PHISHING – the employee vulnerabilities
Phishing is a type of cybercrime in which employees of an organization are contacted by email, telephone, or text message by an attacker posing as a trustworthy entity to obtain sensitive information or data, such as login credentials, app updates, or other personally identifiable information. It relies exclusively on social engineering.
SOME COMMON EMPLOYEE VULNERABILITIESCYBER CRIMINALS' EXPLOITS IN A PHISHING ATTACK
•Sense of urgency
This involves victims being bombarded with false alarms and fictitious threats and suggesting that an offer or opportunity is limited.
•Induce fear
Employees are deceived to think their system is infected with malware, prompting them to install software that has no real benefit.
•Familiarity and liking
convincing employees to perform certain actions by earning their trust or faking attraction to the employee, especially on social media platforms and sending friendly mail.
•Exploit natural curiosity
A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack
5 TIPS TO PREVENT PHISHING ATTACKS DUE TO EMPLOYEE VULNERABILITIES
- Don’t save your login information when using a web browser
- Keep your apps updated, this will ensure they have the latest security. If they’re no longer supported by the app store, just delete them.
- Don’t give personal information to an unsecured site. If the URL starts with http://,as opposed to https://, don’t enter any sensitive information or download files.
- Change passwords regularly. Rotating passwords at regular intervals will prevent phishing attackers from gaining access and prevent other types of cyber crime. Always use strong passwords.
- Don’t click on pop-ups. Pop-ups are often linked to malware. Most browsers allow you to install free ad-blocker software that will automatically block malicious pop-ups.