Strengthening the Weakest Link in Cybersecurity







In 2010 the Iranian Nuclear Plant computer network which was not connected to any external network including the internet was infected by a virus not by the breach of security systems but via the human element. In August alone of 2022 there were 112 publicly disclosed hacks reported all linked to social engineering as the main cause of the hacks being successful. September 15, 2022 Uber had an organizational cybersecurity breach as a result of social engineering, this led to gaining access to Uber's internal network. In a chat the hacker confirmed that he gained access to Uber's intranet using social engineering. What Do We Know About Email Security? A recent series of simulated phishing emails were sent to employees within an organization and the results revealed that email security is largely based on the behaviour of the user. How a user interacts with emails determine if information hackers can use is divulge or a maliscious link is clicked. Email security is always a hot topic, and for good reason. With more and more businesses relying on email to communicate with customers, partners, and employees, it’s critical that this channel is secure. Unfortunately, email is also one of the most common vectors for attacks, with malware and phishing attacks frequently delivered via email. So, what do we know about email security? First, it’s important to understand the basics of how email works. Email is a store-and-forward system, which means that messages are stored on servers until the recipient retrieves them. This makes email an attractive target for attackers, who can potentially access large numbers of messages if they compromise a server. There are a number of ways to secure email, including transport layer security (TLS) and S/MIME. TLS is a protocol that encrypts email messages in transit, making it more difficult for attackers to intercept and read them. What exactly is Social Engineering? Social engineering is the art of manipulating people into performing actions or divulging confidential information. It is a type of confidence trick for the purpose of information gathering, fraud, or system access. Social engineers exploit human weaknesses to gain access to buildings, systems, or data. They usually target employees with access to valuable information, such as system administrators or those in customer service or the accounts department. Social engineering attacks can be very difficult to detect. They often rely on human interaction and involve tricking people into breaking normal security procedures. For example, an attacker may pose as a customer service representative and trick an employee into resetting a password or revealing sensitive information. Social engineering is a serious threat to businesses and individuals. Be aware of the signs of a social engineering attack and never give out personal or confidential information to someone you don’t know.





Phishing

If you've ever been the victim of a phishing attack, you know how frustrating and upsetting it can be. Phishing is a type of online fraud that involves tricking someone into giving up sensitive information, such as their login credentials or credit card number. It's important to be aware of phishing attempts, so that you can protect yourself and your information. Here are some tips to help you spot a phishing email: • The sender's email address may look legitimate, but if you hover over it or click the reply button without sending the email, you'll see that it's actually a fake.

• The subject line may be something urgent or exciting, such as "Your account has been suspended!" or "You've won a free vacation!"

• The email may contain typos or other grammatical errors.

• The email may contain a generic greeting, such as "Dear valued customer."

• The email may try to trick you into clicking on a link by saying that you need to.


Types of Phishing emails

There are 7 types of phishing emails :

• Email Phishing

• Spear Phishing

• Smishing

• Google Search

• Social Media

• Qr Code

• Vishing


What is Wire Fraud?

Wire Fraud emails aim at tricking the victim into wiring money to an attacker's bank account. Most people have heard of wire fraud, but many don’t know exactly what it is. Wire fraud is a type of fraud that involves the use of electronic communications to commit a crime. This can include email, text messages, and even social media. Wire fraud is a serious issue, and it’s on the rise. In 2021, there were more than 847,376 reported cases of wire fraud received by the FBI, with losses totaling more than $6.9 billion. That’s a lot of money!

Wire fraud is common accomplished through phishing. Another way wire fraud can happen is called business email compromise (BEC). This is when someone uses email to trick a business or organization.


How to Recognize Fake Emails

• Legitimate companies do not send emails requesting sensitive information

• Do not trust the email address you see in your email even when it resembles one you know. If it look suspicious do not open it. Contact the person through another means of communication or create a new email to confirm if they sent the email you are unsure about.

• Hover over links to see if the address is the same as what you are seeing.

• Most phishing emails have bad grammer and spelling errors

• Most phishing emails use generic greetings, urgent language or generic closing

• Do not click attachments if you are unsure

• Review the email signature for details of the company or individual.

• Confirm if the email breaks any protocol or procedures, this could be a red flag.


How to Protect Against Phishing Emails

• If it is urgent don't let your emotions cloud your judgement

• Use another means of communicating with the person to verify if they sent you an email

• Check the address and links by hovering the mouse over them, and check for spelling errors

• Enable Multifactor Authentication

• Look at the message style

• Ask questions and nver break protocol or procedures especially when the attacker impersonating asks you to do so.