Monthly Archives: May 2020

Phishing Attacks and Prevention Methods

Nearly a third of breaches in the past year involved phishing, according
to the 2019 Verizon Data Breach Investigations Report.

Phishing uses malicious emails to trick the recipient into believing
the message or sender is real and to click a link or download an
attachment. This activates allowing the “Phisher” to plant key logger
(a man-in-the-middle that captures your network credentials), a
ransomware bot and all kinds of nasty stuff.

They are used to accessing important data resulting in identity theft
and financial loss. The Coronavirus pandemic gives bad actors an outsize
opportunity; so scammers are launching literally millions like this every
day and sadly they’re often successful. They continually update their tactics,
but there are some keys to help us recognize and avoid Phishing.

Phishing emails and text messages look like they’re from a reliable
source, a person or a company you know or trust. Maybe a friend,
business contact, bank, a credit card company, a social networking site,
an online payment website or app, or an online store. And Phishing is deadly,
for example recent data breach at Magellan Health, one phishing email lead
to company data breach.

Ways To Prevent A Phishing Scam

According to Industry expert, Andrew Cheung, phishing emails can be hard
to spot but here are some tips to protect yourself:

- If you receive an email from a known contact but it seems suspicious,
contact them through another channel instead of replying to that email.

- Don’t post personal data, like your birthday, your itinerary, your
address or phone number on social media.

- Use IronCAP’s digital signature proofing along with end-to-end
encryption, the perfect cocktail of data protection and security.

“Man In The Middle” Cyber Attacks

We want to talk about “Man In The Middle” cyber-attacks. It is
something not everyone fully understands or knows but is very
crucial in our environment with cyber attacks on the rise. So we
asked an industry expert and CEO ofIronCAP, Andrew Cheung, to
break it down for us.

“Man In The Middle” (MITM) cyber-attacks happen when the attacker
doesn’t need access to your computer, physically or remotely. They
just sit on the same network as you, and suck in your data. They can
even create their own network and trick us into using it. MITM breaches
often happen at the network level – the evil transgressor associates their
hardware address with yours then all your data is diverted to the “bad actor”.

“DNS spoofing” is a similar strategy. The offender can forward legitimate
queries to a bogus site they control and then capture your data or use
malware. Therefore, bad actors can use “MITM” attack remotely, not in the
same room, or even on the same continent. One way to do this is with malicious
software.

Another nasty “man-in-the-browser” attack (MITB) occurs when your
web browser is infected with malicious security. For example, the bad
actor manipulates a web page to show something different than the genuine
site. They often also hijack active sessions on websites like banking or social
media pages and spread spam or steal funds.

We Can Protect Ourselves BUT How?

As the hacking sophistication grows, so does the protective response
and we can protect ourselves.

You would think a VPN would be enough and will encrypt all
traffic between your computer and the outside world, protecting you
from MITM attacks. Yes and no, your security at this point is only as
good as your VPN provider; and many have disappointed recently.
A better solution for long term is IronCAP, it even deals with the future
issue of Quantum hacking.

To protect yourself from malware-based MITM attacks first practice
“good housekeeping” cybersecurity habits – don’t install applications
from sketchy sites, and log out of website sessions when you are
finished. But you can eliminate both MITM and Phishing risks -
IronCAP’s digital signature proofing along with end-to-end encryption
is the perfect cocktail of data protection.