Phishing Archives - IPOsgoode /osgoode/iposgoode/tag/phishing/ An Authoritive Leader in IP Fri, 04 Sep 2020 00:46:46 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Phishing 101: What is Phishing? /osgoode/iposgoode/2020/09/03/phishing-101-what-is-phishing/ Fri, 04 Sep 2020 00:46:46 +0000 https://www.iposgoode.ca/?p=35834 The post Phishing 101: What is Phishing? appeared first on IPOsgoode.

]]>
Phishing is one of the seven common types of s. The others are malware, man-in-the-middle attacks (MitM), denial-of-service attacks (DDoS), SQL injection, zero-day exploit and DNS Tunneling. The is for the victim to hand over sensitive information by revealing important data like their username and password, or for the individual to download malware.

The phishing attackers and their email addresses, so it appears to come from a trustworthy source. They may also include links that redirect users to fake websites masked as legitimate web pages, where users are prompted to share confidential information. Phishing may also come in the form of text messages that appear to come from your or delivery companies. Thus, not only should you not provide your personal information, but you should also not click on links inside texts from numbers that you do not recognize, as that you may unknowingly download a malware program.

Moreover, in addition to coming from trustworthy sources, phishing attacks may also rely on . For instance, emails may include subject lines warning the individual about their compromised and urging them to provide their information fast. Perhaps that’s one of the reasons why during the COVID-19 crisis. There are , including carefully investigating the , that try to alarm or confuse, and However, it is important to state that these attackers, their technologies, and the social engineering techniques they deploy are also to put off the counter-cybersecurity protection.

Phishing attacks use social engineering, which typically involves some form of of the target into opening infected documents or providing personal information. Humans are the , and social engineering techniques are applied to take advantage of human error and negligence. Before the attack, cyber-criminals can prepare by collecting information on their targets for some time. They may research the individual by sites like LinkedIn or Facebook. Attackers use the information they collect on known interests of the target to to entice the target to click on malware-laced attachments. For instance, if the hacker gains access to the information that the target is a huge fan of a certain artist, the hacker may offer discounted tickets in the email.

For example, in 2016 and 2017, devastating cyberattacks named and the new variant were deployed. The attack the Ukrainian power grid, banking systems, and government agencies. The attackers used the employees of the bank and government to download a seemingly innocent Microsoft Word document that had malware. The was purporting to be a job applicant’s resume, which allowed the hackers to make admin-level changes once opened. This example demonstrates how attackers targeted due to their unique need to open attachments from unknown sources, and subsequently personalized their attacks.

Therefore, it is important to create among individuals, employees, and businesses to enable them to identify and avoid these threats. This security awareness training needs to encourage and transparency. Appropriate such as antivirus protection, download and acceptable use policies, data access policies, data back-up policies and encryption frameworks must be fully integrated into the ÌýMoreover, individuals and employees must they share on social media to limit the resources available to the attackers. Lastly, employees must be clearly instructed on how to once they have identified it.

To conclude, phishing attacks can significantly damage the businesses legally and financially, as it may diminish the operations, productivity, and integrity of data of businesses. Phishing can further lead to the public disclosure of embarrassing or damaging emails, causing loss of reputation and the public trust, which . Therefore, it is fundamental that cybersecurity awareness must be embedded in the company culture and prioritized, among other operational and legal risk management practices.

Written by Elif Babaoglu, a third year law student at Osgoode Hall Law School and an information privacy and cybersecurity enthusiast.

Ìý

The post Phishing 101: What is Phishing? appeared first on IPOsgoode.

]]>