Navigating the cyber threat environment is scary business. With Halloween and all of its ghostly, ghoulishness upon us, this is the perfect time to assess the threats in your environment and your ability to ward them off.
Modern hackers have plenty of “tricks” (and, sadly, very few treats) up their sleeve to deceive employees into opening doors to networks and bypassing conventional security solutions. These include:
Phishing is particularly cunning. According to CloudPages, there are three types of phishing scams, and all involve trickery of some sort:
The most common phishing technique? Deceptive phishing — a scam that sends email messages that appear to be from a recognized source, asking potential victims to confirm personal information or log-in through a different portal. Often, the emails come with a sense of urgency – warning either of potential charges or benefits if the recipient doesn't click.
Spear phishing may be the trickiest phishing tactic of all, since scammers use easily accessible personal information gleaned from social media and other sources to direct their request to specific targets, scoped out in advance. Experts advise being on the lookout for alarming threats that are designed to make you panic and respond based on fear.
The third type of phishing scam is CEO fraud. It scams anyone within a company who has the power to enact payments or provide vital information. Cyber criminals assume the identity of an authority figure within an organization and request a payment by making a request to the accounting department.
Similar to phishing (but perhaps more alarming) is whaling — a more advanced, nefarious method for stealing data. According to Government Technology, instead of employees clicking on links or becoming infected with malware, the criminals conduct extensive surveillance and gain the required internet credentials. Then a targeted end user is tricked into making a fund transfer or authorizing a pending transaction based on an email from their CEO’s personal email account. Super scary stuff.
A third frightening cyber threat is evasive malware. In this type of corporate trickery, malware avoids detection by confusing common security tools like signature-based antivirus software into thinking it’s safe. What’s spooky about this type of malware is its ability to behave in benign ways while being observed.
To safeguard data and systems, companies need to have protective measures