How do Cybercriminals Attack Us

Fake calls and messages claiming to be someone or an organisation that you may know. These messages/calls can appear to be very official and convincing. These calls and messages can take the form of:

  • Fake emails and/or SMS text messages from known companies and government authorities which can look very convincing. They usually have a time limitation to attempt to stress you into performing the actions they want from clicking on a link, reply with confidential information or calling/texting a specific phone number

  • Scam video / phone calls from known companies and individuals, government bodies want you to do something, usually with a time limitation to attempt to stress you into performing the actions they want.

  • Fake Social Media messages (Facebook, Twitter, Instagram, Whatsapp. Youtube , Tiktok, Reddit etc.) from known companies and government authorities which can look very convincing. They usually have a time limitation to attempt to stress you into performing the actions they want from clicking on a link, reply with confidential information or calling/texting a specific phone number

How to spot a Phishing / Scam email or message

  • Phishing emails and messages tend to work on your emotions, so try to think first about what the email/message is asking for before instantly acting on what the sender want.

  • Claims of winning prizes/ grant emails ​

  • Threats – asking for immediate/urgent action​

  • Spoofing – look like legitimate websites/companies, but send you to phony websites / legitimate popup windows​

  • Bad Spelling / Bad Grammar​

  • Altered Web Addresses – wrongly spelled versions of legitimate websites​

  • Incorrect salutation of your name​

  • Mismatches​ in link text or the URL / Website Address is different

  • Sender’s name, signature, and URL are different.​

How to spot a Phishing / Scam Call

  • Robocalls​ - voice sounds automated or robotic like

  • Foreign Languages​

  • Offering Tech Support / Security Service​ ie we have spotted odd malware/virus, internet activity.

Do some Phishing / Scam Training

Do some online phishing quizzes so you can train yourself to spot phishing / scam attempts

Phishing / Scams

Malware, also known as malicious software are Bad software/apps that can:

  • Gain access to your computer systems, networks

  • Steal documents, data, files

  • Hijack your network to be used to access to other targets

Ransomware is a particular class of malware that prevents your files being unusable until you agree to pay a fee/ransom to the Cybercriminal.

How can I protect against malware / ransomware attacks and damage?

  • Do not open attachments or files from suspicious sources

  • Do not click on any hyperlinks in emails and messages that are suspicious

  • Keep all your software and operating system up to date.

  • Install and maintain up to date antivirus / security software and services.

  • Have a good backup strategy in place.

Malware / Ransomware

Like the recent Optus incident, where a Cybercriminal managed to break in (“hack”) and stole data (“data spill”) of a known organisation or government authority which you may contain your confidential information.

How can I protect against hacking attacks and damage?

  • Keep all your software and operating system up to date.

  • Install and maintain up to date antivirus / security software and services.

  • Have a good backup strategy in place.

Hacking / Data spill

Where a current or former employee, contractor or associate of a organisation steals, destroys and/or sabotages systems of that organisation, which could include your confidential data.

Further impacts could include:

  • Public or industry reputation damage

  • Prevent your organisation from functioning properly

  • Lose trade secrets or intellectual property

  • Destruction of the organisation

How do I prevent malicious insider threats?

This is dependent on what systems, culture, policies and procedures are in place. Staff teamwork, training and communication also help.

Other measures can be developed to detect and prevent this type of behaviour or any damage resulting from this act.

What can be done after a malicious insider act?

Any illegal acts should be reported to police

Reovery will depends on the type of damage done. A good backup system will be essential to have in place beforehand.

Stolen Data will depend on what systems and procedures are in place.

Malicious Insiders

Where the Cybercriminal takes over part or all of remote access to a website or websites in order to conduct more Cyber crimes

Web Shell Malware / Hijacked Websites

Also known as “DoS” or “DDoS” - where attempts are made to prevent access to a website / online service by overwhelming it with bad internet traffic.

Denial of Service

Also known as Cryptocurrency mining, where Cybercriminals take over the use of computer systems and networks and use them for the solution and verification of complex mathematical problems in order to receive the reward of bitcoin and other cryptocurrencies

Cryptomining

More Info

Unfortunately, Cybersecurity is like a game the ratcatcher and the rat.

As we get better at Cybersecurity and also new and better technologies are developed, the Cybercriminals will find new ways to attack you, your family, your work etc.

Watch this space and subscribe to the Citisystems Newsletter for up to date information regarding Cybersecurity

How do Cybercriminals Attack Us