As the cyber threat landscape has evolved, attack and prevention methods can no longer be limited to technology. Cyber-criminals have become increasingly sophisticated, preying on human error to increase the likelihood of a successful attack. But how do they do this? What should we look out for?
Cyber criminals conduct attacks using many different methods but some of the most common that rely on human error include: social engineering, phishing and vishing.
Social engineering is the process of deceiving someone into divulging otherwise secure information. Humans love to be helpful, and cyber-criminals know how to exploit this trait for their own gain. By creating scenarios where it would seem appropriate to provide the information, or click a link to give the cyber criminals a point of entry, anyone could fall for one of these cleverly devised schemes. (Especially without the correct training.)
Due to its broad nature, social engineering can be conducted in many ways: via email, the telephone, or in person!
Over 90% of successful cyber-attacks begin with an email. Phishing emails deliver carefully designed messages to encourage the reader to take a specific action such as click a link or open an attachment.
Many of these messages create a sense of urgency, fear, or need to help and exploit these natural human emotions to the cyber-criminal’s advantage. Threats of account inactivation or financial loss are common, along with reports of unauthorised account access or unusual activities. They request the reader to perform an action such as click a link, provide information by replying, or open an attachment.
If the reader clicks the link or opens the attachment, even if they immediately close it, it is often too late to avoid problems. A simple click could mean that malware has been installed on your device, collecting keyboard activities and sensitive information which can then be used by cyber-criminals for a number of illegal activities.
Vishing is similar to a phishing attack but conducted via the telephone. It exploits the trust of people and is difficult for the authorities to trace, even if the call is reported. As there has been an increase in VoIP phone systems, the number of vishing attacks has increased. Issues associated with vishing include eavesdropping, unauthorised access to voicemail and unauthorised access to billing information.
Vishing attacks often begin with a phone call from a pre-recorded message that encourages the listener to perform a task, such as call a fake number. The listener then performs this task and, in the call, is asked to provide information such as bank account or credit card numbers. When this information is provided, cyber criminals gather the details and exploit them for their own gain.
Sometimes vishing scams will reference banks or other institutions by name, making them more relevant to victims.
What does this mean for businesses?
The examples above are just some of the ways that cyber-criminals are preying on human error, to successfully undertake a cyber-attack. As technology improves and we move closer to a digital workforce, basic cyber security awareness is essential for all employees. The only way of being able to spot these schemes is by being aware of what to look out for. Often, employees are the last line of defence against cyber criminals, when cyber-attacks have managed to penetrate through technological measures.
How cyber aware are your employees?
We can help you find out.
Get in touch for more information about our cyber awareness solutions.