Security Threats Part (1)
In the previous Daily Best Practices for Security Awareness article, I discussed about security best practices. The reason why we should use best practices in our daily life is to protect the intrusion of security threats whose purpose is getting our confidential or business information. In today’s article, I would like to discuss about the most infected 4 of 10 Security Threats as Part 1.
➡ Security Threats
Security threats mean exploited ways of attackers that have the purpose to threaten our business system or personal information.
Phishing is a cyber-attack that uses disguised email as weapon. Attackers trick recipients into believing the messages with the fake domain addresses that are similar with our own organizational domain address, our partner organizational domain address and official domain addresses like PayPal, Gmail, Facebook, etc. According to Phishing attack in the figure, the attacker tricks the recipients with the notice of PayPal fake domain address.
This message makes recipients concern with abnormal information that PayPal has noticed some unusual login activities in the users’ accounts and make them login to check the account permission until this issued is solved by PayPal. If we haven’t noticed whether sender’s address is official domain address or fake, we can be tricked. Let’s assume [email protected] is real domain address. But attackers create a fake similar domain address like [email protected] by replacing o by 0, inserting numbers. If we accidently click malicious link attached in the attacker’s disguised email and insert our confidential information, there can be a great loss for us.
As a best practice, we must check whether the sender’s domain address is fake or real before we reply or forward an email. If we suspect that this mail is disguised email, be careful not to click any malicious link attached in this mail and please forward this mail to security department in our organization.
Malvertising attack can infect users by clicking ads on websites. I think we have already seen unofficial ads such as $1000 Amazon Gift Card Pop-up, the warning message like “Your PC is about to crash! Click OK to fix for free!” while visiting websites. If we clicked these malicious ads, Trojans or some sort of malware will be automatically downloaded to your PC in background. Consequently, users can loss private data by being infected by CnC (Command and Control).
➡ Shoulder-Surfing Attack
Shoulder-Surfing refers to the act of obtaining personal or private information through direct observation. Someone may be looking over our shoulder while we’re typing password in ATM or in our PC. Therefore, we have to make visual checking to our surrounding before typing something important.
➡ Vishing Attack
Vishing attack is one kind of social engineering attacks. Vishing attack is carried out using voice technology. Attackers trick people into giving critical financial or personal information by using software that can imitate phone numbers or caller’s voice into the same with our friendly person’s voice or phone no.
As counter measure, we should be aware not to tell our privacy data to some calls unless we don’t initiate the call. We can check this caller ID is fake or real by calling back to the same Caller ID.
I would like to end discussing about Security Threats in Part-1. In next article, I will continue writing about the most infected security threats as Security Threats Part 2.
Don’t forget to share this post!