Phishing emails are commonplace. Those that are trained on spotting deceptive techniques are vigilant when checking and responding to emails. However, when using trusted platforms, we tend to let our guard down.
Cybercriminals continue to find new ways to exploit this fact. They use widely recognised and trusted websites to deploy illegitimate requests for information and even malware. These are platforms you may use on a daily basis.
If your staff fall victim to an attack, whilst using a company device, it can compromise your entire network. This article covers what to be wary of when using apps and online platforms that have legitimately earned your trust.
Ads and messages
It’s through malicious adverts and messages that cybercriminals are typically able to abuse your trust of a platform. such as social media accounts and online marketplaces.
If you receive messages from people you don’t know or see ads for from companies you’ve never heard of, beware. You should verify their legitimacy before clicking on any links. This process could ultimately prevent you or your business from getting stung.
But what about if you receive odd messages you receive from people you know? Read the ”Getting your accounts ‘hacked’ and what to do about it” section of this article.
“Oooo, what kind of [blank] am I? Let’s find out…”
They’ve become very popular, but quizzes in social media are something to be very cautious of, particularly if they take you ‘off-site’ or ask you for various permissions.
When a quiz asks for permissions and pieces of information it can give them access to all your account information. This can include messages and posts, and even lead to your account being taken over by a cybercriminal.
We’re not saying “NEVER TAKE AN ONLINE QUIZ. EVER.”, necessarily. But if a quiz asks you for personal details or permissions on your social media account, we advise to leave it well alone.
Getting your accounts ‘hacked’ and what to do about it
Chances are, everyone that uses social media knows someone who has had their account hacked, or had their own account hacked.
Not all attacks try to take complete control of an account and push the true owner out. They can also be hacked without a user knowing.
If a cybercriminal, or a program they have deployed, gains control of a friend’s account they can use the trust you have in that person to do the same to you.
If you receive a message that seems a little odd – perhaps it asks you to click a strange link – contact the person directly through other means to ask if they sent the message.
What should you do if you think you’ve been hacked? Change your password immediately, and if you use that password on any other accounts you might want to consider changing those too.
If you’ve been made aware that messages were sent out from your account, you need to make friends aware. Post a courtesy warning that your account has been hacked and steer your friends away from clicking links on any messages they’ve recently received from you.
A real phishing example on a website we all know
We were recently informed of an example of an eBay phishing scam. Having listed an item, you receive a message within eBay about your item from another legitimate eBay user account which has been compromised.
The message says “Hi someone has copied your [item type] listing and pictures? Please check and let me know if it’s yours and I’ll let eBay know….”. This is then followed by a URL which is not an eBay address. Instead, the link clicks through to a page that looks like eBay’s login page.
Despite this occurring within an app most of us trust, this should be a red flag for a phishing scam.
Luckily, the person who received the message knew better than to go ahead and log in. But the owner of the account from which the message was sent was not as knowledgeable.
They responded to the message highlighting it as a phishing scam. About half an hour later a message was received from eBay. The message states: “you have received contact from a compromised account,” and that control of the account had been returned to the true user.
The primary ‘takeaway’ from this is that we must stay vigilant at all times whenever we are on the internet. Cybercriminals are constantly seeking to abuse trust that users have in brands – as they’ve done with emails that look like they’re from eBay, your bank or HMRC.
As we stated before, if staff fall victim to an attack, whilst using a company device, it can compromise your network. As such, it’s important that they are prepared. Equip them with the knowledge to spot a potential cyberattack, even if at first glance the contact seems legitimate.
How can Microtrading help?
We know that human error is the root cause of the majority of security breaches. We also know a breach can jeopardise your company’s future.
Microtrading can enable you and your team to identify many forms of cyberattack and how to handle them.
Our Cyber Security Awareness Platform provides ‘little and often’ training that will help you to create a positive and effective security culture across your entire organisation.