Cybersecurity Threats

The first step to take in defending against threats is understanding them. Let’s define the top threats in our cyberspace today.

1. Phishing Threats

These attacks usually happen over email and are looking to steal sensitive personal information like usernames, logins, and credit cards. A study by Verizon in 2020 found that 22% of all data breaches were due to phishing.

  • Basic-phishing – also called spray-and-pray, sends a huge quantity of generic emails out pretending to be a bank or insurance or another common institution.
  • Spear-phishing – usually starts with an email specific to interests or concerns of a small group of people.
  • Cat-phishing – targeting people by adopting a fake online persona and pursuing some sort of relationship that ultimately results in extortion or fraud.
  • Whaling – target a single person or a very small group, often targeting executives with executive-appropriate concerns like customer complaints or wire transfers.
  • Vishing – voice or voicemail phishing, calling and pretending to be from legitimate places like the IRS or a bank collecting on student loans or an embassy.

2. Social Engineering

Uses social interactions to form relationships with individuals and take advantage of their trust by asking for money or account passwords.

3. Scams

Scams can appear as pop ups, emails, text messages and even in the mail. They present themselves as fake offers, deals or winnings that require a small payment from you to collect or other personal information.

4. Malware

It’s a software designed to damage or disable your devices, computer network, client or server. Malware comes in many varieties:

  • Website Malware – malware specifically developed to target websites or web servers.
  • Virus – a malware that inserts its code into a host program. When the program runs, the infection is spread throughout the computer.
  • Trojan Horse – a malware hidden inside legitimate files or programs.
  • Worm – a malware program that spreads to other computers through the network. Unlike a virus, it does not require a host program to spread.
  • Ransomware – a malware that holds data hostage until a ransom is paid.
  • Spyware – malware that tracks user behavior and violates their privacy.

Pandemic-Specific Scams

With more people working from home than ever before COVID-19 brought an onslaught of scammers seeking opportunity. The FBI found several schemes to be wary of, including:

  • Bogus COVID-19 tracing apps.
  • Fraudulent COVID-19 web domains selling at-home testing kits to capture credit card information or vaccine appointments.
  • Financial institutions offering COVID-19 relief or stimulus check information (with applications of personal info).
  • Phishing emails selling Personal Protective Equipment (PPE) like face masks.

There is truly no better time to be vigilant. Put into practice these tips to avoid being the next victim:

Put these 5 Cyber Smart Habits into Practice

  1. Stay Updated – Keep your software versions up to date and update whenever prompted. Outdated browsers and operating systems leave you vulnerable to attack and are one of the top 3 causes of website hacks.
  2. Don’t Talk to Strangers – Don’t accept friend or connection requests from people you don’t know, and don’t open email or text messages or attachments from unknown senders.
  3. Make a Strong Password – Create a unique password for every login and rely on a password manager instead of memory
    • TIP: Instead of a pet’s name or favorite color, use an acronym of phrases to help you create unique passwords
  4. Read Up – Subscribe to security blogs that can keep you aware of new threats to be cautious of. Read up and make yourself safe
  5. Less is More – Google found that 59% of web users have included a name or birthday in their passwords for accounts. If that personal information is easily available on your social media accounts, it makes it easier for hackers to steal your identity. Remove your email and phone number, last name, birthday, and any information you use as answers to security questions.