Cybersecurity: Phishing and Smishing

Authority and Access Control

  • Vestibule System
    • A security mechanism involving a set of two doors, allowing only one person to enter at a time.
    • Enhances security by ensuring that proper credentials are verified before access is granted.
    • Features include:
      • One door requires proper credentials to open.
      • While one door is open, the other remains closed.
    • Possible Credentials:
      • ID card
      • Biometric data (e.g., fingerprint, facial recognition)
      • Personal Identification Number (PIN)

Cybersecurity Threats:

  • Phishing
    • A type of cyber attack where attackers aim to deceive users into giving away their private information.
    • Often executed through emails or communication that appears legitimate, such as messages from banks or online stores.
    • Typically contains a link leading to either a counterfeit website or a legitimate site that has been compromised.
    • Objective:
      • To prompt the user to input confidential data such as bank account numbers and passwords.
      • The information is then stolen by the threat actor.

Characteristics of Phishing Attacks

  • Mass Email Distribution:

    • Hackers often send phishing emails to tens of thousands of users.

  • Cautionary Advice for Users:

    • Be aware of your mental state while reading emails; factors such as distraction or fatigue can impair judgment.
    • Golden Rule of Email:
      • Regardless of how legitimate an email appears, it is always safer to open a browser and navigate directly to the official website to log in.
      • Pay attention to the behavior of the username field:
        • If the username field is set to auto-complete and it doesn't, it may indicate you are on a counterfeit site.

Tips for Identifying Fake Emails

  • Addressing:

    • Emails that are addressed personally (by name) are more likely to be genuine than generic greetings like "Dear Customer."

  • Spelling and Grammar:

    • Look for spelling errors and grammatical mistakes, which often indicate a fraudulent email.

  • Urgency Cues:

    • Be wary of desperate calls for immediate action; for example, messages that state, "Your account will be suspended unless you act now."
    • Such language is often used to create panic and prompt hasty decisions, leading to falling victim to the attack.