Do you know how hackers attack?

Do you know how hackers attack?

The workplace has transformed rapidly over the past ten years, as enterprises look to take advantage of the emerging technologies. Increasingly, employers and employees alike are able to leverage modern communications platforms and cloud technology to greatly enhance productivity and collaboration.

As adoption of internet-based solutions increases, however, so does cybercrime. Almost half of UK businesses suffered an attack in the past year, with many experiencing cybersecurity-related issues at least once a week. Most employees are likely to have had some kind of security training, standard procedure for the majority of businesses now, but how many know exactly how hackers attack?

Psychological techniques used by hackers to infiltrate

With more companies using strong security solutions, attackers are shifting focus to exploiting workers, rather than network and system vulnerabilities. These so-called ‘people hackers’ use four main techniques to bypass critical thinking. Learning them can help you detect attacks before they do damage, reducing the risk of any human errors being made.

The most common psychological trick is quite simple: providing, or seeming to provide, something the victim needs. Many of us scoff at emails promising free products, but it can be much more crafty than that. Perhaps you’re at a conference when the Wi-Fi goes down. Before you know it, a backup network is up and running, but you’re prompted to enter your credentials again. This captive portal, purposefully launched by an attacker, could distribute malware or steal information from your device. The hacker has created the need and the solution, without arising suspicion.

Such attacks can be made more powerful if the attacker appears to be a person of authority. In recent years, there has been a rise in assailants that use information gathered about higher-level employees to impersonate them. From the victim’s perspective, it may look like their boss requesting an important document or credential. In reality, it could be an attacker posing as them. The further an attacker infiltrates a network, the easier such impersonation becomes.

Information gathering acquired through these methods also helps a hacker launch attacks during stressful periods, when logical thinking is compromised. When a deadline is looming and stress levels are high, employees are more likely to lose focus and download a document or open an attachment without thinking.

Finally, but crucially, hackers will try to divert your attention one way while performing an attack elsewhere. It could be as simple as an email from a “co-worker”, asking you to print and deliver a physical document to their desk, whilst your system is being compromised in the background.

Dealing with a suspicious email

Studies have revealed that around half of UK hacks are phishing scams via email. One in every 3,722 emails is a phishing attempt, and most of those make use of one or more of the psychological techniques above. With attackers getting more sophisticated, here’s how you can protect yourself properly:

  • Check the sender’s email address, especially when documents are involved. A hacker may use a familiar account to trick you.
  • Be wary of emails from colleagues that ask you to send credentials or documents. Always verify with them in person if you’re suspicious.
  • Pick up the phone if it’s payment related. Verify details with the sender for any purchase requested via email.

Naturally, adhering to the above as well as staying productive during stressful times can be difficult, but thankfully, there are solutions out there that do most of the heavy lifting. Mimecast Email Security scans all inbound emails in real-time to look for suspicious content and detect anomalies in sender addresses or email headers. These alerts are passed on to employees in their email client while attachments are scanned before they can be downloaded. If a user does click a suspicious link, it will open in an isolated browser to protect from malware and phishing attempts.

If you’d like to learn more about how Mimecast can keep you email-secure, give us a call.