As individuals continue to share their personal data and details, it’s incredibly important that precautions are taken when doing so. Sometimes, more information than necessary or appropriate is shared willingly online, and individuals with malicious intent can use that information for bad. There are many different types of network security threats to be cautious about. Still, of all of them, there are two that I feel are easily avoidable with basic knowledge and training, social engineering, and phishing.
International cyber security company Kaspersky defines social engineering as “… a manipulation technique that exploits human error to gain private information, access, or valuables” (Kaspersky. (2024)). Social engineering is easy for hackers to use when too much personal information is willingly shared online. This may seem like a no-brainer to most people, however, it can happen to the most cautious IT professional. In September of 2023, the Las Vegas Nevada casino giant MGM was hit with a cyber attack that ultimately cost the company over 100 million (Reuters. (2023)). Gaining access was easy for the hackers after they used information shared publicly to impersonate an MGM employee and gain access via social engineering (Braithwaite, S. (2023)).
A type of social engineering, phishing scams are another threat to be vigilant for. As described by the Federal Trade Commission, phishing scams are when scammers create a fraudulent message trying to entice their target to respond and provide personal details (Federal Trade Commission Consumer Advice. (2022)). Information provided to the scammers in phishing messages is used for identity theft. For example, a phishing message may be designed to look like it came from your banking institution. The phishing message could be an alert that your banking card has expired, and you need to click the URL within the email to resubmit your personally identifiable information to be issued a new card. At first glance, a phishing message looks to be real. However, these messages are often written with a sense of urgency that tries to trick the recipient into responding quickly before thinking twice about who the sender is.
We all must take responsibility to protect our own personal data. There are simple steps each person can take to help prevent any unwanted damage. To prevent social engineering attacks, think about the kind of information you are sharing publicly. The best way to prevent a social engineering attack is never to use shared information as an account setting. For example, if you publicly share your pet’s names in posts on social media, don’t use those same names as answers to an account security question. However clever phishing messages attempt to present themselves, there can be obvious signs of deception. Checking a sender's address is usually a quick way to tell the legitimacy of the message. For example, an email from “amazonsellar.com” is probably not associated with the retail giant Amazon.com, based on their address spelling. Once you have identified the phishing message, you can mark the sender as spam so that no future messages from them will be delivered to you. Remember to always stay vigilant and cautious while sharing your personal information online.
References
Braithwaite, S. (October 24th, 2023). ALPHV: Hackers Reveal Details of MGM Cyber Attack. Retrieved on January 21st, 2024 from, https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/alphv-hackers-reveal-details-of-mgm-cyber-attack/
Federal Trade Commission Consumer Advice. (2022, September). How to Recognize and Avoid Phishing Scams. https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Kaspersky. (2024). What is Social Engineering? Retrieved on January 21st, 2024 from, https://usa.kaspersky.com/resource-center/definitions/what-is-social-engineering
Reuters. (2023, October 5th). Casino giant MGM expects $100 million hit from hack that led to data breach. CNN Business. https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html
International cyber security company Kaspersky defines social engineering as “… a manipulation technique that exploits human error to gain private information, access, or valuables” (Kaspersky. (2024)). Social engineering is easy for hackers to use when too much personal information is willingly shared online. This may seem like a no-brainer to most people, however, it can happen to the most cautious IT professional. In September of 2023, the Las Vegas Nevada casino giant MGM was hit with a cyber attack that ultimately cost the company over 100 million (Reuters. (2023)). Gaining access was easy for the hackers after they used information shared publicly to impersonate an MGM employee and gain access via social engineering (Braithwaite, S. (2023)).
A type of social engineering, phishing scams are another threat to be vigilant for. As described by the Federal Trade Commission, phishing scams are when scammers create a fraudulent message trying to entice their target to respond and provide personal details (Federal Trade Commission Consumer Advice. (2022)). Information provided to the scammers in phishing messages is used for identity theft. For example, a phishing message may be designed to look like it came from your banking institution. The phishing message could be an alert that your banking card has expired, and you need to click the URL within the email to resubmit your personally identifiable information to be issued a new card. At first glance, a phishing message looks to be real. However, these messages are often written with a sense of urgency that tries to trick the recipient into responding quickly before thinking twice about who the sender is.
We all must take responsibility to protect our own personal data. There are simple steps each person can take to help prevent any unwanted damage. To prevent social engineering attacks, think about the kind of information you are sharing publicly. The best way to prevent a social engineering attack is never to use shared information as an account setting. For example, if you publicly share your pet’s names in posts on social media, don’t use those same names as answers to an account security question. However clever phishing messages attempt to present themselves, there can be obvious signs of deception. Checking a sender's address is usually a quick way to tell the legitimacy of the message. For example, an email from “amazonsellar.com” is probably not associated with the retail giant Amazon.com, based on their address spelling. Once you have identified the phishing message, you can mark the sender as spam so that no future messages from them will be delivered to you. Remember to always stay vigilant and cautious while sharing your personal information online.
References
Braithwaite, S. (October 24th, 2023). ALPHV: Hackers Reveal Details of MGM Cyber Attack. Retrieved on January 21st, 2024 from, https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/alphv-hackers-reveal-details-of-mgm-cyber-attack/
Federal Trade Commission Consumer Advice. (2022, September). How to Recognize and Avoid Phishing Scams. https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Kaspersky. (2024). What is Social Engineering? Retrieved on January 21st, 2024 from, https://usa.kaspersky.com/resource-center/definitions/what-is-social-engineering
Reuters. (2023, October 5th). Casino giant MGM expects $100 million hit from hack that led to data breach. CNN Business. https://www.cnn.com/2023/10/05/business/mgm-100-million-hit-data-breach/index.html
Comments
Post a Comment