With tensions rising in the Middle East, the nation is on alert for increased cyber threats. Texas Governor, Greg Abbott reported yesterday that there have been as many as 10,000 attempted attacks per minute from Iran on state [TX] agency networks in the last 48 hours according to the Texas Department of Information Resources.
While the current political climate is certainly unique, the threat of cyber attacks is not. According to FBI statistics, the frequency of cyber-attacks has increased to approximately 4,000 per day since 2016. Unfortunately, since many of these are targeting small and mid-size businesses, a lot of these attacks do not warrant media coverage, leading people to believe only large corporations or entities are at risk.
Because so many of us rely on technology for personal and professional use, it’s important to be hyper aware of these threats and the best methods of avoiding a potential breach. Social engineering is becoming one of the most popular tactics by cyber criminals, because they exploit human psychology in order to trick people into handing over sensitive information like bank accounts, contact information, credit card numbers, and more.
According to a recent article by David Bisson on Tripwire, here is an outline of five of the most common social engineering attacks to watch out for:
- Phishing – Many of us are familiar with phishing because it is currently the most common form of social engineering attacks. Cyber criminals use emails to infiltrate a system by spoofing legitimate business accounts and attempt to have the recipient click on links that can direct them to a phishing site or immediately download malicious software that can take over the system. These emails oftentimes incorporate threats or a sense of urgency to manipulate the user into responding quickly before identifying the false request or email. These attempts are usually intended to obtain personal information like names, addresses, Social Security numbers, or financial account information.
- Pretexting – These types of scams attempt to manipulate the recipient into providing valuable personal and private information by requesting data validation or impersonating colleagues in order to build a false sense of trust with the victim. In fabricating a scenario, such as a CEO directing an individual to quickly have funds wired to a certain account, cyber criminals assimilate into the recipient’s standard work environment and make it very difficult to decipher if the request is in fact valid.
- Baiting – Baiting is similar to phishing attacks, but these schemes tend to offer an incentive for the recipients’ participation in order to encourage them to click links or provide information For example, some cyber criminals will use the offer of free music or movie downloads to trick users into sharing their login credentials. This can also take place through physical media, where criminals can mail devices like CDs or USBs to targets in the hopes that the recipient will automatically utilize these items out of curiosity, giving them direct access to systems through hardware.
- Quid Pro Quo – Quid Pro Quo attacks are similar to baiting, however these generally assume the form of a service instead of an actual item. For example, a case detected by the Federal Trade Commission was centered on an illegitimate website offering people the opportunity to apply for new Social Security Cards, where the cyber criminals just took the information provided by the visitors and used it to perform identity theft.
- Tailgating – Tailgating is a physical form of an attack where a cyber criminal will actually follow an employee or company affiliate into a building, bypassing any security measures that would have prevented them from gaining access to the property. For example, if a cyber criminal closely follows a legitimate employee into a building entrance and asks them to hold the door, they can avoid entering security codes, using keys, or other security methods implemented by a company. By gaining physical access to a location, cyber criminals can oftentimes infiltrate systems or execute various software attacks from within.
While many of these tactics are similar, they can be executed in a number of different ways. In order to protect yourself and your organization from these types of attacks, there are a few good rules of thumb to keep in mind.
- Do not open any emails from untrusted sources. Contact the recipient directly by phone or through a new email to confirm its legitimacy, and when in doubt – delete it. If it is in fact a real email, there will most likely be a follow-up.
- Do not give random offers the benefit of the doubt. If you are receiving an offer that seems too good to be true, it usually is.
- Lock your laptop whenever you are away from your workstation to ensure it can’t be accessed by anyone else.
- Purchase anti-virus software. While these software programs aren’t foolproof, they can provide your first line of defense against a cyber attack.
Interested in learning more about your potential exposures to a cyber attack? Questions about cyber coverage in general? Contact us using the form below.