The growth of the internet in the late 1980’s and early 1990’s brought huge opportunities to both organisations and individuals but this growth also signalled a birth of a new type of person; the hacker. Typically your computer hacker in the late 80’s and 90’s hacked into computers to show off with only a small proportion operating to cause damage and disruption. Nowadays, the game has changed; hackers are primarily acting illegally or on behalf of a nation state to steal data, break into systems for monetary gain and to seriously damage systems.
Hackers are using increasingly sophisticated methods to target both organisations and individuals, which are all easy to fall for, if not aware. Below is a list of common attack methods and what you can look out for to prevent falling into the trap.
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organisation or individual, seeking unauthorised access to confidential data. Spear phishing email messages appear to come from a trusted source such as a well- known company or online entity with a broad membership base. To make an email appear to be authentic, the sender will typically include a company logo and a copyright slogan enticing individuals to click on either attachments or links containing malware.
Social engineering is a form of spear phishing whereby hackers will glean key information on individuals to con people into performing actions or divulging confidential information. To get individuals to release information, hackers will use social media to gain information about a person as well as phone calls to build up individual’s profiles.
Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number.
Never click on links in emails. If you do think the email is legitimate, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.
Rethink what you share on social media. Many individuals continue to share every aspect of their lives on social media from their date of birth to home addresses, likes and dislikes. All of this is fodder for social engineers and can be used to target you for attack.
Never open attachments. Typically, large corporations will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.
A lot of today’s software is not free. Lots of people are looking for ways to get access to free software bypassing protection to look for cracked software. This is the perfect opportunity for hackers to advertise free downloads to gain access to computers.
Buy legitimate software. Software can be expensive but the costs far outweigh the loss of data through use of cracked software.
The creation of portable media drives such as USBs and CDs has given hackers a wonderful new opportunity. USB drives can be infected by the simple act of inserting an USB pen drive into an infected machine. An infected USB stick will then pass the malware onto any machine in which it is used.
Set USB to read-only. Making a USB stick read-only should prevent infections when plugging into a different machine.
‘Clean’ it. An up-to-date version of an antivirus software will allow you to ‘clean’ up your USB and take the infection if it has been compromised.