6 Common Cybercrime Threats (And How To Defend Against Them)

October is National Cybersecurity Awareness Month (NCSAM) as ordained by the National Cyber Security Alliance, and as such, I find it only fitting to remind everyone to remain vigilant in your efforts to stay safe in cyberspace.

6 Common Cybercrime Threats (And How To Defend Against Them)

October is National Cybersecurity Awareness Month (NCSAM) as ordained by the National Cyber Security Alliance, and as such, I find it only fitting to remind everyone to remain vigilant in your efforts to stay safe in cyberspace.

Take a look at the list below of the most common cyber-attacks and how to protect yourself from each, as well as what to do if you become a victim of each.

SPAM – Not really a threat per se, but an annoyance. This is the unsolicited, often junk mail that you receive in your email. Not a crime.

Solutions:

  1. Many email clients have SPAM/Junk filters built-in and automatically place suspected SPAM messages into a different folder. (You may need to do some research on this). Sometimes legitimate emails get marked as SPAM, but you can tell the email client not to mark it as junk in the future, and the messages will be delivered to your Inbox.
  2. Control what you sign up for online. Hide your email address and other personal information if possible, from outside parties. Make your profile private.
  3. Consider the use of a separate email account for signing up for one time or less important services. You may be able to use a fake name, home address, and telephone number if this information is required for signup.

Phishing – A cybercrime in which an attacker, who poses as a legitimate institution, sends emails to their targets in order to obtain specific information that can later be used in other cyber attacks.

Emails may contain malicious links or attachments such as files, images, or videos.

Solutions:

  1. “When in doubt, throw it out.” – If you receive an email that you suspect is a phishing scam, delete the message immediately. DO NOT open any attachments or click on any of the links. DO NOT forward the email to anyone.
  2. Call or email the institution from which the email supposedly originated, to verify if it’s a legitimate message. Make sure to dial the number or use the email address posted on the company’s website. DO NOT call any numbers or use any email addresses shown within the suspicious email.
  3. Never respond to ANY email that you suspect to be fraudulent or ANY email that asks for personal information such as usernames, passwords, home addresses, account numbers, your social security number, your license/passport/green card numbers, etc.
  4. Check for poor grammar or spelling mistakes in the email.
  5. Make sure to keep your anti-virus software updated.
  6. DO NOT use the same password for all of your important accounts, and make sure that they are either complex passwords, or better yet, use passphrases. E.g. Instead of using a complex password like “@#456YuI(#=!Ac” you can use a passphrase such as “My 1954 Camaro is a BEAST!!!” Make sure the passphrase is something memorable to you.

What to do if you believe you are a victim of phishing:

  1. Report the incident to your IT personnel.
  2. Report the incident to the authorities if you feel threatened.
  3. Monitor your accounts for any unauthorized changes whether big or small.
  4. Update your anti-virus software and run a full scan.

Vishing – Similar to a phishing attack, vishing is when an attacker uses phone calls, instead of emails, in an attempt to scam the user into revealing private/sensitive information for use in identity fraud.

Solutions:

  1. If you receive a phone call that you suspect is a scam, HANG UP immediately. DO NOT surrender ANY information to the caller.
  2. Call the institution yourself to find out if they were really trying to get a hold of you. Make sure to dial the number posted on the company’s website. DO NOT call or redial any numbers that you see on your caller ID, as they are most likely fake phone numbers.
  3. Never give information to ANYONE asking for personal information such as passwords, your FULL social security number, your license/passport/green card numbers, etc.
  4. Some legitimate institutions may ask for you to verify your home address, account number, phone number, email address, date of birth, and the last 4-digits of your SSN, but they should never ask for your FULL SSN or PASSWORD. Make sure that you are on a call with the real company before releasing this information.

What to do if you believe you are a victim of vishing:

  1. Report the attack to your IT personnel.
  2. Monitor your accounts for any unauthorized changes whether big or small.
  3. Report the attack to the authorities if you feel threatened.

Typosquatting or URL Hijacking – This is an attack wherein a perpetrator creates a fake website that is set up to look like a real site, but the spelling of the URL or site name contains an error that is easily made by users.

For example, an attacker may set up a site with the name “www.gooogle.com” instead of www.google.com.

Users who are not careful may type in an extra ‘o’ in the name and will land on the fake site. From here, the site will record all of the information that you enter into any text or password boxes.

Solutions:

  1. Be careful when typing in the name of any website that you want to visit. This is especially crucial if you are trying to get to any financial or medical websites.
  2. Be aware of any links that are sent to you via email or text messages. Check the spelling of the links.
  3. Make sure your anti-virus software is updated.

What to do if you believe you are a victim of typosquatting:

  1. Report the attack to your IT personnel.
  2. Report the attack to the authorities if you feel threatened.
  3. Monitor your accounts for any unauthorized changes whether big or small.
  4. Clear your web browser cache.
  5. Update your anti-virus software and run a full scan

Baiting – This is an attack that exploits human curiosity.

For example, an attacker may intentionally leave a USB flash drive laying around on the ground of a parking lot. Most people are curious and will pick up the flash drive to see what it contains.

The attacker will have some sort of software on the USB flash drive that executes on the target user’s PC and infects it, giving the attacker access to the laptop without any knowledge of the user.

Solutions:

  1. Do not plug any foreign devices into your laptop or other devices unless you are absolutely sure of its origin.
  2. Do not use chargers or charging cables to charge your mobile devices if you are not certain where the charging items came from. These cables are known as O.MG cables. O.MG stands for “Offensive Mike Grover”, after the researcher who developed the cable, which is designed to open a back-door into your system without you knowing.

What to do if you believe you are a victim of baiting:

  1. Unplug the foreign device immediately.
  2. Report the incident to your IT personnel and hand them the device so that they may investigate it in a safe sandboxed environment.
  3. Report the incident to the authorities if you feel threatened.
  4. Monitor your accounts for any unauthorized changes whether big or small.
  5. Update your anti-virus software and run a full scan.

On top of these threats listed here, please also be mindful of what you post online on social media, especially when it comes to personal information you could be revealing to malicious parties. Also, make sure your privacy settings are adjusted so that your posts are not viewable by anyone outside of your “Friendly” contacts.

Recognize Cybersecurity Awareness Month By Making Sure You’re Secure!

Don’t let this month go by without double-checking your cybersecurity. You can start improving your cybersecurity in three simple steps:

  1. Book a meeting with our team at a time that works for you.
  2. Let us assess your cybersecurity and address any vulnerabilities we find.
  3. Get back to focusing on your work, instead of worrying about your cybersecurity.