Published on

Cybersecurity Breaches

Authors
  • Name
    Eche Ngbede
    Twitter

Introduction

Cybersecurity breach is defined as an illegal access into a computer system or network with the intent of stealing sensitive information, compromising data, or interfering with routine operations.

A security breach can occur through a variety of methods, including as hacking, malware, phishing campaigns, or exploiting weaknesses in software or systems. Security breaches can have serious implications, such as unauthorized disclosure of sensitive information, financial loss, reputational harm, and interruption of routine operations.

They can potentially endanger individuals by stealing sensitive personal information such as social security numbers and financial information.

Types of Cybersecurity Breaches:

Phishing, Pretexting, Tailgating, Shoulder Surfing, Identity Theft and Identity Fraud.

Cybersecurity Breaches for Government Employees

The Office of Personnel Management was breached in 2015, exposing the personal details of millions of Federal employees and contractors.

SolarWinds was breached in 2020, impacting the US Department of Commerce, Department of Homeland Security, National Institute of Health, and more. Read more

As you can see, simple hacks are used to create large breaches. This is why government workers must be aware of their cybersecurity practices.

PHISHING

Phising is a hack that frauds people into revealing personal information by sending them false emails or redirecting them to websites that seem trustworthy. Cybercriminals that utilize phishing schemes pose as legitimate:

Significant companies in the business banks and financial institutions, government offices, credit card companies, charity and non-profit organizations They're hunting for sensitive data like passwords and bank details. Phishing attacks take advantage of communication tools that people use every day and can happen in various ways: email, text messages, phone calls, or instant messages.

ATTACKERS CRAFT PHISHING MESSAGES TO CREATE A SENSE OF URGENCY OR FEAR.
Examples:

They ask for fast access to a person's bank account in order to distribute grand-prize prizes or investigate recent possibly fraudulent behavior.

They want quick philanthropic donations to assist victims of natural disasters.

They make threats to "expose" improper internet behavior or other alleged misconduct.

DID YOU KNOW?

  • Spam Phishing
  • Phishing attacks targeting many people at once.
  • Spear-phishing or Whaling
  • Phishing attack on a specific, high-value target, such as a celebrity, company executive, or top government official.

Features of a Phishing Scam

Request for immediate action and urgent offers
  • Claim that there's a problem with your account or password
  • Request to confirm your password or account information
  • Say that there's been suspicious activity on your account
  • Notify you of a failed or missed payment
  • Offer you a free coupon or gift, or say that you're eligible for a refund
Digital Communication (Email, Text, Messaging)
  • Generic information to the sender and from an unknown sender
  • Unrequested invoice or message attachment or invoice
  • Mismatched subject and contents
  • Spelling errors and basic punctuation mistakes
  • Similar characters for numbers and vice versa. For example, the number 1 instead of capital I
  • Ask you to click on a link or provide information for a new security update
  • A hyperlink to what seems to be a legitimate website
  • Virus warnings
Watch out for words and phrases such as:
  • We suspect unauthorized use or transactions on your account.
  • We will lock or close your account if you do not immediately confirm your identity.
  • Click the link to verify your account is not compromised.

Pretexting

Phishing focuses on fear and urgency, but pretexting is a form of manipulation to build false trust with victims.

Tailgating

Tailgating, also known as piggybacking, is a physical security violation as opposed to a digital one. Tailgating is the practice of physically or digitally following an authorized person into a zone with limited access.

An assailant may, for instance, pretend to be a delivery person and ask a worker who has just swiped their keycard to hold the door for them.

The victim's acceptance of the attacker's legal entry into the area is essential to the effectiveness of a tailgating assault.

Shoulder Surfing

A physical security breach known as shoulder surfing occurs when an attacker peeks over a victim's shoulder as they type passwords, credit card numbers, or other sensitive information.

Shoulder surfing can happen when using a computer in a public space or in open areas like ATMs. This straightforward yet powerful assault strategy has the potential to do serious harm, including identity theft and financial loss.

The following are just a few examples of shoulder-surfing tactics used by the attacker:

  • Observing your use of the automated teller machine (ATM) at the bank
  • When you give your credit card details over the phone or leave your credit card on the table to pay the bill at a restaurant, someone can listen in on your chat.
  • Intercepting or wilfully obtaining credit card mail solicitations with "pre-approval".

Identity Theft and Identity Fraud

When someone illegally gets and utilizes another person's personal information in some way that involves fraud or deceit, usually for financial advantage, it is referred to as identity theft or identity fraud.

The act of obtaining and using another person's personal information for one's own gain is known as identity theft.

The following information, but not only:

  • Name
  • Social Security number
  • Credit card details
  • Other sensitive information

Contrarily, fraud is the use of dishonest or deceitful means to defraud another person of their money or property.

For instance, fraud can be committed by exploiting someone else's personal data while committing identity theft. Examples include registering for credit cards, creating bank accounts, or taking out loans in the victim's name.

The worst cybercrimes include fraud and identity theft. They may result in irreparable harm and can have long-lasting, catastrophic effects on the people, organizations, and businesses impacted.

Hackers act swiftly to conceal an attack once an identity has been taken and take security measures to avoid being discovered. It is challenging to find and bring the criminal to justice as a result.

When hackers steal personally identifiable information, they can use it to carry out criminal acts. Common offenses consist of:

  • For financial gain
  • Catfishing—posing as someone else on social media
  • Abuse and harassment
  • Blackmail

Your capacity to prevent new actions from happening, limit the amount of data that hackers can access, and maybe enhance the ability to recover stolen goods will all be made possible by your awareness of cybersecurity. You may, for instance, get notifications about unusual activities and respond quickly in the event of an identity theft assault.

Think about the following tactics:

  • Enroll in services that prevent identity theft.
  • Your credit report should be frozen at Experian, Equifax, and TransUnion. Parents ought to think about blocking their young children's credit reports.
  • Daily mail collection or having mail delivered to a post office box that has been approved
  • Regularly review your bank and credit card statements.
  • Before throwing away documents containing personal information, shred them.
  • Make unique passwords for every account.
  • Yearly review credit reports
  • Install antivirus protection
  • Set up two-factor authentication for your accounts and devices.
  • Before giving, wipe out electronics.
  • Reject offers for pre-approved credit cards.