Site icon IT World Canada

Cyber Security Today: Oct. 12, 2018 — What do you know about cyber security, and a sophisticated phishing attack

Cyber Security Today - podcast feature

What do you know about cyber security, a new sophisticated phishing attack and more security updates available.

Welcome to Cyber Security Today. It’s Friday October 12th. To hear the podcast click on the arrow below:

As part of Cyber Security Awareness Month, RBC Bank surveyed 2,000 Canadians on their understanding of how to be secure. Many of you would fail if the survey is accurate. While 77 per cent of those questioned believe they are knowledgeable about cyber security, only 16 per cent could identify the majority of six cyber terms correctly. Nearly two-thirds could not identify the term “phishing”, which is an email designed to trick a person into clicking a link or opening an attachment in order to steal information or install malicious software. Similarly, two-thirds couldn’t identify the term “pharming,” the fraudulent practice of directing you to a bogus website that looks like a real one.

OK, knowing the slang name of a con may not be important, but knowing the signs of fraud is. Here are tips from the bank:

Speaking of phishing, Trend Micro issued a warning this week about a sophisticated two-step campaign it’s seen in Canada: After hijacking an email account, the attacker looks for a conversation between the victim and another person. Then the attacker sends an email looking like it came from the second person with a malicious link as part of that message stream. In other words, the email with the malicious link doesn’t come out of the blue. Rather, it looks like its coming from the person in the message thread. That way the victim may be more likely to click on the link. This is why it’s so important to do everything slowly when you’re online, including reading every email, text message and social media post you get carefully.

Watch for little things like spelling mistakes, differences in the signatures, differences in email addresses. Why should one email from your friend or cousin come from “oxnard.com” and another a few minutes later from “ladyfinger.org?” In the Canadian attack, one message mixed French and English. Attackers are also getting smarter. It used to be a suspicious attachment file name was a garbled mix of letters or nonsense name like “ladyfinger.doc”. That’s a giveaway. But in this campaign the attachment file name may include your company’s name, to look authentic. Don’t be fooled.

Finally, this week Microsoft issued its monthly patches for Windows. Make sure you’ve got the latest updates. And, if you use What’sApp on a smartphone, make sure it’s the latest version. A vulnerability in older versions of the app could be used by an attacker to hijack the app by getting the user to answer a video call. This bug has been fixed in the latest Android and iOS versions.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.

Exit mobile version