Technology has spawned a dizzying array of new technology security risks with complicated names such as phishing, social engineering and pretexting. Knowing about these new technology risks is already half the battle when trying to avoid these pitfalls.
Phishing is the use of fraudulent emails or phone calls to get sensitive information, such as bank account numbers, credit card information or passwords. Here is how it works:
If you’ve ever gotten an email that says your account has been locked or that irregular activity was detected in your account, you may have been the target of a phishing attempt. These messages typically include a link to a legitimate-seeming website, where you’re asked to give account information or download malware (see more on that below).
A phishing email or phone call may ask you to call a number to discuss a problem with your account. You might then be asked to reveal account details over the phone.
Phishing is a type of social engineering, which is an attack that uses misrepresentation to get sensitive information.
Pretexting involves the creation of a fake identity or scenario to fool a person into disclosing information.
For example, a fraudster may email or call your company claiming to be a supplier, survey firm, municipal inspector or insurance company to get sensitive data. A pretext attacker could also pose as a computer technician responding to a call for service to access your network.
“They may ask for little bits of information that don’t raise red flags,” Abdulmughnee says. “But over time, bit by bit, they’re trying to build a profile that could let them steal your identity.” Continue reading