7.CyberSecurity: Understanding the technology: where attacks can take place

Understanding the technology - where attacks can take place

The weakest links in our online world are the people that use it and it is the individual at home or at work that is subject to the greatest number of attacks.

Most of these attacks arrive in the form of emails:

Your PayPal account has been suspended, click this link to check your account

We have noticed fraudulent activity on your bank account, click this link to get in touch with us

Hi, I really like your latest video. Have you seen mine?...link

I think you are really cool. How about a chat?...link

The criminal attack may be in attached documents to the email, word, pdf, images, zip... Any attached document can launch malware into your computer network.

Attacking emails can look as though they come from people that you know. They can also come from the computers of the people that you normally exchange messages with. Once malware gets into a computer system on of its first actions is often to send copies of itself to everyone on that systems mailing contact. If one of your best friends sends a message 'Have you seen this' and an attachment - beware!

Don't click on the link, delete the email. Clicking on the link is likely to start a chain of events that ends with malware installed on your device and potentially spreading through your network.

Clicking the link in the email may also take you to a site that looks exactly like your login for email, PayPal, bank or social media. However this may be a fake site that has simply copied the real site. The criminals hope that you will use it to attempt to log in and they will then capture your user details and password. Get into the habbit of making bookmarks for all the sites that you use, and only ever use your bookmarks to go to these sites. Never use the link in an email or use a search engine as a quick finder for your bank or email account.

Attacks can start from a phone call as well:

I am calling you from Microsoft, BT, your Internet supplier, your bank, the Inland Revenue..

We have detected a problem with your computer, your router, your telephone line, your email account etc

Please can you verify your date of birth, fullname, mother's maiden name, etc

These phone calls may be to get you to reply to an expensive premium phone line, simply collecting information that may be used to attack your accounts, or to start a chain of events that gives the criminal direct control of the computing device. End the call and dial a free number such as 1471 to check that the criminal hasn't kept the line open.

Business users may targeted by much more cleverly crafted attacks focused on their specific business, and the attacker may have spent many days analysing the business. Collecting names of managers and their interests from social pages etc, and then crafting an email that will get you to click on a link.

Hi John

I'm in a meeting in Paris at the moment and don't have access to some of my notes. Can you just check out the attached document and let me know what you think as soon as possible.




Would you open the document?

Many attacks by email and phone are described as 'fishing for information' and have become known as phishing attacks.

Phishing attacks can also take the form of discussion or competitions on social media, where name of pet, favourite colour, which was your first school? are designed to capture the answers to all commonly used security questions for banking accounts.