What It Is:
- A data breach is the intentional or unintentional release of secure information to an unauthorized party or environment. Data breaches are typically targeted jobs by criminals, but sometimes occur when a computer, mobile device, USB key, or other device with sensitive information is inadvertently lost or stolen.
How It Works:
- In a data breach, hackers break into a corporate or personal network by exploiting system vulnerabilities, using an illicitly obtained password, targeted malware, or the recovery of lost or stolen hardware. Exposed data stored on unprotected systems is immediately accessed. The data is then sent back to the hacker team, usually wrapped in encrypted data packets or zipped files with password protection.
What It Is:
- The term "phishing" is a derivative of "fishing" and alludes to the use of "bait" to "catch" personally identifiable information. In a phishing attack, a cybercriminal sends a link (either via email, instant message or in a posting on a social networking site or comment thread) to a seemingly legitimate site that asks users to submit personal information, such as account passwords, banking details, credit card numbers or social security numbers.
How It Works:
- Phishing takes advantage of Internet users by masquerading as a legitimate website that requests the victim to enter personally identifiable information. These "spoofed" sites frequently mimic the legitimate sites down to their font size and graphics. They take advantage of users who may not be paying close attention or who are unfamiliar with legitimate protocol of websites that deal with sensitive information. When the user enters their personal information, cybercriminals collect the data and either use it for their own purposes or sell it on the underground market.
What You Can Do To Stay Safe:
- Know the online policies of any provider you have an online account for. Banks, credit providers and other services will never ask you to confirm your personal details via an email.
- Make sure the Web address of the site linked in the message corresponds to the name of the company that the message purports to be from. For example, the website "MyGoodBank.com" is not the same as "My.Gud.Banke.ru.us/net."
- Check the message or email for spelling and grammar mistakes or other indications that it was not written by a professional. Such traits are hallmarks of phishing emails.
- Never click on a link within an email, IM or social networking site. Instead, re-type the address into your browser.
- Make sure your security software includes anti-phishing and identity protection features, and is always up-to-date.
- Do not dial the numbers or click on the links contained in related notifications. Visit the main website and get contact information from the site directly.
0 Pending Comments