How can we help?
Table of Contents
< All Topics
Print
Posted
Updated

Cybersecurity Awareness Training

Cybersecurity is a procedure and strategy associated with ensuring the safety of sensitive information, PC frameworks, systems, and programming applications from digital assaults. Cyber assaults is general phrasing that covers an enormous number of themes, however, some of the common types of assaults are:

  • Altering frameworks and information existing in it;
  • Abuse of assets;
  • Unapproved access to framework and getting to delicate data;
  • Jeopardizing typical working of the business and its procedures; and
  • Utilizing ransomware assaults to scramble information and coerce cash from casualties.

Through the years, these assaults have become increasingly inventive and complex and are now equipped with disturbing security and hacking of frameworks. This is why it is tiring for businesses and security experts to defend against these assaults.

For example:

Just one innocent-looking – but malicious – email can cost a business millions of dollars and disrupt its continuity. Add to that the sophisticated email attacks and the meticulous social engineering techniques used, and we have a recipe for potential cyber disaster. So, besides deploying the best email security solution available, companies should educate their employees about email schemes to create a first line of defense against these attacks.

Phishing Attacks and How to Identify them

Phishing

Phishing is a kind of cyberattack that steals users’ information including login details and credit card numbers. Most data breaches involving scams seeking to steal people’s sensitive information or login credentials are phishing attacks. They can be carried out with the help of using fake emails and cloning legitimate websites and tricking the user into revealing sensitive information.

 

A phishing attack is a social engineering attack performed over email or some other communication platform. These attacks are designed to get someone to click on a link, download an attachment, share sensitive data, or take some other damaging action.

How do phishing attacks work?

  1. Attackers change the login page such that it seems legitimate and it points to a credential-stealing script.
  2. Hackers combine the modified files into a zip file to create a phishing kit.
  3. Cybercriminals then upload the phishing kit to a compromised website where they unzip files.
  4. The “phished” email is sent with a link that points to a new fake website.
  5. Hackers clone legitimate websites.

Phishing attacks can come in a variety of different forms. Some common examples include:

  • Account Issues: A common phishing tactic is to tell someone that there is an issue with one of their online accounts (Amazon, Netflix, PayPal, etc.), prompting the victim to rush to click the link and fix the problem. The attacker then collects their login credentials.

  • Business Email Compromise (BEC): A BEC attack is a classic example of using authority to phish for sensitive credentials. The attacker will impersonate someone important within an organization (e.g. CEO, management, etc.) and instruct the target to take a harmful action, like sending money to an account that an attacker controls.

  • Fake Invoice: The attacker may masquerade as a vendor seeking payment for an outstanding invoice. This scam is either designed to have the victim send money to the attacker or to get them to download and open an attachment containing malware.

  • Shared Cloud Documents: Cybercriminals often take advantage of cloud-based document sharing to bypass Office 365 security and other built-in security solutions. Often, tools such as Office 365 will verify that a link is legitimate but may fail to check that the shared document does not contain malicious content. Alternatively, an attacker may pretend to be sharing a document and show a page that requires the victim to enter their login credentials then sends them to the attacker.

Many of these emails are designed to look just like a legitimate email. It’s important to take a second look to validate an email before trusting it.

What to look for in a malicious(Phishing) email

Obviously, phishing emails are designed to look as plausible as possible in order to maximize their probability of tricking the victim. However, there are some warning signs that point to a malicious email:

  • Sender Address: Phishers will commonly use email addresses that look like a trusted or legitimate one in their attacks. Always check the sender’s address for errors, but remember that an attacker may have compromised the real account and is using it for their attack. 

See email below:

The first discrepancy you’ll see relates to the name of the sender and the email address. Their display name and the body of the email claim that the email is from American Express. However, the email address is unrelated to the credit card company: administraciones@pentagon-seguridad.cl. Considering that the domain name of American Express is americanexpress.com, this means that a legitimate email would come from an address at that domain and not “pentagon-seguridad.cl.”

  • Salutation: Most companies personalize their emails by addressing them to their recipient by name, but a phisher may not know the name that goes with a particular email address. If a salutation is overly general – like “Dear Customer” – it may be a phishing email.

See email below:

Legit companies usually call you by your name. Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.” If a company you deal with required information about your account, the email would call you by name and probably direct you to contact them via phone.

  • Tone and Grammar: Often, a phishing email won’t sound right and will include spelling and grammar issues. If an email seems off-brand for the sender, it’s probably malicious.

See email below:

Possibly the easiest way to recognize a scammy email is bad grammar. An email from a legitimate organization should be well written. Little known fact – there’s actually a purpose behind bad syntax. Hackers generally aren’t stupid. They prey on the uneducated believing them to be less observant and thus, easier targets.

  • Mismatched Links: You can check the target of a link in an email on a computer by hovering over it with your mouse. If the link doesn’t go where it should, the email is likely to be malicious.

See sample email below:

  • Odd Attachment Types: Phishing emails are frequently used to spread malware. If you receive an “invoice” that is a ZIP file, an executable, or something else unusual, then it’s probably malware.

See email below:

Unsolicited emails that contain attachments reek of hackers. Legitimate institutions don’t typically send you random emails with attachments but will instead direct you to download documents or files on their own website.

Like the tips above, this method isn’t foolproof. Sometimes companies that already have your email will send you information, such as a white paper, that may require a download. In that case, be on the lookout for high-risk attachment file types include .exe, .scr, and .zip. (When in doubt, contact the company directly using contact information obtained from their actual website.)

  • The Push: Phishing emails are designed to get the victim to do something. If an email elicits a sense of urgency or pushes a particular action, then it may be malicious.

See email below:

Reminder from the National Privacy Commission on personal information controllers regarding the use of the CC feature in email communications.

Kindly read the file.

Evaluation Form for Cybersecurity
Click or drag a file to this area to upload.
If you still can't find an example, attach a screenshot of a white space and send it as the attachment.

This quiz is for logged in users only.


This quiz is for logged in users only.