For businesses who engage with technology and online services, a comprehensive cyber solution is vital for not only protecting your business but also creating a more efficient and productive working environment. The benefits of company-wide IT security solutions are extensive. These include the protection of networks and data, reduction of fraud, theft and data leaks, enhanced productivity and reduced potential for financial loss.
Even with the most technologically advanced cybersecurity systems available, it’s important to understand how and where common security breaches can still occur. Two examples of how security breaches can occur is via hacking and phishing. But what is hacking and phishing? Put simply, hacking is considered to be unauthorised access to a computer or network. Hackers may alter system and security features, obtain data and other sensitive information. Phishing is a specific cyberattack that is conducted through SMS, email and even websites posing as legitimate companies. Phishing attackers often steal data by prompting users to provide sensitive information like personal details, login information and credit card information.
Top ways to spot a hacking or phishing attack:
Fake File Names & File Extension Attacks
With many businesses relying on computers and digital files to run and manage their operations, one way to gain unauthorised access to a PC or network is through attachments that encourage users to open the file. This can take the form of unsuspecting file names or fake file extensions. Do not click or download files from unknown sources or sources you do not trust.
Flash Drive Malware Attacks
A classic hacking method, but still relevant today is a USB flash drive hack. These portable data storing devices can hold malicious malware that, once plugged into your computer, laptop or another device, can steal confidential information, encrypt your files, take control of your device, destroy files and data, and more. One way hackers successfully pull this off is by distributing USBs in social settings. As a rule of thumb, never accept flash drives from individuals or companies you are unfamiliar with, whether that is in a professional or social setting.
Unsecured WiFi Connection Attacks
Unsecured wireless internet connections is a common and effective method of hacking due to their harmless appearance. Hackers have the ability to change WiFi hotspot names to appear safe and secure. When individuals use unsecured WiFi, hackers can see or ‘eavesdrop’ on everything you do online using the hotspot, including usernames, passwords, emails, SMS messages, credit card details and more. To avoid this type of attack, consider having an enterprise wireless network solution like using a VPN or private network to browse securely or hire an IT security company.
Unsecured Session Cookie Attacks
Browser cookies are small text files that are stored on your device by a server when you visit a website. These text files store data about you and your preferences so that the information does not have to be repeatedly requested when you visit the website. Common data stored includes names, addresses and shopping cart contents. Hackers can access cookie data over a HTTP connection as the information is viewable in clear text and is not encrypted. Only allow session cookies on an HTTPS secured website and clear your browser cookies on a regular basis.
Bait and Switch Malware Attacks
Bait and Switch is a traditional online attack that occurs when users click on what appears to be safe content or advertising (the bait) which is redirected (or switched) to a malicious page that can infect your browser with malware. To protect your business, do not click on advertising or content that seems too good to be true.
Social Engineering Attacks
Social engineering attacks involve tricking unsuspecting individuals into sharing confidential information, clicking links that lead to malicious websites or opening files that infect their device or network through posing as a trusted individual or company. Actively trying to extract personal information, such as usernames and passwords can be an indicator of social engineering hacking. Phishing is considered a form of social engineering hacking.
Grammar & Spelling Errors in Phishing Emails
Obvious grammar and spelling errors in an email is a common sign of a phishing attack, particularly if the email is supposedly coming from a trusted and reputable business, or if the email is requesting account and banking information. Confirming your account and requesting to reset your password emails are common ways for phishing attackers to obtain confidential information.
Suspicious Domain Addresses in Phishing Emails
Legitimate businesses use domain email addresses. To avoid phishing attackers, it is important to not only inspect the name of the individual sending the email, but also their domain email address for any alterations, additions (such as numbers) or spelling errors. Another way to determine a suspicious domain address is to click or hover your cursor over the email’s ‘from’ field.
Incorrect Use of Salutations in Phishing Emails
Most, if not all reputable businesses these days will address you by name in emails. Use of generic salutations such as ‘dear user’, ‘dear customer’ or ‘dear account holder’ can be a sign of a potential phishing attack. Absence of any salutation is also a sign of a potential phishing attack.
Unrecognised or Unusual Links in Phishing Emails
Sending emails with links to malicious websites and attachments containing malware that will infiltrate your computer is a common phishing technique. Phishing attacks will contain links or downloads with unusual file names, destination URL address names or destination URLs that do not relate to the context of the email sent. Often the destination link isn’t obvious to users – to determine the actual destination, hover your cursor over the link (or button) – the real destination address will appear on the bottom left-hand corner of your screen.
Understanding and recognising the different types of hacking and phishing attacks that exist will help protect you and your business. At the end of the day, it is important to remember – when in doubt never click, download or provide sensitive information online.
Take our security quiz to test your scam knowledge and find out if your too smart to be scammed.