Network Security

 Network Security

    In the world of exponentially growing dependance on technology, the need for internet security is crucial, not only keeping up with hackers, and other digital criminals, but also educating the common computer user to recognize marketing and phishing scams which many fall victim to every day.

    Of course, hacking, and digital espionage is a major concern in today's corporate and political environment, but one of the greatest threats to us is general education to us (the public).  There countless phishing scams out there that cost a scammer virtually nothing to perform to steal thousands of dollars from one in 100,000 people it's worth it (Frank Vahid, 2019), and the bad news is they're not going away.  There are many types of scams but two what you may want to keep an eye out for which are phishing for anyone using a computer or phone, and social engineering for those especially in the work environment.

Phishing

    Phishing is a tactic that even when being done legally by a company to promote their business is seen by many to be unethical, but as we all know, it is often used in a criminal way by sending emails to entice an user to click a link which will trick the user into giving up personal information or to install malicious malware to steal passwords, credit card and bank information, and even your identity.  As we all know the old addage, "if it's too good to be true, it probably is," if we think of it in this way phishing is easy to spot right?  However, phishing is often very clever, because scammers can get a hold of information of people or businesses you know and send emails with seemingly familiar information with only slight variances that would lead you to trust what is attached to the message encouraging you to open it.  

Here are some key things to look out for to protect yourself from phishing scams:

-           You may recognize the sender, but the tone of speech is not quite right.

o   Facebook recently with posts that read “look who died” with a link attached.

-            If you weren’t expecting a document or attachment from someone, even a colleague, be sure to verify that they sent it and do not open anything until you have.

-           You may see slight variances in the email address or web link.

o    Instead of JCPenney.com you may only have one n JCPeney, or the end of your standard company email ends with JCPenney.com it may be from someone@JCP.com.

o   Misspellings or poor language can be a common clue in recognizing phishing attempts.

§  Look for mistakes in spelling and grammar as many cyber criminals may be from a different country where English is likely not their first language.

§  A professional company would generally not send a professional email with poor grammar, especially a large corporation would have a very buttoned up and professional message.

Social Engineering

    Social engineering is another form of security threat that is often difficult to detect, whereas this sort of threat is executed in person or over the phone by those who are well practiced in the art and very personable people and may be very good actors who prey on those who may be very gullible to charm or afraid to lose their jobs and will react negatively to name drops and other threats of going above their heads to get what they want.  To a social engineer any information will do as they are often looking for small pieces to a puzzle that they can put together or even just sell small bits of information to those with bad intentions.  Social engineers may also be looking for small bits of company information as a consumer to put themselves at an advantage as a customer to try and stick it to the company for their own personal gain or discount, we see this quite often with car dealers in the automotive industry, where anything they can stick to the seller they will, and sleep like a baby at night.                                                                             

 Here are some tips to handle social engineering in a professional environment:

-           An employee should always use discretion when they are deciding what information they are divulging 

-            Immediately and calmly approach a superior to handle the situation better to protect themselves and their jobs.

-           Contact security (if it is an available option) to decrease the chances of confrontation being held without escalation.

-           Notify a superior if they suspect that information may have unintentionally been divulged to the offender.