Phishing and Malware

Spear Phishing is an email spoofing fraud attempt that targets a specific organization seeking unauthorized access to confidential data.  While spear phishing is similar to a phishing email, the messages are typically more personalized, making it appear that they are from a person or organization that you are familiar with - - a trusted source.  The success of spear phishing hinges on its ability to appear authentic and how logical the request seems to be.  Everyone with an email address is a potential target.  

The Division of Information Technology, (IT) continues to make improvements to security, however, the best defense against these attacks is knowing how to spot and report them.  Through partnership with the vendor PhishMe, the Division of IT launched an awareness program to help employees learn about the dangers of email fraud, specifically, email spear-phishing.  Scenarios are developed collaboratively, and used for educational purposes.     

The program is focused on spear phishing attacks in the work place and sends out simulated phishing emails that mimic real ones.  If you get “reeled in” or “hooked” by a simulated phishing email, a training module will be presented to you, along with tips on how to recognize phishing email attempts and how to avoid becoming a victim in the future.  The tips are applicable to home use to help you protect yourself from identity theft and help you to protect your financial account information.  

Data Breaches and Information Security Risks

 

In this modern world, the use of technology is increasing day by day. Every single person as well as large and multi-national organizations are emphasizing for utilizing the technology and making their life comfortable. Individuals use technology, especially Internet as a mode of communication, interacting with friends and family, knowing about world affairs, online shopping, and much more. Additionally, large companies and organizations use the Internet to get closer to their customers, make an online relationship with them, providing more and quick services to the customers.

The companies also create a profile of the company online and also ask their customers to make their online profile on a company website which might bring more royalty from their customers. Customers who create profiles or any type of account, are more likely to come back to get other services. Therefore, companies can easily compile the profiles of their customers and have targeted marketing directed at their needs. On the other hand, customers who have created such a profile, believe that their data will be kept secret, safe, and will not be misplaced or compromised by the company staff or any other type of unauthorized usage. If there is any lack of trust between their clients and the company, privacy issues will take place, and these issues can create problems for organizations later on and they might face difficulty in maintaining and developing a healthy relationship with their customers.  Companies who collect data are required by law to keep their data secure. There are three specific concerns regarding information security and privacy, which are identified frequently by the consumers, and these are:

 

unauthorized use of the data by external entities,

security risks and data breaches,

and lack of penetration testing by the application developers and errors that may arise.

 

A survey has concluded results that both privacy invasion and errors has an inverse relationship with the online purchasing behaviour; although, it seemed that unauthorized use of the data has little impact. The managerial implications include the selection of channels of communications for greater impact, accurate data handling, and maintenance of permission-based contact with the users. 

  • Phishing IQ
  • Have you ever wonder how many of the emails you receive are phishing emails?
  • You may have realized that many times the fake lottery ticket, or an email from IRS  is fake - a phishing e-mail. Test your self with the IQ test from the creators of the Sonicwall firewalls (DeLL). 
  • How is your Phishing IQ?Opens in new window
  • Virus
  • A computer virus is a small piece of code written to alter the way a computer operates, without the permission or knowledge of the user.
  • A computer virus must meet two criteria:
  • It must execute itself. 
  • It must replicate itself. 
  • Computer Virus?Opens in new window
  • Worm
  • Worms are programs that replicate themselves from system to system without the use of a host file. 
  • Worms generally exist inside of other files, often documents. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. 
  • Trojan Horse
  • Trojan horses are impostors--files that claim to be something desirable but, in fact, are malicious. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan horse to spread, you must, in effect, invite these programs onto your computers by opening an email attachment. 
  • Trojan Horse?Opens in new window

Statistics about Internet Privacy

  1. More than 21 per cent of Internet user’s social networking account or email account is compromised or data has been taken without permission.
  2. 86 per cent of people have tried to take a step to remove their online digital footprints.
  3. 55 per cent people has taken a step, in order to avoid observations (By any specific person, government or organization)
  4. Data of more than 11 per cent Internet users has been stolen. This data includes credit card number, passwords and bank account information.
  5. 68% of people have the opinion that current laws are not enough for protecting the privacy of Internet users (Susskind, 2013)
  • Global Security Attacks
  •  
  • Below you will find a link to live security attacks around the globe. Most of Security Companies, share their data in order to be able to prevent data breaches and attacks around the globe.
  • Live Security AttacksOpens in new window

Apple Syndrome

Perhaps, one of the biggest complacency risks out there is the “Apple syndrome” - as in, “I’m not at risk of malware because I use a Mac.”

Many users believe that their Apple device is immune to the viruses; however, this is a myth. Although the number if viruses targeting a mac operating system platform is fewer than PC platform, macs also get viruses and they can get damaged.

Apple Cyber Security Predictions for 2017Opens in new window

Ransomware

For the past few years, a new trend overtook the business market by criminals. Most of the Ransomware attacks, have taken place because employers failed to educate and train their employees. 

In these cases, a malicious piece of software, sent by a criminal, takes over your files, and encrypts those with a secret key. Afterwards, displays a message asking for most common cryptocurrency to give you back your files.

Ransomware PreventionOpens in new window

Attacks

Reading about the tech industry trends, and updating your devices can prevent data loss.

Many users do not consider themselves as a high target. however ransomware can sit on your device for a long time and the get activated at work when you take your own device to work. Even if you connected to a wireless network, the ransomware can use your network connection and spread across the network.

The top 10 worst ransomware attacks of 2017Opens in new window

IT Training Resources

Browse to the list of ResourcesOpens in new window to learn how to protect your information and  property.

Help And Support

If you have any questions, or need assistance, please contact the IT HelpDesk at helpdesk@fullerton.edu or 657-278-7777 for Staff and Faculty, and  657-278- 8888 for Students.