Insight

How Bond Trust can help our clients to avoid a Cyber Attack

"A little awareness and care can help keep you safe online"

With growing concerns on the digital security of everything from access to our finances to the protection of our personal digital assets such as email and social networking accounts, there is much to be said for awareness raising regarding best practice. With this in mind, it seems a worthwhile exercise to cover the basics.

What is Cyber Security?

Cyber security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.

Examples of cyber attacks:

Emails (Phishing)

If you receive an email that looks strange, think twice before opening any attachments.

Tell-tell signs that it may be a Phishing email include:

  • Sender’s name – may look familiar but is it trying to mimic one that you are familiar with?
  • Subject line – Is it alarmist? Is it trying to intimidate you into action? Does it use excessive punctuation?
  • Logo – May be bad quality. Possibly cut and pasted from a legitimate website.
  • How does it address you? Does it use a generic name or refer to you in a way that is not usual? Remember an attacker may derive your name from your email address.
  • The content – Watch out for bad grammar, spelling or unusual word choices. Many attacks originate from non-English speaking countries.
  • Hyperlink/ attachment – The email will be designed to encourage you to open the attachment or click on the hyperlink. Hovering your mouse over a link might disclose the true link.
  • Requesting a password change – An email may suggest that your account has been compromised and so may request that you change your password. The link provided will then take you to a ‘mirror site’ (a copy of the legitimate site) and will capture your account details. The details will then be used to access your real account and potentially lock you out of it.

In general, unless you are positive about the source of the email, don’t open it!

Telephone (Vishing)

Be aware that a fraudster might call you claiming to be from your bank or credit card provider or from the police, asking for confidential information to resolve an issue.

Do not disclose confidential information, including passwords and security codes, over the phone. Remember that banks will never ask you to disclose such information.

Text (SMsShing)

Similar to email Phishing, you might be asked to confirm or supply account information. Do not respond to such texts.

Malware

This is where a piece of software piggybacks on an authorised download, entering the computer / network allowing the fraudster to infect a network with a virus or to steal confidential information. Here, it is important to use reputable and up to date virus protection.

Passwords

Once obtained, the fraudster will have access to your information. A fraudster might obtain your password

  • By deception- tricking you into revealing it such as through the use of mirror sites (mentioned above)
  • By brute force – an automated effort to hack your password.
  • By use of spyware – recording you log in. This is another type of programme that often piggybacks on an authorised download.
  • By ‘Shoulder surfing’ – watching you log on, again through software that has piggybacked on an authorised download.

Man in the Middle Attack

This is where an attacker intercepts the network and watches transactions between two parties, and steals sensitive information. In order to avoid such issues, extra diligence is required when using public Wi-Fi. Note that people can set up ‘hot spots’ on their phones, providing Wifi to people around them using a fairly legitimate sounding Wifi name (such as the name of the coffee shop that you may be in). If you access the Internet through one of these Wifi hot spots then your data may be visible to the person who set it up.

Invoice Fraud

A fraudster will ask you to change the payment destination or demand payment via phone, fax or email. Be weary of such requests, especially from lesser familiar sources.

Trojans

You are asked to update your software and are prompted to enter your pin and card number to start the download. Instead a Trojan downloads and takes control over the computer.

Protecting yourself

Do

  • Protect your systems with sufficient anti-virus software and firewalls.
  • Consider the physical security of your computer, and devises for internet banking.
  • Use strong and secure passwords where required, and keep them secret.
  • Change your password immediately if you think that someone else knows it

Don’t

  • Download programs from the internet or upload information from memory sticks without being certain that they are safe
  • Open suspicious emails, attachments thereon or hyperlinks.
  • Disclose confidential information over the telephone such as personal or financial data including user names, passwords, PINS or ID numbers.

Remember

A bank or other reputable organization will never ask for your password, PINs or authentication codes via email, phone call or SMS.

Setting a strong password

  • Use a combination of alpha numeric and special Characters.
  • Avoid using dictionary words – too easy to crack.
  • Don’t use common passwords e.g. Password or 123456
  • Personal and business passwords should be different

If someone else discovers your password- change it!

Bond Trust takes cyber security very seriously. All our staff have received training and remain vigilant to potential threat. We are fully protected through the use of anti-virus software and firewalls