Cyber Attacks: how does it work and how to protect yourself?
Written by Daniel Santos — Director of Engineering
The amount of hackers has grown a lot in recent years and, especially after the pandemic, they are becoming more and more common. According to Zscaler, just in the first weeks of March, there was a 20% increase in scams compared to February, most of them using terms related to COVID-19.
This shows that the new Coronavirus is not only creating a threat to health systems around the world, but also to the computers and devices of many users.
In addition to intrusions into systems, false messages are disseminated via emails, SMS or Whatsapp trying to attract through promotions, discounts, offers or prizes. Now enter this sum malicious people who are using a recurring subject and an Importance without precedents, to apply.
Unfortunately this happens and will continue to happen, one question that remains for us is: what can we do to avoid these virtual scams? Since in Brazil alone there were more than 1.6 billion of a total of 9.7 billion in America Latina, indicated by data collected by Fortinet.
Among the forms of attack, phishing — a scam that uses technological mechanisms, usually included in messages — can be considered a more effective way for a criminal to gain access to a company. This since the objective is to deceive by email the recipient, making him believe that the message is something he wants or needs, such as a link to access or a file to download. The hacker spends his time researching in depth employees and the company he will be targeting — the more information on hand, the greater the chances of success.
There are two forms of this type of scam. The first is mass or broadcast, in which everyone is likely to be targeted by an attacker, as they are more generic and the focus is on getting the most kill. Flashy promotions are popular, opportunities such as unlimited credit card or annuity, some dream job opportunity, or other ways, but all based on instigating curiosity.
The second is the targeted attack, in which the target is usually some specific employee or department. In this case, the subject described in the material, whether by email, SMS or by voice, has as its main objective to attract and reach its target. Therefore the contents are usually relevant to the area in which information is sought.
We can cite as an example the attack on a company’s finance department. If a criminal wants to apply a scam in the area or an employee of the sector, the approach can come through a malware exploit in the form of a billet or request for a license renewal, in which the fake page may ask for data confirmation.
While hackers keep coming up with new techniques, there are some things you can do to protect and protect your business, such as: don’t click on questionable links; When receiving emails with promotions, go straight to the store’s website and its veracity; Don’t download unknown attachments; Never reply to emails that seem suspicious to you, when in doubt, contact the sender and confirm that the message is really his.
Also, always report to your company’s security and/or operations department about an email that you consider suspicious.
You can’t be too careful. The human being is the weakest link in information security and it is necessary to be very careful with any type of communication coming from websites, chat groups and social networks. The golden tip I always give is: always be suspicious of everything!
Daniel Oliveira Santos is Engineering Director at Sinch, and has 15 years of experience in the VAS and Messaging market. He holds a postgraduate degree with a specialization in Software Engineering, a Specialization in Project Management from Unicamp University and a Participant in the Leadership Program at Harvard Business School.
