Three Ways Cyber Attackers Target You

Social engineering attacks, wherein adversaries deceive individuals into inappropriate actions, stand as among the most prevalent tactics employed by cyber attackers. This concept, leveraged by con artists and scammers throughout history, finds newfound potency in the digital age. The Internet enables cyber-criminals worldwide to assume various identities and target anyone with ease. Uncover prevalent social engineering techniques utilized by cyber attackers, and learn how to safeguard against them effectively.


SANS Institute puts on top notch security training.
They have a Monthly Security Awareness Newsletter called “Ouch!” that is short and easy to read.

Please share this with your family, friends and co-workers

https://www.sans.org/newsletters/ouch/top-ways-attackers-target-you/

Overview

Social engineering attacks, in which adversaries trick people into doing something they shouldn’t, are one of the most common methods that cyber attackers use to target people. The concept has been used by con artists and scammers for thousands of years. What is new is that the Internet makes it very easy for a cyber-criminal anywhere in the world to pretend to be anyone they want and target anyone they want. Below are the three most common types of social engineering methods that cyber attackers will use to try to engage and fool you.

Phishing

Phishing is the most traditional social engineering attack; it is when cyber attackers send you an email attempting to trick you into taking an action you shouldn’t do. It was originally called phishing because it was like fishing in a lake: You threw out a line and hook but had no idea what you would catch. The strategy behindthis tactic was that the more phishing emails cyber-criminals sent, the more people fell victim. The phishingattacks of today have become both far more sophisticated and targeted (sometimes called spear phishing), with cyber attackers often customizing their phishing emails before sending them.

Smishing

Smishing is essentially SMS-based phishing, in which a text message is sent instead of an email. Cyber attackers send text messages to your phone on apps such as iMessage, Google Messages or WhatsApp. There are several reasons why smishing has become popular. The first is that it’s much harder to filter out messaging attacks than it is to filter out email attacks. Second, the messages that cyber attackers send are often very short, meaning there is very little context which makes it much harder to determine if the message is legitimate or not. Third, messaging is often more informal and action-based, so people are used to quickly responding to or acting on messages. Finally, people are getting better and better at spotting phishing email attacks, so cyber attackers are simply shifting to a new method, messaging.

Vishing

Vishing, or voice-based phishing, is a tactic that uses a phone call or voice message rather than email or text message. Vishing attacks take far more time for the attacker to execute, as they talk directly to and interact with the victim. However, these types of attacks are also far more effective, as it is much easier to create strong emotions over the phone, such as a sense of urgency. Once a cyber attacker gets you on the phone, they will not let you get off the phone until they get what they want.

Spotting and Stopping These Attacks

Fortunately, it does not matter which of the three methods cyber attackers use, there are common clues you can spot:

  • Urgency: Any message that creates a tremendous sense of urgency in which attackers are trying to rush you into taking quick action and making a mistake. An example is a message claiming to be from the government, stating your taxes are overdue and if you don’t pay right away you will end up in jail.
  • Pressure: Any message that pressures an employee to ignore or bypass company security policies and procedures.
  • Curiosity: Any message that generates a tremendous amount of curiosity or seems too good to be true, such as an undelivered UPS package or a notice that you are receiving an Amazon refund.
  • Tone: Any message that appears to be coming from someone you know such as a coworker, but the wording does not sound like them, or the overall tone or signature is wrong.
  • Sensitive Information: Any message requesting highly sensitive information, such as your password or credit card.
  • Generic: A message coming from a trusted organization but uses a generic salutation such as “Dear Customer”. If Amazon has a package for you or phone service has a billing issue, they know your name.
  • Personal Email Address: Any email that appears to come from a legitimate organization, vendor, or co-worker, but is using a personal email address like @gmail.com or @hotmail.com. By looking for these common clues you can go a long way toward protecting yourself.

By looking for these common clues you can go a long way toward protecting yourself.

Lofgren IT Consulting is continuing to be open for business. Shane Lofgren can be available for remote support and on-site as needed.

On-site visits: Face masks are available and encouraged. Hands are sanitized between clients

Need to offer remote access for employees or online client counseling? Let’s make the transition smooth, easy and secure.

Offering support on existing network and computers, security reviews, website design and maintenance.

More articles below:

Shane Lofgren
Always Here To Help.

928-814-9744

slofgren@LofgrenIT.com

2920 N. Yuma Dr. Chino Valley, AZ 86323

2024-05-05T16:41:04-07:00

Lofgren IT Consulting

RECENT TWEETS

CONTACT US

  • 2920 N Yuma Dr., Chino Valley, AZ 86323
  • 928-814-9744
  • slofgren@LofgrenIT.com
Go to Top