The “humans” are the weakest link in creating safe and secured computer environments.
Most organizations concentrate on securing computers utilizing more and more sophisticated cybersecurity protection, but resources should be proportionally allocated to prevent human errors which result in 88% of data breaches.
It is not easy to eliminate human errors. We could not replace faulty human actions in the way we replace non-functional lightbulbs. But as with lightbulbs we can create maintenance steps that will reduce if not eliminate chances of human errors.
Knowing the steps that keep computer systems and data safe can be the difference between being a successful business or going under.
Today we will describe the most common mechanism used by cybercriminals to gain access.
Email Phishing
This is the most common and successful technique that is used by hackers to gain access to employee computers and/or to reveal their credentials. Email filters do a good job identifying spam content. But those filters have difficulty determining if well-engineered content authentically related to the business or in some cases designed to target specific individuals is malicious.
If the recipient opens a file attachment, clicks on a link to a malicious website or responds with login credentials, this activates the ability for hackers to access corporate computers.
How to spot Email Phishing
Email requests for urgent actions. Can be threatening if actions are not taken or loss of opportunity.
Bad Grammar and Spelling Mistakes. Many Phishing Emails originate from countries where English is not the first language.
Unfamiliar person name, Email address or Domain Names. Check that email originates from the stated organization you are familiar with. If there is a link, hovering the mouse over it will display URL information. Often the URL can appear very similar to authentic one. For example, instead of google.com, your email originated from gogle.co.
Suspicious Attachments. Attachments from outside the company should always be treated as suspect containing malware.
Email Requesting Computer or Application Credentials, Payment Information or Sensitive Data. IT or company employees would never request for such information via email. Beware of email pages that look like a login screen asking you to login to the applications.
Below is one example I received recently from “Home Depot”:
Hackers become more sophisticated in their abilities to target specific users. They can employ scans of your social media pages such as Facebook to find more information about you. Information on social media, such as names of your kids or pets can be used in messages targeting you.
Besides Email, other types of media are used in Phishing: Phone, SMS, Social Media.
Comments