Equitable Bank and Cyber Security
Learning to identify a cybersecurity attack is one of the most important things you can do for your digital wellbeing.
Three of the most common types of attacks:
1. Social engineered Trojan
Socially engineered Trojans may be the most common type of attack. A user will visit a trusted website and is then prompted to run a Trojan. A message will appear telling the user that they may have a virus, or are running out of disk space or other fictitious problem with the computer, the user is told they should install software or run a scan to help solve the issue. Once the end user agrees to install, and clicks past any warnings that may appear the damage has been done.
Trojans are responsible for hundreds of millions of successful hacks each year.
What can you do?
Education – The best defense in this type of attack is education and diligence. Stay informed on the newest threats and be mindful of pop-up messages, don’t agree to download anything without confirmation of an actual problem. In addition you may consider purchasing and install an antimalware program.
2. Suspicious Email and Phishing
Phishing – It is estimated that nearly 70% of email is spam. Email is a normal part of every day, Hackers use phishing as a means to get personal information or they may embed a link that if click on can actually infect the PC with a virus.
What can you do?
Education – Again you are your best defense, here are some things to remember
- Do not trust an email just because it appears to be from a trusted source –it could be a hacker spoofing a well-known company.
- Be cautious of ANY emails requesting you to click an embedded link. Hyperlinks in emails can be masked and by clicking the link can actually infect the PC with viruses, malware, etc. Do not open an attachment from a source that can’t be validated.
3. Unpatched Software
Unpatched software – We all have our favorite software, from time to time it is necessary to upgrade or Patch this software because a weakness has be discovered. Software such as Java or Adobe are very common and these companies are constantly releasing patches. If a hacker can determine that you are running an unpatched version they may be able to exploit its weakness.
What can you do?
Patch – Check to see if you are running the most updated version, if not visit your software website and download the patch.
In every aspect of education there is vocabulary, here are some Key Terms you should know:
Virus: A Piece of software that can replicate itself and infect a computer
Spam, Spim, Spit: Spam is electronic junk mail. Spim is spam sent through instant messaging systems. VoIP spam or SPIT (Spam over Internet Telephony) are bulk unsolicited, automatically dialed, pre-recorded phone calls using the Voice over Internet Protocol
Pharming, Phishing, & Spoofing: Pharming occurs when a hacker redirects a website’s user traffic to a different, fake site. Phishing occurs when a bogus page appears in place of a legitimate website. Spoofing is a cyberattack in which a program or person impersonates another.
Whaling: Whaling attacks are a sub-type of phishing attacks. Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.” Think of it like spear phishing against high-value, high-profile targets.
Spear Phishing: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source…
Voice Phishing – call or email asks you to call a number & reveal account information.
Spyware: Software that is secretly installed on a computer without the user’s consent. Spyware software sends information to its creators about a user’s activities – typically passwords, credit card numbers and other information that can be sold on the black market.
Denial-Of Service Attack (DoS): A method to make computer resources (i.e., a web server or a website) inaccessible to users. The most common DoS attack is flooding the target machine with external communications requests, which makes the machine unable to respond to legitimate user requests and traffic.
Scareware: scam software with malicious payloads, usually of limited or no benefit that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or perceived threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.
Ransomeware: is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive and others may simply lock the system and display messages intended to coax the user into paying.
Additional ways to remain Safe online
1. Creating a Strong Password
Length. Make your passwords long with 8 or more characters.
Complexity. Include upper and lowercase letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing “and” to “&” or “to” to “2.“
Variation. To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
Variety. Don’t use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.
2. Public computers
Avoid using public computers to process you confidential business.
3. Protect your Identifying Information
Use caution when providing your credit card number or other identifying information. Check consumer advocacy resources before giving out your credit card number to anyone, just to be sure that your trust is justified
4. Establish Guidelines for Computer Use
If there are multiple people using your computer, especially children, make sure they understand how to use the computer and internet safely. Setting boundaries and guidelines will help to protect your data
5. Avoid using your primary email for online submissions
Do not use your primary email address in online submissions – Submitting your email address could result in spam. If you do not want your primary email account flooded with unwanted messages, consider opening an additional email account for use.