Global Cyber Incident Highlights Cyber Security Vigilance
The recent global cyber incident affecting Crowdstrike should be used as an important reminder to consider your cyber security. Since the outage, cybercriminals are allegedly sending fake messages with files that claim to clear out the data that enabled the outages, opening opportunities to infiltrate computer systems and putting information at risk.
So how do we prevent this sort of breach?
Unfortunately, there is no full proof, one-step solution to completely eliminate the risk of hacking. However there are steps you can take to boost cyber security such as:
(i) implementing antivirus protection;
(ii) securing virtual private networks (VPN’s); and
(iii) use of multi-factor authentication
which provide some baseline protection against lower-level attacks and should certainly be implemented where feasible. However the value in cyber security awareness cannot be underestimated.
When it comes to cyber security awareness, it’s difficult to be on the lookout without knowing what exactly you are on the lookout for. Hackers are getting very sneaky and have methods of infiltrating computer systems without being immediately detected. For example, once in, hackers will often sit and watch emails for an average of between 180 and 280 days to observe an individual’s style of language and who they deal with before taking any action so they can more accurately impersonate the individual and remain undetected for longer. With this in mind, some common red flags to be conscious of include:
- Suspicious attachments or links
One of the most common ways of infiltrating a person’s computer system or emails is by having the target open a link or email attachment. Receiving an attachment or link lacking context should be a red flag that the email may be a scam. If uncertain, always try to touch base with the sender’s organisation (using independently obtained contact details) to confirm it was from them and is safe to open.
- Requisition of sensitive information unexpectedly
It is rare that an organisation will ever request sensitive information via email and even more so if it is without a prior conversation. As a general rule, never provide credit card information, passwords or other private information via email.
- Emails that create a sense of urgency
Scammers take advantage of situations which cause communal panic and will rely on people being rushed and/or panicked and as a result, less vigilant of the warning signs. Be sure that even when rushing, you are reading the details of each email carefully.
- Poorly written emails
Many scam emails are not well-written. Keep a look out not only for simple typos, but also emails that are grammatically incoherent or read as though they could be copy and pasted from a template, with your details inserted where relevant.
5. The sender’s email address, not just their display name
Scammers often choose their display name to mirror a known party of the hacking victim and may set up a similar but not identical email address. Check actual email addresses, don’t rely on display name only. Also watch out for “.co” instead of “.com” or more hidden differences such as a capital I instead of a lower-case L or two v’s together (“vv”) instead of “w” in an email address.
Keeping the above points in mind when reviewing suspicious emails can make a hacker’s job much harder and significantly reduce your risk of falling victim of a scam. In saying this, ultimately we must ‘proceed with caution’ and be ready to face new, unexpected threats as the risks to our cybersecurity are ever-growing.
To keep up to date with current cyber security threats visit the Australian Cyber Security Centre and take the time to refresh your education and cyber alertness yourself on a regular basis.