As with any emerging tech, as its popularity rises, so does the big red target on its back. Researchers at security firm Proofpoint say cloud-based services (not to be confused with cloud hosting!) are the next big arena in the cyber security Thunderdome, and with phishing scams becoming increasingly realistic, it’s important to be vigilant!
Proofpoint’s done a bit of digging into the most common email-based threats and has found that stealing credentials from Google Apps in phishing campaigns (typically fraudulent emails trying to ‘fish’ for your details) is set to be the next big target; and if you’ve adopted Google Apps for regular internal use you’re particularly at risk from this.
For example, in a recent attack, cyber criminals created an incredibly realistic Google docs document landing page with the aim of fooling users into downloading it and giving away personal details; the only noticeable difference from the regular page was that it was delivered using the standard hypertext transfer protocol (HTTP) instead of the secure version of the protocol (HTTPS).
Users who didn’t realise it was a scam and downloaded the doc were shown a realistic looking Google login page. This fake login page also supported logins for other webmail services like Yahoo, Hotmail and AOL, which gave the attackers an even wider scope and set of accounts.
When they’d clicked on the link – although phishing attacks normally don’t bother carrying on the scam after the victim’s given their details – an actual document appeared; this extra detail bought the attackers more time to use the stolen info, as victims didn’t realise they’d been scammed.
So many people fall prey to attackers every day, and although we’d hope every attempted attack would be as obvious as “Click on www.we’regoingtostealallyourmoney.com”, the reality is that they are becoming more sophisticated as time goes on.
To combat this we need to come together to help build a safer internet. Tell your friends and family about how to keep themselves safe – particularly people who might not be particularly tech-savvy (nan, looking at you here) – and to practise good online safety; and keep an eye on the news for the latest threats. Basically, ensure that you’re doing everything you can to protect yourself online, both personally and professionally.
Here are some top tips from our security branch Secarma on how to stay safe online:
- Passwords should be long and complex, and don’t use the same ones across multiple accounts.
- Don’t open unknown emails with attachments and or click on links from unknown sources. Remember – your bank and other legit companies won’t ask you for personal details over email.
- In fact, never email personal information – even if it’s to someone you trust – in case it’s intercepted on the way.
- Don’t download and install pirate software; aside from being generally naughty, it’s an invite for all sorts of tag-along nastiness.
- Always keep your OS, Web Browsers, antivirus software and programs are up to date.
- Check sites are secure (they have HTTPS rather than HTTP in the URL browser bar) before transmitting any personal details over them; check the URL is correct too, as sometimes sites may impersonate another site, but might have an incorrect or weird looking URL.
- Be wary of pop-ups and don’t enter personal info in pop up screens.
Secarma also suggests using a password manager, which firstly means you can create longer, stronger passwords unique to each login that you have without the mental taxation of remembering each one; and it will also remember your login info for each site. So, for example, if you visit a site via a link (as in the above scam) and it doesn’t automatically provide your usual login details, then you will know that this may not be the correct site.
Our clients can sign up to our monthly security newsletter in MyUKFast for info on the latest threats and advice on how to protect yourself; and for more information on our security solutions take a look at our website.