If you’re like us, then you use the internet basically all day, every day. The internet has become an integral part of all our lives and we rely on it for information, entertainment, communication, and financial transactions. Today’s world is more convenient and more interconnected than ever because of the internet—but we must also acknowledge that the same technology that empowers us can also expose us to significant risks.
What is a Cyber Threat?
Cybersecurity threats, more commonly referred to as cyber threats, are malicious attempts to damage or disrupt a computer, a computer network, or a person using a computer. They can range from simple and broad to complex and targeted attacks—and anyone can be a victim. It doesn’t matter how tech-savvy you think you might be, if you’re not aware of these cyber threats, then you’re at risk!
According to the FBI’s Internet Crime Complaint Center (IC3), the top five most common cyber threats in 2022 fell under the categories of phishing, personal data breaches, non-payment/non-delivery, extortion, and tech support. If you’d like to read the full 2022 Internet Crime Report, you can find it here. The report shows that anyone can be a victim, regardless of age, gender, or education. The most important thing we can do to reduce cybercrime is to become more educated regarding common cyber threats.
Without further ado, here are the top common cyber threats that we think you should be aware of:
Phishing: usually performed using spoofing techniques, this attack may take the form of an email or an online advertisement and seeks to convince you to enter sensitive information such as passwords, credit card numbers, or banking PINs on a compromised website.
Charity fraud: an alternative to investment fraud where a malicious actor pretends to be a charity raising money for a good cause, but is actually pocketing all donations.
Identity theft: when your personal information is used to open accounts, make purchases, or even file taxes.
Ransomware: an attack that prevents you from accessing your files, systems, or networks without first paying a ransom.
Business email compromise: an email message that appears to come from a known source making a legitimate request
Skimming: when your debit or credit card information is stolen using devices that may have been illegally installed on ATMs, fuel pumps, or cash registers.
What to look out for
Many cyber threats commonly reach you through text or email. Before replying to any message or clicking on any links, you should ask yourself the following questions:
Does the sender of the message look a bit strange?
Did the message contain any typos?
Am I being asked to provide private information?
Does the message have an urgent tone?
If you can answer yes to any of the above questions, then you might have received a malicious message. Remember that, in the case of emails, you should always be able to find any company’s official email accounts through an online search. When in doubt, you can also send a message to a company’s support email address and ask them if the previous email you received was legitimate. If it wasn’t, then you should immediately delete the email. Some email clients may even allow you to “report phishing,” which deletes the email and may help the client to recognize and filter out similar emails in the future.
Common Cyber Threats and How to Deal with Them
Don’t just wait to become a victim of cybercrime! Instead, you should go on the offensive—engage in some cyber threat hunting, if you will. Previously, we’ve mentioned some common cyber threats. In this next section, we’re going more in-depth on four cyber threats by giving you an example scenario and teaching you how to identify, mitigate, and prevent each one.
Out of all the types of cybercrime, phishing is easily the most common. Malicious actors can email unsuspecting victims en masse with very little time and effort. Phishing attacks usually aren’t targeted (although they can be) and instead play the numbers game. Here’s a common scenario:
Imagine you receive an email from [email protected] warning that your account has been compromised! The email features a link to a webpage where you can enter your current username and password in order to reset your password, and it looks remarkably similar to the real Bank of America website. Unfortunately, it’s actually a phishing and spoofing scam, and if you enter your credentials, your private banking information will be exposed to the cybercriminals behind the racket.
What could you have done?
First, if you had noticed that the email came from bank0fAmerica (with a zero instead of an “o”), then you probably would have been more cautious. Second, instead of clicking the link in the email, you could have navigated to the Bank of America website using your favorite search engine. This would have ensured that you reached the real website instead of the spoof.
Preventing phishing scams
Never download files or click on links from unknown emails or numbers. In fact, even if it’s a known email or number, think twice before taking any action! Furthermore, vigilantly check typos in messages—criminals aren’t known for their spelling and grammar! This is especially important when it comes to emails, as malicious actors will purposefully create accounts that look similar to real businesses by replacing similar letters and digits such as l, I, and 1 (in most fonts, you can’t even tell the difference between a lowercase “L” and an uppercase “I”).
Identity theft is something that can happen to anyone and recovering from it can be extremely difficult and time-consuming. If you believe that you have been a victim of identity theft, you should go to IdentityTheft.gov to report the crime and get started on a recovery plan. An example of identity theft may be:
Let’s say you’re considering making a big purchase, such as buying a home. The first thing you do is get your credit checked so that you can have an idea of what kind of APR you can expect to receive from a mortgage lender. On the report, you notice that there’s a credit card account you don’t remember opening.
What could you have done?
Identity theft is a difficult crime to diagnose because there are so many ways a criminal could have stolen your identity. But, let’s not lose hope just yet! By taking simple measures such as putting a fraud alert on your credit bureau accounts or implementing a credit freeze, you can ensure that no criminal is able to steal your identity–and your money!
Preventing identity theft
Consider placing a free credit freeze. This can prevent anyone from opening new lines of credit in your name until the credit freeze is deactivated. You should also be consistently checking your credit report to make sure that there aren’t any new accounts that weren’t created by you. Furthermore, you should have complex, unique passwords for every account so that an attacker is not able to log in to all your accounts by virtue of knowing one secret.
Business email compromise
Business email compromise is similar to phishing in the sense that both cyber threats target your email inbox. In the case of business email compromise, malicious actors send a message that appears to come from a known source and they make a seemingly legitimate request, such as:
Imagine you work at a small company. An account pretending to be the CEO emails you and asks you to purchase dozens of gift cards to send out to employees as rewards. After you purchase them, the account asks you for the serial numbers of the gift cards so that they can send the rewards to your coworkers right away!
What could you have done?
Like in the phishing case, you could have noticed that the email account you were communicating with was actually a fraudulent account. Also, by being aware that cyber threats usually involve some task that needs to be done with urgency, you could have been more cautious and gotten a second confirmation through a separate form of communication that the request was indeed legitimate.
Preventing business email compromise
Like most cyber crimes, the easiest way to prevent business email compromise is through vigilance. Make sure that the person that’s emailing you is really who you think they are. Scammers use slight differences in spelling to trick your eye and gain your trust. Moreover, never click on any links or download any documents unless you are sure it’s from someone you know. Finally, if possible, always verify payment or purchase requests in person or by phone.
Because of the prevalence of business email compromise, many companies train their employees so that they are aware of the scam and are able to identify, report, and archive such malicious messages. Training can be incredibly useful in preventing cyber crimes that require user action.
Most forms of fraud involve abusing your trust, and skimming is no different. This crime is when you insert your card in an ATM or POS terminal and a 3rd party steals your debit or credit card information through the use of a card skimming device. A common scenario is:
It’s been a long day of commuting, and your car needs some gas. You’ve just arrived at a gas station that you’ve been to many times and trust. You insert your debit card into the fuel pump card terminal to pay for the gas and a skimming device reads your card information while you’re making the purchase. You pump gas and are soon on your way home.
What could you have done?
Sometimes there’s nothing you can do to stop some cybercrimes from occurring in the moment. Yes, sometimes card skimmers are placed on top of the original card reader and are easy to recognize, but other times they are hard-wired inside of the existing payment device and are impossible to detect. In either case, by using a credit card instead of a debit card, you could protect yourself from unauthorized charges that may occur in the future.
Skimming is difficult to prevent because it may be undetectable at the moment. However, you can prevent it from happening to you by using credit cards instead of debit cards and by using chip-based or NFC-based cards instead of magnetic-strip-based cards. Furthermore, ATMs and other payment devices that are busy and well-lit are less likely to be targets of skim attacks because they are riskier for malicious actors to infiltrate.
Are you passionate about cybersecurity? Do you want to make the web a safe place? Look no further than Ironhack’s Cybersecurity Bootcamps. Offered in several different locations with both remote and in-person options, our cybersecurity bootcamps are a surefire way of preparing yourself for a job in the cybersecurity industry. Come check it out today!