ensure safe Internet browsing.
Phishing is an attempt to trick users into sharing personal details or login credentials.
Attackers may do this by encouraging the user to respond to the email, or by asking them to access a fraudulent website that prompts them to share information.
While most phishing attempts are quite obvious, some are quite convincing and contain details that would seem very difficult to know.
Phishing — What to look for?
- Who sent the e-mail? Did it come from a Mount Allison account or somebody you know?
- Note: Even if it comes from a Mount Allison account it can still be spam. When one account is compromised, the hacker / phisher can send e-mails from the user's account.
- Does the e-mail ask for personal information?
- Does the e-mail ask you to follow a hidden link/short URL?
- Does it demand “URGENT” action?
- Does it make you think twice?
Spear phishing is more targeted. Cyber criminals who use spear-phishing tactics segment their victims, personalize the e-mails, impersonate specific senders, and use other techniques to bypass traditional e-mail defenses.
It uses data usually collected off social media or other open sources to use information that makes it seem believable that the scammer is legitimate.
Spear-phishers study their victims in advance, learning names, organizational structure, and even workplace culture to try to keep the victim from raising red flags.
Ransomware is a type of malware that restricts access to your computer or your files and displays a message that demands payment in order for the restriction to be removed. The two most common means of infection appear to be phishing e-mails that contain malicious attachments and website pop-up advertisements.
The 2017 Ransomware Report shows that companies and government agencies are overwhelmed by frequent, severe ransomware attacks, which have now become the #1 cyber threat to organizations.
Ransomware will display a notification stating that your computer or data has been locked and demand a payment be made in order to regain access. Sometimes the notification states that authorities have detected illegal activity on your computer and that the payment is a fine to avoid prosecution.
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
It's the art of gaining access to buildings, systems or information by exploiting human psychology, rather than breaking in, or using technical hacking techniques.
- The attacker will reach out to you under a pretext, which can be very believable depending on how much effort they put into researching you. This pretext can then be used as a hook to verify information they already have, or gain new information. The attackers might also leverage information they previously acquired to give the impression that, since they are authorized to know what they already know, they are authorized to know more.
- For example, knowing about a recent Internet outage at your office, a clever attacker might call you for a follow-up or even show up in person to gain valuable insights into how your network is secured — and where it’s vulnerable.
A Trojan horse is a malicious program that is disguised as, or embedded within, legitimate software. It is an executable file that will install itself and run automatically once it's downloaded.
A Trojan horse may not be a term you're familiar with, but there's a good chance you or someone you know has been affected by one.
What can it do?
- Delete your files.
- Use your computer to hack other computers.
- Watch you through your web cam.
- Log your keystrokes (such as a credit card number you entered in an online purchase).
- Record usernames, passwords, and other personal information.
A virus is a malicious computer program that are often sent as an e-mail attachment or a download with the intent of infecting your computer, as well as the computers of everyone in your contact list. Just visiting a site can start an automatic download of a virus.
What can it do?
- Send spam.
- Provide criminals with access to your computer and contact lists.
- Scan and find personal information like passwords on your computer.
- Hijack your web browser.
- Disable your security settings.
- Display unwanted ads.
One of the greatest threats to network security has nothing to do with software and everything to do with people. It’s the users who manage and depend on the network who often put it at greatest risk.
People threaten security when they make mistakes, such as:
- Ignoring e-mail security. At least one person can be tricked into opening a malicious attachment or link.
- Using outdated software. People continue using software that has reached end-of-life and is no longer supported by the vendor.
- Choosing bad passwords. Malware developers count on people to use the default passwords that are identical across thousands of devices.
Mistakes can be reduced and security can be improved.