Malware and Phishing
The Division of Information Technology (IT) continues to make improvements to security, however, the best defense against these attacks is knowing how to spot and report them.
Spear Phishing is an email spoofing fraud attempt that targets a specific organization seeking unauthorized access to confidential data. While spear phishing is similar to a phishing email, the messages are typically more personalized, making it appear that they are from a person or organization that you are familiar with. The success of spear phishing hinges on its ability to appear authentic and how logical the request seems to be. Everyone with an email address is a potential target.
Through partnership with the vendor PhishMe, IT launched an awareness program to help employees learn about the dangers of email fraud, specifically, email spear-phishing. Scenarios are developed collaboratively and used for educational purposes. The program is focused on spear phishing attacks in the work place and sends out simulated phishing emails that mimic real ones. If you get “reeled in” or “hooked” by a simulated phishing email, a training module will be presented to you, along with tips on how to recognize phishing email attempts and how to avoid becoming a victim in the future. The tips are applicable to home use to help you protect yourself from identity theft and help you to protect your financial account information.
Data Breaches and Information Security Risks
Every single person as well as large and multi-national organizations are emphasizing for utilizing the technology and making their life comfortable. Large companies and organizations use the Internet to get closer to their customers, make an online relationship with them, providing more and quick services to the customers. The companies also create a profile of the company online and also ask their customers to make their online profile on a company website which might bring more royalty from their customers. Customers who create profiles or any type of account, are more likely to come back to get other services. Therefore, companies can easily compile the profiles of their customers and have targeted marketing directed at their needs.
Customers who have created such a profile, believe that their data will be kept secret, safe, and will not be misplaced or compromised by the company staff or any other type of unauthorized usage. If there is any lack of trust between their clients and the company, privacy issues will take place, and these issues can create problems for organizations later on and they might face difficulty in maintaining and developing a healthy relationship with their customers.
Companies who collect data are required by law to keep their data secure. There are three specific concerns regarding information security and privacy which are identified frequently by the consumers.
- Unauthorized use of the data by external entities
- security risks and data breaches
- lack of penetration testing by the application developers
A survey has concluded results that both privacy invasion and errors has an inverse relationship with the online purchasing behaviour; although, it seemed that unauthorized use of the data has little impact. The managerial implications include the selection of channels of communications for greater impact, accurate data handling, and maintenance of permission-based contact with the users.
Have you ever wonder how many of the emails you receive are phishing emails?
You may have realized that many times the fake lottery ticket, or an email from IRS is fake - a phishing e-mail. Test your self with the IQ test from the creators of the Sonicwall firewalls (DeLL).
A computer virus is a small piece of code written to alter the way a computer operates, without the permission or knowledge of the user.
A computer virus must meet two criteria:
It must execute itself.
It must replicate itself.
Worms are programs that replicate themselves from system to system without the use of a host file.
Worms generally exist inside of other files, often documents. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm.
Trojan horses are impostors--files that claim to be something desirable but, in fact, are malicious. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan horse to spread, you must, in effect, invite these programs onto your computers by opening an email attachment.
Perhaps, one of the biggest complacency risks out there is the “Apple syndrome” - as in, “I’m not at risk of malware because I use a Mac.”
Many users believe that their Apple device is immune to the viruses; however, this is a myth.
Although the number if viruses targeting a mac operating system platform is fewer than PC platform, macs also get viruses and they can get damaged.
For the past few years a trend overtook the business market - ransomware attacks. They have taken place more often because employers failed to educate and train their employees.
In these attacks a malicious piece of software, sent by a criminal, takes over your files and encrypts those with a secret key. Afterwards it displays a message asking for most common cryptocurrency to give you back your files.
Many users do not consider themselves as a high target. however ransomware can sit on your device for a long time and the get activated at work when you take your own device to work.
Even if you connected to a wireless network, the ransomware can use your network connection and spread across the network.
IT Training Resources
Browse to the list of Spear Phishing Resources to learn how to protect your information and property.