This is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and financial details from a victim. Phishing is normally carried out by sending victims a legitimate looking email typically purporting to be from a bank or other financial institution, online payment processor or IT administrators directing them to a fake website. This website will look authenticate and will ask the victim to login using their credentials and enter other sensitive information. Not all phishing websites will ask for information some sites main function is to distribute malware.
Malware is software designed to cause damage to a computer, server or computer network Malware can be introduced to a computer by several means for example:
Malware comes in many forms here are some are some of the common types of malware.
|Requests for sensitive information or login details||Be careful of emails requesting you to verify your login details. I.T.D will never ask you to do this over email.|
|The message contains poor spelling and grammar||Emails sent by legitimate companies are checked for poor grammar and spelling mistakes. Any message received with spelling and grammar mistakes should be treated with caution. Also be wary of vague salutations such as "Dear Customer" or "Valued Customer". Most legitimate businesses will use a personal salutation with your first and last name as they will have this information already.|
|Check any URL’s in the message||Hover your mouse pointer over the top of the URL to reveal the actual hyperlink address. If the hyperlinked address is different from the address that is displayed in the message, the message is probably a phishing email which should be reported to your IT department.|
|There are many different types of scams in use today here are a few of the more common ones.||
|Watch for email senders that use suspicious or misleading domain names||If you have any suspicion about an email double check with the sender. If you are unsure an email is legitimate DO Not Open It, Contact I.T.D at the earliest opportunity. Always double check requests for sensitive information or the transfer of funds|
This is one of the oldest and most common forms of malware. A computer virus modifies files on a computer in such a way that when a legitimate file is executed, the virus is also executed. Viruses are hard to clean up because they are executed from legitimate programs. To help prevent viruses attacking your computer it is essential that you have a recognised anti-virus program running on your computer and that it is updated regularly.
|Worms||The main difference between a virus and a worm is that the worm has the ability to self-replicate. Unlike computer viruses a worm can spread to other systems and networks without end-user action. Having an up-to-date anti-virus application will help protect your computer from worms.|
|Ransomware||These are malware programs that encrypt your data and hold it for ransom. Over the last few years this type of malware has become very common and sophisticated. Social engineering techniques are used to trick victims into downloading the ransomware. The best defense against ransomware attacks is to backup your files regularly. Under no circumstances should you pay a ransom if your computer is affected as there is no guarantee you will get your data released.|
|Fileless malware||Traditional malware travels and infects new systems using files on the compromised computer. Fileless malware doesn’t directly use files or the file system. Instead it resides in the computer’s memory and is spread from there. As this malware resides in memory it makes it more difficult for anti-virus applications to detect it.|
|Trojans||Trojans masquerade as legitimate programs, but they contain malicious code. A Trojan is generally executed by some action initiated by the victim. Trojans can be delivered as attachments in email on by users visiting sites that contain malicious software. Having an up-to-date anti-virus application will help protect your computer from Trojans. Caution should also be taken when visiting unfamiliar websites.|
|Adware/Spyware||Adware attempts deliver unwanted and potentially malicious advertising to the victim. A common form of adware is to change the default browser page to one that contains advertising. This type pf malware is seen more as a nuisances than been malicious.
Spyware on the other hand are programs that harvest information from your computer. This can include browsing habits and even key strokes. One emerging threat from spyware is the information harvested from the computer can be used in other types of attacks that require a level of social engineering.
DigitalGuardian’s 101 Data Protection Tips
How to keep your passwords, financial & personal information safe
US-CERT (United States Computer Emergency Readiness Team
Home & Business protection
Ireland’s national advice centre (Roinn Cumarsáide, Gniomhaithe ar son na hAeráide & Comhshaoil)
Vishing attacks are carried out over the phone