Q. From the following, define one of these threats to cybersecurity, then explain why you think that poses the greatest danger. Then, talk about a threat not mentioned among any of the above, define it, then explain why you think that this poses a great threat to cybersecurity.
Spoofing phishing pharming Worms viruses Denial-of-service attack
ANS: Quite frankly all of the above contribute a greater threat to the Cyber security but I would pick ” Phishing” as the most common threat and kind of an easy low hanging fruit to the hacker.
By definition- A Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It’s one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.
The availability of phishing kits makes it easy for cyber criminals, even those with minimal technical skills, to launch phishing campaigns. A phishing kit bundles phishing website resources and tools that need only be installed on a server. Once installed, all the attacker needs to do is send out emails to potential victims. Phishing kits as well as mailing lists are available on the dark web. A couple of sites, Phishtank and OpenPhish, keep crowd-sourced lists of known phishing kits
Some steps to avoid these Phishing scams:
As a general rule, you should be careful about giving out your personal financial information over the Internet.
Here are some steps you can take to avoid becoming a victim:
Be suspicious of any email or communication (including text messages, social media post, ads) with urgent requests for personal financial information.
Phishers typically include upsetting or exciting (but false) statements to get people to hand over their usernames, passwords, credit card numbers, Social Security numbers, date of birth and other personal information.
Avoid clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine. Calling the company to verify its legitimacy is also an option, too.
Pay attention to the website you are being directed to and hover over URLS. An email that appears to be from PayPal could direct you to a website that is instead “http://www.2paypal.com”or “hxxp://www.gotyouscammed.com/paypal/login.htm.”
Don’t send personal financial information via email, and avoid filling out forms in email that ask for your information.
You should only communicate information such as credit card numbers or account information via a secure website or telephone.
Unless an email is digitally signed, you can’t be sure it wasn’t forged or spoofed.
Double-clicking the “lock” icon on a website will display the security certificate for the website. If the certificate isn’t displayed, or you get a warning message that the address of the website does not match the certificate, do not continue.
Typically, phisher emails are not personalized, but they can be. Valid messages from your bank and e-commerce companies are personalized. When in doubt, call the company directly to see if the email is in fact from them.
Phishers have the ability to spoof and/or forge the https:// that you normally see on a secure Web server and a legitimate-looking Web address, which – again – is why you should always type the web address yourself instead of clicking on displayed links.