We are all at risk. In March, the number of email antivirus detections by Kaspersky Labs, a malware prevention company, reached 22,890,956, which is four times more than the average for the same period last year. We all possess information that could be very damaging if found in the wrong person’s hands. Some of this might just be things our login credentials provide access to. It is this information that proves to be invaluable to some so much they are willing to go to great lengths of deceit to wrongfully acquire said information. Social engineering attacks occur when a hacker might pose as a co-worker and follow you through the door into your office but as the universe of business shifts more towards electronic means of communication, so too do the methods of attacks.
A common form of such an attack is referred to as a phishing attack. Whether it be an email, web ad, or chat pop-up, phishing involves tricking someone into divulging the login credentials and often other information under a pretense. The pretense can be anything from a fake government official needing information to a phony giveaway of the newest iPhone. By masquerading as a legitimate entity, it makes it hard for the attacker’s target to recognize these phishing websites and emails as frauds. All it takes is one moment of vulnerability or lapse in awareness to divulge sensitive information, and handing over credentials to an attacker provides them with a gateway into a person’s or company’s bank accounts and otherwise private information. JP Morgan sent out a fake Phishing email that 20% of its employees clicked.
These email attackers are aiming to prey on people’s inclination to trust. The Executive Director of the NC GOP was hacked and had his email used to send phishing emails to all of his contacts, looking to ascertain the login credentials of those that wouldn’t think twice of a mere ‘Dropbox’ suggestion from their local Republican Party leader. Email attacks are not always in this form, as the goal of the attacker is to have the email emulate an actual organization and appear to be authentic.
Changing all login credentials and contacting credit companies that are tied to any information that might have been made available from the security lapse is, of course, a pivotal step if exposed to a phishing attack. Also, one should put into action a plan to fortify all communication platforms through malware detection programs and anti-virus software. Seeking IT and tech support consultation is often necessary when subjected to an email attack, as well as helpful in preventing future attacks. Companies should also make sure to provide information to employees to heighten their awareness of social engineering attacks and hold regular tutorials and training workshops to keep employees as informed as possible on the various ways an attack can take form.