As technology becomes more powerful and more advanced, we face greater threats than ever before. Some may argue that with the development, we will be better at facing these problems, credit given heavily to anti-breaching and anti-virus software.
Keep in mind that Cybersecurity goes beyond just software/hardware-based protection, and looking at the statistics these days, those products and services do their job extremely well, by detecting malware, entry attacks, and other malicious attempts at disrupting the systems or worst, stealing of important information that may cost a lot of money for the victims.
Cybercriminals employ easy-to-replicate attacks such as email attacks to try and pry information and steal money from their receiver. These attacks are known as phishing.
These types of attacks are generally made to mimic (in most cases) highly sophisticated spoofed emails from institutions and individuals to trick them into sharing information unwittingly.
In our previous article, we discussed the 6 ways to secure yourself online (link to article). Today, we will discuss some tips on staying vigilant.
Spotting the casted line-and-hook
There are several red flags in a social engineering attack some of which are:
- crafted emails – riddled with grammatical errors, incoherent sentences, poor formatting, etc.
- “Hi, I’m from <insert corporation name here> and…” sent from abc@a public domain.com – would a multi-billion dollar entity not want their representatives to wear their name as a tag as their email domain?
- “I’m an important person from a certain country. I need help to transfer $xxx of funds…” – A person from their home country, for example, their supporters, would be more of easy help.
- Invoices – Interestingly, another printer company is sending you the invoices when you are using a different brand, is it not?
- Google doc invite – yes, you read that right. A google doc invite scam is one of the most high-profile and latest phishing attacks, where the email mimics a google doc invitation. The link takes you to a landing page that looks exactly like that of Google. Once you submit your credential, the attackers have complete access.
The follow-up action
So now you have been equipped with the basic knowledge of how to spot these social engineering attacks, here are some easy actions to take:
- Pay close attention to the emails – Real simple. If the deal is too good to be true, it probably is. If you are not using the service, ignore the emails. If it is in a public domain, delete the email. If the mail is from a prince, best to stay away.
- Exercise discretion – If the email looks like it is from someone you know, perhaps an invitation to collaborate, consult if they did indeed send the email. If they did not, you should not engage in any way.
- Report it – especially if the mail is sent to your work email. It is time for your IT team or yourself to start tracking for leaked breaches.
- Stay aware – since the cyber landscape is ever-evolving, it is best to stay up-to-date with the latest methods of infiltration by cyber criminals to protect you and your organisation.
As Warren Buffet said, “It’s much easier to stay out of trouble now than to get out of trouble late.”