Cybersecurity Threats on the Rise
Organizations today are far more vulnerable to cyber threats due to the digital information and technology that are so heavily integrated into the daily workplace. The attacks themselves, which target both information and critical infrastructure, are becoming far more sophisticated.
According to a recent study by Verizon, 82% of data breaches involved some type of ‘Social Engineering,’ which can be defined as the psychological manipulation of people into performing specific actions or divulging confidential or personally identifiable information (PII).1
At West, a multi-layered cyber-defense program has been developed to protect the organization from potential cyber-attacks. The cybersecurity team continuously monitors and scans for malicious activity, along with performing testing to identify any vulnerabilities. West constantly trains employees to identify these threats through simulated exercises.
As an organization, West recognizes the importance of a sound strategy for addressing cybersecurity as well as ensuring that the right investments are made to protect information assets, personally identifiable information, and the company’s reputation from insidious cyber-attacks. West’s focus is, and always will be, on improving resilience to cyber incidents, enhancing threat awareness and response tactics, and making sure employees are sufficiently trained.
Phishing is the most common example of social engineering, and one of the most dangerous due to its varied and adaptive nature. There are various phishing methods, including.
- Email phishing
The most common form of phishing, this type of attack uses tactics like fake hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as large account providers like UPS, Microsoft or Google, a coworker, or even familiar senior level executives.
- Malware phishing
This type of attack involves planting malware disguised as a trustworthy attachment (such as a resume, bank statement or invoice) in an email. In some cases, opening a malware attachment can paralyze an entire IT network.
- Spear phishing
Where most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and/or social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity controls.
When bad actors target a “big fish” like a business executive or celebrity, it’s called whaling. These scammers often conduct considerable research into their targets to find an opportune moment to steal login credentials or other sensitive information. If you have a lot to lose, whaling attackers have a lot to gain.
A combination of the words “SMS” (text) and “phishing,” smishing involves sending text messages disguised as trustworthy communications from businesses like Amazon or FedEx. People are particularly vulnerable to SMS scams, as text messages are delivered in plain text and come across as more personal and common.
In vishing campaigns, attackers in fraudulent call centers attempt to trick people into providing sensitive information over the phone. The visher might first send a text message to potential victims in high volumes from a long list of phone numbers. Another vishing method creates an automated message and robo-dials potential victims using computer-generated voice messages to remove accents and build trust. The voice message then tricks the user into connecting to a human agent who continues the scam, or it might ask users to open an attacker-controlled website – all efforts to exploit the victim for information.
A newer form of phishing, quishing makes use of malicious QR codes. When scanned, it directs unsuspecting victims to a fake version of a legitimate website and lures them into giving up sensitive information such as passwords and login credentials.
It’s ok to be a bit frightened and wary of online scams, but there are ways to protect yourself:
- Be cautious with emails – especially if they contain suspicious links or attachments. Check the sender’s name or email address for clues.
- Do NOT click on suspicious links or open email attachments unless it comes from a trusted sender that can be verified.
- Don’t accept “friend requests” on social networks from random people. These ‘friends’ may be scammers trying to access personal information from tweets.
- Remain alert with text messages. Avoid clicking on any suspicious links, and resist replying to strange texts asking for information. Never send sensitive information via text without verifying the authenticity of the requestor.
- Don’t answer unknown calls. If the call appears and sounds suspect, there is a good chance it is a scammer. Hang up immediately and block the phone number.
- Only scan QR codes from trusted or known senders. Before scanning the code, check the destination or URL first. If it seems suspicious, avoid scanning the QR code.The best thing that can be done to avoid social engineering is to always be vigilant. Remember learning about not talking to strangers? That remains true to this day, whether in person or online. Stay safe.
- 2022 data breach investigations report. Verizon Business., https://www.verizon.com/business/resources/reports/dbir/