Data leaks often come from within your business
“Employees can say, ‘Security isn’t my thing,’ and expect their IT department to take charge, but it shouldn’t be that way,” says Duquette. – Data leaks
Business owners need to take the… Continue reading
Five common mistakes with endpoint encryption
Endpoint encryption is heralded as one of the cornerstones to securing data and complying with data protection regulations, but it introduces new challenges which can result in costly mistakes.
Encryption is the process of… Continue reading
Phishing and spearphishing are threats to your business
While security professionals focus largely on identifying and patching vulnerabilities in software, the weakest security link typically ends users. Phishing is a social engineering method to fraudulently obtain information by disguising communication… Continue reading
Major technology security risks for your business
Technology has spawned a dizzying array of new technology security risks with complicated names such as phishing, social engineering and pretexting. Knowing about these new technology risks is already half the battle when trying to avoid these pitfalls.
1. Phishing – a technology security risk
Phishing is the use of fraudulent emails or phone calls to get sensitive information, such as bank account numbers, credit card information or passwords. Here is how it works:
If you’ve ever gotten an email that says your account has been locked or that irregular activity was detected in your account, you may have been the target of a phishing attempt. These messages typically include a link to a legitimate-seeming website, where you’re asked to give account information or download malware (see more on that below).
A phishing email or phone call may ask you to call a number to discuss a problem with your account. You might then be asked to reveal account details over the phone.
Phishing is a type of social engineering, which is an attack that uses misrepresentation to get sensitive information.
2. Pretexting – a technology security risk
Pretexting involves the creation of a fake identity or scenario to fool a person into disclosing information.
For example, a fraudster may email or call your company claiming to be a supplier, survey firm, municipal inspector or insurance company to get sensitive data. A pretext attacker could also pose as a computer technician responding to a call for service to access your network.
“They may ask for little bits of information that don’t raise red flags,” Abdulmughnee says. “But over time, bit by bit, they’re trying to build a profile that could let them steal your identity.” Continue reading
The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret. And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.-URL Padding
An SMS arrived? Better read it straight away.
New email? Let me at it.
Somebody, I don’t care about updating their Facebook status? Great, let’s see what they’re up to.
The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.
So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.
If you’re a regular reader of our blog, you may remember that back in March we published a post on the use of top level domains (TLDs) for phishing sites. In that post, we highlighted the use of generic (i.e., non-geographic) TLDs such as .support and .cloud to create URLs that appear to be authentic. For example:
summary-account.review Continue reading