Phishing scams: you are the weakest link

26 September 2014 | Story by Newsroom

It's a hectic day at the office, with the phone ringing off the hook and requests streaming in from your boss and colleagues. A new email message catches your eye. Coming from admin@uct-webmail.ac.za, it reads: "Urgent!!! Your email account has been put on-hold by our server due to irregularities. Please click this link and log in to avoid having your account suspended."

Losing your email account is a problem you don't need at the moment, so you click the link, quickly enter your UCT login credentials and get on with your work.

You've been hooked

The email described above is an example of "phishing" '“ a social engineering technique that criminals use to get you to hand over personal, confidential information '“ which they then use for malicious and often financially damaging purposes. Aside from collecting your private data, phishers can also use the technique to spread viruses to your computer when you click on a link they've included in the message.

Ransom demands

The latest spate of phishing attacks deliver a file which, when opened, encrypts all of the information on your hard drive '“ effectively locking you out of your information. You then receive a ransom note demanding that you pay (in Bitcoins) to unlock your data. There are currently two versions of this doing the rounds. One is known as Cryptolocker and the other one targets Dropbox users. In each case, you've lost your data '“ unless you pay the scammer to decrypt your data.

Don't be a victim

South Africa is among the world's most targeted countries in terms of phishing, with the technique costing us more than $300-million in 2013 alone. "Although phishing is on the rise around the world, it can be minimised by remaining vigilant and taking the right protective measures," says Kira Chernotsky, director of customer services at ICTS.

As a starting point, use common sense when processing your email. For example, don't entertain unreasonable requests for information '“ especially if you don't know the sender. Also be wary of attachments you weren't expecting, and keep an eye out for subtle grammar mistakes and hyperlinks that point to fishy-looking web addresses.

System security and anti-virus protection is also key. Keep these items up to date and, if you do slip up and click on something you shouldn't have, you'll have a bit of a buffer against any dangerous threats.

Good system security and virus protection can't be beaten

"Worldwide, higher education institutions are seeing more and more phishing attempts targeting both staff and students," says Chernotsky. "I'd advise everyone to be more cautious about strange messages in their inbox."

Take a little time to make sure you're protected. A little effort now can save you a lot of trouble down the line.

Story by Steff Hughes and Yacoob Manjoo. Image supplied.


Creative Commons License This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Please view the republishing articles page for more information.


TOP