IMPORTANCE OF CYBER-SECURITY IN YOUR DAILY LIFE by Ahmed Fawzan

Author:Ahmed, Fawzan [Ahmed, Fawzan]
Language: eng
Format: epub
Published: 2020-03-30T16:00:00+00:00

So these facts indicate the strong desire of the criminal to persist in these email phishing scams as potentially there is money to be made. It requires very little technical expertise to undertake this email phishing scams as primarily it relies on social engineering techniques to lure users into clicking or downloading attachments. Once the users visit fake websites, they are asked to enter their login credentials or download attachments such as Key loggers which as the name suggests log every word typed on the device and then the data is transferred to the attacker.

Like most criminals, the primary aim is to make financial gain. In order to do this, the criminals have identified email phishing to be a lucrative trade. Data which can be extracted is valuable to many different types of criminal networks as well as commercial agencies such as those operating in marketing, advertising companies. So this data can be traded at different levels, and financial profits can be made very quickly. Login credentials for online services, email accounts, bank accounts, telephone services are all useful to undertake criminal activity.

The criminal understands the psychology of the user and capitalizes on this knowing that a user will reply to an urgent email, email from a work colleague, email from senior management, email from the network admin department and so on. This will cause the user to release personal info such as login credentials or other details which the criminal can utilize to gain access to a network within the organization. Connecting to public Wi-Fi networks poses a risk for users from hackers; one should always connect through Virtual Private Networks (VPN).

The most common attack is on the medium to large sized organizations which have multiple departments and usually conduct business with foreign suppliers and make regular bank transfers. This is normally referred to as Business Economic Compromise (BEC) fraud; there are many variations of this, different scenarios although in principle it is the act of deception. The different scenarios are as follows:

Fake invoice email sent to the accounts department with urgent request to process wire transfer, this invoice contains the attacker’s bank details in a foreign country.

Hacked Email account : When the account of a financial or executive employee has been compromised due to either brute force or previous phishing attempt. Then with access to this email account, the attacker sends invoices to vendors demanding payment which are transferred into his new bank account.

Impersonation of an attorney and fake email is sent demanding immediate payment of services rendered to the company. This requires background intelligence of the company’s relationship with the Attorney and previous communication reports.

Data theft is committed by using impersonation or other means and requesting a specific employee to hand over Tax records or Insurance records. This data is then used to commit identity fraud by availing online services such as telecoms or apply for loans. With personal information on a file, the attacker can commit many types of fraud.

CEO fraud , in this scenario the

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.