Vector
Vector

Choose your topics

Blogs
What is Risk Management in Cybersecurity?

Let’s explore the essentials of risk management in the context of cybersecurity to help you understand how to identify, assess and mitigate cyber threats effectively.

Cyber Risk Management Enterprise Risk Management
Blogs
3 Best Practices for Data Privacy

With more technology comes more data, and with that a greater need for data privacy enforcement. What best practices should you be following?

Data Privacy
Blogs
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Blogs
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
Blogs
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

GRC
Blogs
The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
Blogs
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Blogs
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
Blogs
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Vector-1
Cyber Risk Management, Adversary Services

Secure Yourself Against Current Phishing & Social Engineering Attacks

Secure Yourself Against Current Phishing & Social Engineering Attacks
Written by

Anna

Published on

4 Jun 2020

Secure Yourself Against Current Phishing & Social Engineering Attacks

 

During this unique time, cyber-criminals are capitalising on the panic. Corisande, one of our cybersecurity experts gives us some top tips to stay cyber safe.

 

Phishing Attacks Increase During Emotional Events

We are currently amidst an unprecedented global event. The outbreak of the Coronavirus Virus 2019 (COVID-19) – now officially a pandemic according to the World Health Organisation (WHO). This has caused apprehension globally, ultimately resulting in lockdowns, travel bans, panic buying, and economic turmoil. As increased social distancing measures are put in place and take effect, and with most activities/events shifted online, it is therefore of paramount importance to protect personal information from Phishing & Social Engineering Attacks

 

Vulnerable People Can Lead To Vulnerabilities Being Exploited

Fear can cause even the most diligent individuals to let their guard down and fall victim to social engineering scams such as phishing.

Phishing through emails or texts is one of the most common techniques used to acquire sensitive information such as usernames and passwords. This is most often achieved by scammers impersonating widely used and trusted companies with the hope an unsuspecting user would be fooled into believing its legitimacy.

Examples of COVID-19 Phishing Attacks

Recently, scammers have been exploiting coronavirus fears by posing as health and medical organisations. The World Health Organisation (WHO) and the National Health Service (NHS) have both been impersonated through emails that ask people to click fake links to important coronavirus information. These links can download malicious software or direct people to false sites that harvest important data that is later used for fraudulent activity.

“Other topics of phishing emails range from new home working policies sent from ‘HR’ to calendar invites for conference calls.”

 

Social Engineering COVID-19 Case Studies

In addition to phishing emails, social engineering scams targeting people through online websites and communications are also on the rise. These include fake charities seeking coronavirus-related donations, as well as so-called “romance scams”, where criminals build a relationship with their victims online, then ask for money to be transferred due to unfortunate circumstances — being quarantined due to coronavirus, for example.

In a particularly sinister move, cybercriminals have been incorporating a legitimate interactive dashboard detailing global Coronavirus infections and deaths into malicious web sites geared towards distributing password-stealing malware.

Expert Cybersecurity Tips For Staying Safe

In light of these new, more targeted scams, it is important to understand that the security awareness of individuals is at the forefront of tackling these types of attacks.

Some quick tips to have in mind are as follows:

  • Take a moment to really read the content of the email. Check the sender, the grammar and the message. Ask yourself whether you expected the message in the first place.
  • Avoid opening attachments within emails from senders you do not recognise. These attachments could contain malicious content, such as ransomware, that can infect your device and steal your information.
  • If you are unsure, don’t click links within emails. Hover over them before clicking on them to see where they direct you. A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly as you expect. If in doubt, visit websites by inputting the URL yourself. Business use encryption, Secure Socket Layer (SSL). Certificate “errors” can be a warning sign that something is not right with the website.
  • Be wary of emails or phone calls requesting account information or requesting you to verify your account. Think about what they are asking for and whether it is something you expect to give.

To Summarise

Ultimately its key to use common sense and be on your guard. Just as you are in the physical world with your handwashing, social isolation and two-metre distance from others, its also key to think before you act online.

Stay safe.

Any questions or concerns, please email services@surecloud.com and we will do our best to assist you.

Want to carry on your education? Check out our Q&A with our Principal Cybersecurity Consultant as he discusses COVID-19 risks, including the exposure consumer-grade video conferencing could bring.

About Corisande

Corisande Evans, one of SureCloud’s Cybersecurity consultants, delivers a variety of pen-testing and cybersecurity-related engagements. Corisande has a background in Forensics and Open Source Intelligence Investigations as well as Red Teaming and both physical and technical Social Engineering.

Corisande is passionate about security, especially about security awareness. She has delivered training sessions to a range of different skill and seniority levels to ensure that the first line of defence, ‘The Human at the Keyboard’ has the best chance to fight against opportunistic attackers. Cori is a proud member of the Security Senoritas.

Discover SureCloud’s new Cyber Resilience Assessment Solution here.