This informal CPD article ‘Raising Awareness: 3 Common Digital Dangers’ was provided by Aaron’s Department, who offer in house IT, administration and software solutions to businesses.
The number of jobs that involve working with technology is constantly going up, and with over 150,000 people using the internet for the first time every day (UNICEF, 2018), there are a lot of potential scammers, spoofers, and fraudsters out there! To help businesses train their staff to be more aware of the risks, it is important that knowledge is updated regularly, as the world of technology moves quickly.
Courses cover a broad range of areas, from handling sensitive data in accordance with GDPR, to detecting and avoiding scams. Cybersecurity is equally relevant in our personal lives (especially compared to data handling), so in this article, we'll cover some of the risks we all face every time we log on, and the costs of being caught out!
Phishing
Phishing is a term that encompasses a variety of techniques, with the end goal being to get hold of sensitive information such as passwords, or to get the victim to install malware. These can then be used maliciously by the attacker (as opposed to attacks that involve hacking or dedicated malicious software). Phishing can be done through 3 main channels - texts, voice calls, and emails. Often, phishing attacks will be “spoofed” to appear as if a reputable party sent them.
Spoofing
Spoofing is when a malicious 3rd party disguises itself as a trusted source, in the hopes that the victim will interact with them. This can be done through a variety of channels. For example, attackers can construct a fake website that resembles a real, trusted site. The attacker will have access to any usernames, passwords, etc. that were entered on the fake website.
Emails can also be spoofed, a technique often used for phishing scams. Here, the attacker sends a convincing email under the name of a trusted sender, with a link or request for information. Attackers will try to send this from a convincing email account. For example, if your boss's email address is simon@company.com, the malicious email might come from simon@companny.com (can you spot the mistake?), or perhaps the email address will be ergsvewfg@internet.ru, but the email's display name might show as Simon, obscuring the obviously dodgy email address.
Another common use is phone spoofing. The attacker calls the victim posing as their bank, colleague, family member, etc. and tries to extract information or money from them. This would be categorised as a plain old phone scam, but a technique they often use means that many of these calls fall within the definition of ‘spoofing’. The name or number that shows up on your mobile screen when called? Attackers can change this to be whatever they want. It might say ‘Dad’, or it might be your bank's phone number, as printed on your statement. If in any doubt, hang up and call whoever they are purporting to be yourself. Phone impersonation scams (many of which rely on number spoofing) cost Brits £53 million in 2019. (Which? 2019)
IoT Attacks
IoT stands for “Internet of Things”, a term used to describe how all sorts of appliances these days are connected to the internet. Any device with an internet connection can be hacked. This includes your washing machine, security camera, smart doorbell, central heating, smart lightbulbs, and more. These products (particularly cheap ones purchased online) are often incredibly vulnerable to attackers, since there's no guarantee that the sellers have put any effort into securing the devices. Many cheap cameras, for example, all have the same unchangeable ‘ADMIN'-style password to gain access. Attackers can use these devices as a backdoor to get up to no good with any other appliances they share a Wi-Fi connection with.
Those are just 3 common threats, but there are many more out there. It's more important than ever to stay savvy and know what to do if you suspect something's awry, so make sure you, and your business/employer has procedures and training in place to reduce the threat!
We hope this article was helpful. For more information from Aaron’s Department, please visit their CPD Member Directory page. Alternatively, you can go to the CPD Industry Hubs for more articles, courses and events relevant to your Continuing Professional Development requirements.
References:
1. https://www.unicef.org/eca/press-releases/more-175000-children-go-online-first-time-every-day-tapping-great-opportunities
2.
https://www.which.co.uk/news/article/whos-really-calling-you-an-investigation-into-the-worrying-rise-of-number-spoofing-ahAUF6c5C3UP
3. https://www.iotsworldcongress.com/5-infamous-iot-hacks-and-vulnerabilities/
