What are your top 3 tips to help others avoid phishing scams?
No sooner had the clocks struck midnight, than the first stories of yet another major breach was publicized with reports [i] that the phone numbers and usernames of over 4.6 million Snapchat users have been published on the Internet by a group claiming a desire to raise awareness about security flaws in the app.
2014 provides us with the opportunity to practice safe hex (thank you @BrianHonan for that!), and avoid falling for phishing scams, both new and old. The following tips are based on the recent McAfee 2014 Threat Predictions;
Tip #1: Resist the temptation
Even when the resolution to give up smoking or chocolate appears to be waning, the temptation to just click on the link should be avoided. What’s more these tempting links won’t just be delivered via email. In 2014 one of the predictions that we can expect more of are threats via social media.
One of the threat predictions[ii] we can expect are for social attacks to be ubiquitous by the end of 2014. Amongst the many social attacks are “false flag” attacks that attempt to trick users into revealing their personal, or login information. One such example is that “urgent” request to reset a password that will instead steal the username and password credentials.
Tip #2: Keep mobile
Whilst we should no doubt keep on our toes for those attacks delivered via social media, other channels including email will also remain a target. In 2013 we saw a dramatic rise in malware targeting the Android platform, and 2014 will see a continuation of this growth. Not only will the volume increase, but this year we are likely to witness the first real ransomware attacks aimed at mobile devices.
So make sure you keep a back-up of all data on all devices, it is better to do that before your data is held hostage.
Tip #3: Remember the cloud is also another way in
There is no question that the cloud has enormous advantages for consumers and businesses alike. They can however, also expose new attack surfaces that anyone with an internet connection and a phone can discover[iii].
So in this case be proactive, and consider what information you put onto the internet that may be used by attackers to target not only you, but the services that you may inadvertently advertise you use.
Above all stay safe online in 2014, and have a very happy new year.
Raj Samani | McAfee | EMEA CTO | @Raj_Samani
To find out more about our panel members visit the biographies page.
[ii]
[iii] Wired.com. “How Apple and Amazon Security Flaws Led to My Epic Hacking. August 2012 [cited November 2013]. Available from:
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
