Cybercriminals are always thinking of new ways to steal and gather data from unsuspecting people. With new attacks appearing, it can be challenging to keep track of how to identify different scams. Thankfully, the Bigger Brains course, Think Before You Click, covers what you need to know about scams and how you can stay one step ahead of the bad guys. Here are the top five cybersecurity attacks you should look for!
A phishing attack is a social engineering attack designed to steal user data, login information, or credit card information. Usually, a phishing scam targets a large group of people hoping that at least one person will respond, thinking the scam is legitimate. These attacks are generally very vague but urgent. They usually provide enough information to seem legitimate, but it is evident that something fishy is going on upon closer inspection.
While a phishing attack focuses primarily on email interactions, vishing, and smishing target victims through other channels. Vishing attacks are where someone leaves a voicemail claiming that the victim faces serious and potentially legal repercussions if they don’t send information to a specific number. On the other hand, smishing is the same as a phishing attack; only victims are targeted via text message. Like a phishing scam, a smishing attack will usually encourage the victim to click a corrupted link.
A spear phishing attack is similar to a phishing attack, except more advanced. Instead of sending the same message out to many people, a spear phisher will target one specific person. The cybercriminal spends a significant amount of time gathering information on an individual via social media or public information to create a fake scenario that is most likely to generate a response.
Usually, a spear phishing attack aims to steal money from the targeted victim. This often happens by sending credit card information or information for redeemable gift cards. One of the most common spear phishing attacks is when a cybercriminal tries to impersonate your boss. It can be easy to catch someone off guard in the middle of the workweek or at the end of a long day in a company that communicates heavily via email.
Business Email Compromise (BEC)
A Business Email Compromise attack is more difficult to accomplish so it is usually conducted by more experienced cybercriminals. In a BEC scam, the cybercriminal will use some combination of social engineering and hacked credentials to gain access to the legitimate email account of someone high within the company. From there, the scammer will request payments or encourage urgent transfers from others. The victim does not always have to be someone from the same company; sometimes, a BEC scammer targets business vendors with fraudulent invoices.
A Business Email Compromise scam is particularly threatening because the hacker gains access to a legitimate email within a company. This can make the threat harder to detect because it could look like it’s coming from a trusted source. In a situation like this, it is essential to contact the sender through another communication source and double-check their request’s validity.
Ransomware is one of the newest cybersecurity attacks to plague businesses. Ransomware is a type of malware that blocks access to files and systems. Using advanced encryption, ransomware scrambles a company’s data and then holds them hostage until a fee is paid. Usually, once the cybercriminals receive their money, they unscramble the files. It is important to note that this is not always the case though. There have been instances where a business pays off the ransom only to find that the cybercriminals took the money and ran, leaving them with encrypted files that they cannot access.
Most commonly, businesses that have crucial information are targeted for ransomware attacks. A frequent victim of these attacks is hospitals. Cybercriminals target hospitals and similar companies because they know that large amounts of people are at risk as long as the files are encrypted. Instead of the illusion of an urgent situation, ransomware attacks tend to make urgent situations a reality.
One of the most intense cybercriminal attacks is a sextortion attack. This attack happens when a victim has their data stolen. For a victim to receive their stolen data, cybercriminals usually demand pictures or videos that are sexual in nature. While victims may assume that sending the requested ransom will return their data, that is usually not the case. Most of the time, once a cybercriminal knows they can blackmail the victim, the blackmailing only increases in frequency and severity. It is not uncommon for a sextortion attack to escalate to blackmail sex.
A common sextortion scenario is that a cybercriminal has hacked an individual’s computer microphone and camera. After announcing this to the victim, the attacker claims they have gathered compromising videos. Unless paid off, the attacker will send the information to all the victims’ contacts. Suppose you are ever caught in this situation. In that case, the most critical steps to take are; not sending the attacker anything they are asking for, gathering evidence of the blackmail, and reporting the incident to the police.