Written by Pedro Tarrinho, Application Security Specialist at Celfocus
With the presence of digital in our daily lives, which tends to grow and take up more and more space in our lives, it is important to take stock of the protection of digital information, as well as the devices and resources of companies and, of course, people. For this reason, it seems pertinent to me to offer a few recommendations and some awareness on cybersecurity and social engineering attacks that, basically, refer to people manipulation actions to disclose information or perform actions that compromise systems.
One of these attacks, and one of the best-known techniques, is phishing, which is based on sending emails that look similar, or even the same, as those from companies such as Apple, Microsoft or UPS but point to fraudulent websites. Note that although we have been witnessing a growth of this type of attack until 2020, this figure, although high, stagnated recently. On the other hand, we can see that criminals have started to bet on two different techniques: smishing and vishing.
Regarding the first, although it is not easy to use the SIM cloning technique in Portugal, sometimes we come across SMS messages with fraudulent links that arrive as messages from the bank or a hypermarket and that “fall” in the middle of real, previously received messages, deceiving those services’ clients.
As far as vishing is concerned, it refers to attacks made via phone calls, which are increasingly frequent and have even happened to several of my colleagues. In these cases, it is very common for someone to pose as Microsoft support, for example, stating that they have detected an illegal licence and that, for this problem to be corrected, it is necessary to install remote software for analysis or simply run software that will solve the problem. From the moment the attackers install whatever this software might be on the user’s device, they immediately have remote access to it.
Given the attacks mentioned above, it is increasingly pertinent to consider the importance of cybersecurity and adopt techniques and behaviours that ensure the maximum level of protection in these contexts. Therefore, I offer five recommendations to that effect.
- Firstly, it is quite helpful to use a password manager as it will create a secure password for each website without feeling the need to reuse passwords, which is something that can jeopardise the user’s security in the digital space.
- On the other hand, it is vital to keep systems updated on a computer or any other device.
- It is also essential to always opt for a second authentication option, be it SMS, push notification, or mobile phone application, among others.
- Do not forget that a good, updated antivirus is a pertinent recommendation to guarantee the device’s maximum security, even though it may seem like something from the “last century”.
- Last but not least, it is fundamental not to send sensitive data, like personal data, or use passwords in open channels such as e-mail. A suggestion that can be useful in these cases is to use an encrypted messaging solution, such as Signal.
In short, cybersecurity is a topic that should be on everyone’s agenda and to which we should all pay attention to considering a large part of the population uses mobile devices daily to carry out different types of tasks.
The ease with which our data and private information can be exposed tends to be increasingly more significant, but this does not mean that digital cannot be a safe space. We just need to be aware of the existing problems and stay one step ahead of the attackers.