October 2021 marks the 18th Cybersecurity Awareness Month—and cybercrime continues to evolve.1 Though you may not get as many emails promising bodily enhancements or asking you to keep some overseas funds in your checking account temporarily, the risk of falling victim to a cybercriminal is a real one. How up to speed are you about protecting yourself electronically in 2021? Learn more about a couple of the most common cybersecurity risks and ways to guard against them.
Phishing and Spear Phishing
Phishing occurs when a cybercriminal sends out a mass email, text, or another electronic message to random addresses. This message carries a harmful attachment or link that, when clicked, may provide the criminal with access to passwords, financial information, or even the entire computer’s hard drive. Some phishing attacks may be avoided if you make a rule not to open attachments to messages unless the message comes from a trusted source. Even this is not completely safe because spear phishing appears to come from a trusted source.
Spear phishing is more targeted than standard phishing.2 A spear-phishing attack spoofs (imitates) a specific individual's account in a convincing way, using information gleaned from sources such as LinkedIn, Facebook, or other social media to create a realistic persona of that individual. The spear-phishing attack sends a message to that individual's contacts with instructions to click a harmful link or download an attachment.
You might get an email from a coworker with a subject line related to something you're working on. If the content of the email just says, "Hey, need some information ASAP--can you check this out?" you may think nothing of clicking on a link in the email. Because spear phishing messages do look like they come from a trusted source and generally include some corroborating information, they're harder to spot and avoid.
It's good general practice to pick up the phone and give the sender a quick call or send an email reply to clarify if you get an unsolicited email asking you to click on something, especially if there is a sense of urgency. Do these extra steps before you click on something that may cause malware to install.
Connected Devices
Another potential cybersecurity risk involves connected or "smart" devices. Not only are these devices generally connected to your mobile phone or another device, allowing you to control them wirelessly, they might also be connected to the Internet.
Without taking proper precautions to shield these devices from a security breach—that could allow a hacker to gain control of such things as your virtual assistant, the thermostat, an internet router, or lights—you could be placing your entire home or office at risk. Some of these precautions include encrypting your connection, installing a device to monitor network traffic and alert you to potential threats, and utilizing two-factor authentication.
LPL Tracking #1-05172470
1 https://www.cisa.gov/cybersecurity-awareness-month
2 https://www.trendmicro.com/vinfo/us/security/definition/spear-phishing