Cyber attacks are becoming increasingly common. More people than ever before are connected to the internet via computers or smartphones, giving criminals yet more targets. Couple increased internet usage with the global cost of living crisis and the fact more people work from home where their security may be lacking, and those criminals are upping the ante as they seek to take advantage of the situation.
A study by internet security experts Norton in late 2022 revealed there are approximately 2,200 cyber attacks every day. These cyber attacks range from malware, Denial-of-Service (DoS) Attacks, Phishing, Spoofing, and more complex methods. We will discuss a few of the most common cyberattack methods so you can be aware of and avoid them.
Phishing and Spoofing
Phishing is one of the most common cyber attacks. It uses email, text messages, social media, and social engineering techniques to try to make an unsuspecting victim share sensitive information, usually their login credentials, or to download malicious files that install malware on their device. Phishing often goes hand-in-hand with Spoofing, where a cybercriminal disguises themselves as a trusted source, such as your bank, a delivery company, the top online sportsbook mybookie, or even the company the person works for. People click links sent via these fake sources believing them to be legitimate, only to discover their device is infected with malware.
Commonsense and vigilance is your best form of defense regarding phishing and spoofing. Almost every reputable company will address you by name or your account number, at the very least. Emails or texts addressed to “Dear Customer” or “Dear User” are prime candidates for being fake.
In addition, look for spelling mistakes or poorly written English. Many cyber attacks originate from countries where English is not the official language. The criminals use tools such as Google Translate to write their messages, so there are mistakes.
If you are unsure of whether an email or message is from the source it claims to be, contact the company directly. Find their customer support details online, and ask them if they contacted you. Never click any links in the email or SMS until you confirm the message’s legitimacy.
Malware, which is malicious software, is what most people call a virus. Types of malware include ransomware, spyware, adware, trojans, and worms. You have likely seen ransomware attacks on the news. The criminal manages to get their malicious code installed on a computer or network of computers and locks those computers remotely. The criminal then demands vast sums of money to unlock the computers and network.
The United Kingdom’s National Health Service (NHS) suffered a ransomware attack in 2017. The WannaCry attack led to thousands of canceled medical appointments and almost £100 million to rectify.
This ransomware attack started with an NHS employee clicking a link they should not, plus some of the Windows-based machines the NHS used were more than 15 years old and were no longer updated or supported by Microsoft. It pays to keep your operating system up-to-date.
Approximately 80% of cyber breaches are estimated to stem from using compromised identities, with many of those stolen identities stemming from phishing or spoofing attacks or by cybercriminals hacking company databases. These cyberattacks are challenging to detect because they use a person’s login details. Hacks and breaches have occurred at massive companies, including Facebook.
There is little you can do to prevent a company from being hacked, but you can ensure you only give personal information to legitimate sources that have security measures in place. Furthermore, use a different password for all your accounts, and ensure the password is strong. If it has two-factor authentication (2FA), use it. Use a password manager to store and create new passwords for your accounts. If you have different passwords, at least only one of your accounts becomes compromised if hacked, not all of them. You can check if your email address has been compromised by heading to the Have I Been Pwned website.