This is something I say to people when I’m giving talks about cybersecurity. For an infiltration to occur, it only takes one user to click a bad link or download a bad file, and the entire system could be compromised. As much as I hate freaking people out like this, it’s entirely true. Cybercriminals have become so sophisticated in their attacks that even if they have been able to compromise the simplest connection, they can still take down an entire system. It is crucial to understand the threats that exist and how individuals using them attempt to deceive you into disclosing your information. I thought it might be a good idea to review the three main ways that you, as a standard user, could be and likely are being attacked.
1) Phishing – Phishing has been, and remains, the most prevalent method for attempting to gain unauthorized access to your systems for several years. For those of you who aren’t sure what a Phishing email is, this is an email that you receive supposedly from a trusted sender (be it a store or a friend) when it is in fact not at all. These emails will try to shock you, either by threatening you or enticing you to click a link that appears to be helpful, but in reality, this link gives the attacker access to your system. I will take a deeper dive into what you should be keeping an eye out for in your email, but if you receive an unexpected email from a store, it’s possible it could be a phishing attempt.
2) SMSishing – SMS Phishing is also on the rise. This is similar to email Phishing, but through text messaging. I receive SMS phishing texts nearly every day now. Some are sophisticated, some are not. On the sophisticated side, I have recieved texts offering me a job opportunity, sales at stores with interesting sales pitches, and even a couple of texts from the Canadian Revene Agency threatening me with Jail time if I “Continue to refuse to pay my taxes (LEGAL MOMENT: for those in the CRA reading this I DO IN FACT pay my taxes and on time……Just saying is all….). Some of the less sophisticated texts I get are things like the Canadian Government offering to pay me a million dollars (The Government didn’t actually make this offer…), and one store offering to give me free product for life if I clicked a link to fill out their survey (NOPE!). These offers are not genuine and are often used by attackers to gain unauthorized access to your system.
3) Vishing – Vishing is less common but no less dangerous. I have had autodialers (for you youngsters, that’s a machine which automatically calls every phone number and plays a pre-recorded message) call me and threaten all sorts of things that were not true. For those who are aware of these threats, it may not be a big deal and could even be somewhat laughable, but for those who are not “in the know,” this is a much bigger threat. I had a former colleague of mine tell me that when she got her permanent residency card here in Canada, she was autodialed and heard a message “that was from Immigration Canada” saying that her card had been revoked. This was, of course, nonsense. She called the actual Immigration Services, and they confirmed that it was a Vishing call. However, if she had been tricked by these people trying to extort her, she could have eventually had to pay individuals who had nothing to do with the Canadian Government, fearing she would lose her Permanent residency status.
I bring you these stories not to make you afraid, but to ensure that you are aware of the threats out there. It’s essential to be aware of the threats and know what to look for, because knowledge is power. Being aware of the threats is the first step in avoiding potential disasters. The second step, of course, is knowing what to look for, and I will cover that later this month.
October is Cybersecurity Month, and as such, I like to take the time to review the current state of cybersecurity, what you as a user can do to avoid getting caught, and discuss a product that can help you stay secure.
What do you do to stay safe?
Let me know in the comments section below. If you like this blog post and want to see more, you can follow me on Social Media (LinkedIn, Instagram, and Facebook @jasonlovefiles) or Subscribe to my blog to get new content delivered directly to your mailbox.