Attempts by malicious actors to infiltrate organizations and individuals’ personal space through a wide variety of phishing exercises are widespread. From crude attempts at garnering the unwitting user’s confidence to overcoming large organizations’ anti-phishing filters, malicious actors have been at the top of their game. There has been a surge in data breach attempts, as pointed out by numerous cyber intelligence units worldwide.
Coronavirus has changed our way of doing business, at least for the time being. And of all the changes it has brought about, the greatest impact is the dramatic increase in the number of remote workers.
One of the least discussed consequences of this mass migration to remote work is how the workers, who used to be safely ensconced in the organization’s network, are now left out there on their own. And home networks are rarely as well protected as corporate networks.
Cloud-based storage is a wonderful thing. Being able to store your files and retrieve them from anywhere boosts productivity. It should come as no surprise then that Microsoft entered the cloud-based storage arena back in 2007. It should also come as no surprise that Microsoft’s cloud-storage product, called OneDrive, is the target of and vehicle for, phishing attacks. Afterall, Microsoft is the second favorite target of phishing attacks.
Employees who have been trained to look out for phishing emails know not to click on links in suspicious emails. But what if the email tricks them into clicking on a link they didn’t intend to click on because it’s invisible?
According to a presentation by the security education firm KnowBe4, one of the newest forms of email compromise is a type of clickjacking which incorporates an invisible link (using the opacity setting in CSS). The link is instead replaced by a “bothersome” graphic element that’s made to look like a small hair or a speck of dust just like this:
So you tried your best to avoid a phishing attack but one day your laptop woke up with the flu bug. Criminals use phishing attacks to try to get at your personal information. You receive a legitimate-looking email with a link or attachment attached and you take the bait. After the initial shock wears off what do you do?
First and foremost, disconnect your device immediately to get offline. The criminal could be in the process of installing ransomware on your computer. So if you have a wire connection, simply unplug the internet cable. If your device is wireless, disconnect it from the wifi network.
