Guest Blog from David Woodfine of Cyber Security Associates
I was lucky enough to meet David and some of the team from Cyber Security Associates at the Business Showcase South West in Bristol back in May 2018. It was only a few days after the Army v Navy Rugby Match, where unfortunately the Royal Navy had lost. However, David is ex-RAF and his service had won the overall competition that the military were playing for. Being typical ex-military there was a lot of banter between us but Cyber Security Associates agreed that they would be willing to guest blog for us on the important subject of Cyber Security so I am very grateful.
Cyber Security Associates Limited (CSA) is a cyber SME providing a range of cyber managed services and cyber consultancy services to companies of various sizes across multiple market sectors.
On of the areas that is continued to be used by the cyber criminal is the use of spooked emails to either gather more information of trick the victim into interacting with the criminal. The following blog gives some more insight into this topic.
‘If it’s too good to be true – then it probably is’
We have all received the leaflets through the post-box, promising free gifts and entries into a lottery with a guaranteed winning gift. But we don’t fall for these and simply throw away the leaflets – so why don’t we do the same when we receive these same promises by email both at home and at work?
The terms email phishing and spam are not new, but they continue to be used because they remain a successful way of tricking us into some form of interaction. Anyone with an email address is a target, with the attacker trying to convince you to interact with the sent email. Opening the email is not enough for the attacker to get what he wants, but clicking on a link, opening a document or going to a web-site are all ways where the attacker could make a connection from his computer to your computer or device.
Once the attacker has made a connection he can then download malicious software, also known as Malware, to infect your computer or device. Once this has happened the attacker could stop you gaining access to your computer and demand a ransom to allow you back in (Ransomware), or secretly get all your personal information including passwords to steal your identity or gain access to your bank accounts.
Sometimes the attacker does not even have to infect your computer, he could simply take you to a fake bank account page and ask you to put in your bank details – which he then has because you have simply given them to him. And it does not stop there, as now the attacker has upped his game and is using the same technique to pose as an individual you may know such as a family member of one of your organisations senior team.
The new technique known as ‘whaling’ is now seen more often, where an email that appears to be from a senior executive from your own organisation is actually the cyber attacker. The content of the email will often demand a financial transaction is undertaken on their behalf and must be made quickly. Simple but effective.
Treat all emails with caution and remember promises of a free gift or a large lottery win are likely to be malicious and not legitimate. If in doubt go to the web-page direct rather than clicking the link in the email.
You can learn more about Cyber Security Associates via the following links: