It seems like a week doesn’t go by when we don’t hear or read about the most recent cyberattack. These online “attacks” are defined as “any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.” The “attackers,” whether a person or process, are trying to access data, functions or other restricted areas of computer information systems, infrastructure, computer networks and personal devices.
According to Great Britain’s National Cyber Security Centre, there are two types of cyberattacks, ones that are targeted and ones that are un-targeted. Un-targeted cyberattacks target as many devices, services or users as they can. These attacks aren’t focused on a single victim because “there will be a number of machines or services with vulnerabilities,” they further explain. They also share a few of the techniques that attackers use to take advantage of how open and accessible the internet is:
- Phishing – sending emails to large numbers of people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.
- Water holing – setting up a fake website or compromising a legitimate one to exploit visiting users.
- Ransomware – which can include disseminating disk encrypting extortion malware.
- Scanning – randomly attacking broad areas of the internet.
Dartmouth-Hitchcock’s Information Technology’ Security Team offers these reminders for each of us to follow:
- When opening email, look at every email carefully and consider:
- The source – WHO is this email coming from?
- The likelihood of authenticity – Would I EXPECT to receive an email of this type from this source?
- The sense of urgency – Does the email ask you to DO something quickly? Phishing emails are designed to trigger our desire to respond to something urgent and react quickly.
- When browsing the internet, be wary and “think before you click.”
- Question “pop-up boxes” that include an authoritative or emotional request to take an impulsive action.
- Be wary of websites that try to make you feel something is urgent—especially if they are asking for information regarding a D-HH account, personal email account, bank account, credit score, social security number, benefits or legal action.
Remember…Think before you click.