Common Cyber Security Threats for a Novice – Part I
This blog is more focused on the security threats exposed and experienced by beginners, infrequent internet users or those who spend much time on social network without appropriate security concerns. As part of a series, this is the first blog post.
Phishing refers to an urgent e-mail message that lure recipients into responding. Often these messages will appear to be from a friend, a bank or other legitimate source asking for personal information such as names, passwords, account numbers or credit card information. These messages might also direct users to phony Web sites to trick users into providing personal information.
Consequences: Users falling for the “bait” often have their money and/or identities stolen.
What to do: Be suspicious of any message asking for personal or financial information. If you are unsure about a message’s authenticity, never click a link within the e-mail taking you to any Web site.
Banks or other legitimate organizations are not likely to contact you in this manner due to the security risks of sharing sensitive material online. If you think the message may be legitimate, call or contact the sender using contact information you already have, not the contact information provided in the suspicious message.
Unsolicited, commercial e-mail messages that are sent out in bulk, often to millions of users in hopes that one person may actually reply. Spam messages often involve Internet hoaxes.
Consequences: Responding to a spam message will confirm to the sender that they have reached a legitimate e-mail address and they will more than likely continue to send messages to that address.
What to do: Never respond to spam! Delete it.
3. Social Engineering
This refers to a direct communication, either in person, by phone, SMS or over the Internet, designed to trick you into providing your personal information. These messages usually ask you to “update” or “confirm” information by typing in a reply or clicking on a link.
Consequences: Users often have their money and/or identities stolen.
What to do: Never respond to such calls/emails. If you think the call/message may be legitimate, call or contact the sender using contact information you already have, not the contact information provided by the caller or in the message.
4. Malicious Attachments
This refers to document, a picture, a video clip, program or any other kind of file that is attached and sent with an e-mail or instant message.
Consequences: Malicious programs, viruses or spyware are commonly spread through attachments.
What to do: Never open or download e-mail attachment from an unknown source or one that you are not expecting. Be cautious of attachments ending in .exe, .com, .scr, .bat or .pif. Simply delete a suspect attachment or message.
5. Malicious Downloads
Downloading refer to transfer of documents, software programs, photo, music or movie files from servers.
Consequences: Malicious downloads mask Malicious programs, viruses or spyware with it and infects system after download.
What to do: Make sure you only download material from a legal, well-known source.
- Measuring SOC effectiveness – An Integrated SOC
- Organizations need to get ready with Digital Forensic: Part 2
- Organizations need to get ready with Digital Forensic : Part 1
- Digital Incidents Paradigm: Beyond Conventional Cyber Crimes
- Digital India – Early Adoption of Cyber Security Framework is Necessary