Get a FREE personalised SASE assessment from Netskope!
Cyber-attacks have been an ongoing issue for years. Each online attack is different from the other but intends to steal personal information about an entity such as their mobile number, email address, credit card information, social media accounts and additional pertinent personal information.
Given how these unpredicted times have forced most of us to resort to remote work, protecting personal information is an issue for anyone wanting to browse the internet.
There are several ways in which hackers can gain access to your personal information; the most common attempts are:
- Keylogger - A software commonly used to record and retain key sequences and strokes on a keyboard into a readable log file on a computer. Some of the most common examples of the sort of data collected are email addresses and passwords. The keylogger can be either software used to target current programs installed on a computer, or a hardware device for targeting electromagnetic emissions, keyboards and even smartphone sensors.
- Social media hacking - another approach to obtaining personal information about an entity, but by gaining access to their social media accounts, hackers can use their account to manipulate friends and family or customers. Alternatively, attackers might threaten to expose their victims' information without their consent unless they pay them.
In August 2017, the popular TV series Game of Thrones and their ever-growing Twitter community of seven million followers fell victim to a cyberattack. A group called OurMine had taken full control of the main HBO accounts, including Game of Thrones. These are just some of the standard hacking techniques to avoid and stay safe online.
But when specific hacking techniques don't work, new ones are made and are often way more effective and dangerous to use. It is because of these ever-growing hacking techniques that pose a risk to anyone online.
Online businesses are often the primary target for hackers because they can either obtain two things from them: money, a method of forcing a company to pay up to have their information back or compromising sensitive data, which can be costly. According to the Ponemon Institute, the average cost of a data breach is $3.92 million, with 43% are breach victims from small businesses.
BONUS EBOOK: 5 Reasons to Use Cloud Security with Remote Workers
What are phishing attacks?
Phishing is one of the most dangerous forms of social engineering used to attain user data; this can be in credit card details, email address, login credentials and other personal information. This attack only happens when a hacker, often portraying themselves as a trusted entity, deceives a victim into clicking a malicious weblink.
In most cases, after clicking on the link, this would automatically lead to the installation of malware, causing significant damage by freezing the system as one of the first steps of a ransom attack or exposing sensitive information to the public. After the malware has is installed, the devastating results can vary from unauthorised purchases to identify theft.Is there more than one type of phishing attack
There are various types of phishing attacks that hackers can choose from, depending on the victim they intend to attack. A typical phishing attack is an email phishing technique that often involves the hacker initially performing research on their victim, they then structure an email often posing as someone that the victim knows and emails them with a link.
What is Spear Phishing?
This type of attack involves hackers researching and targeting a specific group of individuals as the company's system administrators. The reason for the word 'spear' is an act of an attacker being particular as to whom they want to target.
What is whaling?
This type of attack refers to the attacker, specifically targeting business owners or high profile individuals.
For instance, a CEO would be their victims. To initiate an attack, a hacker would email these individuals about their business. Synonymous to email hacking, attackers would make false accusations about the company and demand that they resolve any issue by clicking on the emails' links. For example, a hacker would directly email a CEO of a business, stating that their company is getting sued and to learn more about this email, they would need to click on the link.
If the CEO clicks on the link, they may redirect to a page where they need to fill in their details and data about their business, such as bank account details and Tax ID. Email phishing scams are a common technique used to attack more than one victim. A hacker would send out thousands of fraudulent messages, mostly written in a personal or forceful tone with a catchy subject heading to encourage their victims to click on the email. This type of attack can net significant information and money, regardless of the percentage of victims who fall for the scam.
How to protect yourself online?
With the growing concern over online security and cyber attacks, more online cybersecurity communities are coming together to help raise awareness and educate others on the types of hacking techniques.
Moreover, there are many online resources to help individuals or businesses learn what to do if they suffer a breach. Some examples include changing your password, ensuring that it is strong, freezing your credit card and seeking immediate support from your bank, and shutting down your computer or device.