Three main types of security attacks are phishing, scams and malware. They each work in different ways, harvesting sensitive data or installing destructive software on your systems. We describe each type of attack below, offering some suggestions to reduce any chinks in your armour.

What is it? Phishing generally comes in the form of an email that, at first glance, might be from a usually trustworthy source. Examples include emails from banks, PayPal or a TV streaming provider. These emails often feature a link that, when clicked on, asks for login/payment details. However, not all of these are legitimate.

What does it do? A phishing email (or text) is designed to gather customer, staff, login or payment details.

How do we avoid it?

• Be sceptical when receiving unsolicited emails - mainly if it's from a company you don't usually deal with 
• Look for:
• content that has unusual spelling and grammar
• low-quality logos
• a return email address that does not match the content.
• Check directly with the organisation claiming to have sent the email
• When receiving an email requiring action, only log into secure sites. Even if the email received looks legitimate, avoid the link by going directly to where you usually log in and check your messages. 
  

What is it?: Like phishing, these are attacks designed to gather information for financial or other gains. They can come via email or even in shared posts that suggest you will gain prizes for doing very little. 

For example: A recent trend in scam messages includes: Senders pretending to be a delivery company. They may ask for your address so they can deliver a package, which is information a legitimate company would already have.

What does it do? A scam email, text or campaign is designed to gather login or payment details.

How do we avoid it?

• Again, approach any unsolicited or unusual emails with a healthy dose of scepticism. If you don't know why you're receiving the email, it may be a scam.
• Ignore requests / communications from those you have no connection with
• Be wary of emails asking to establish a relationship or for financial assistance. This includes those emails in which the recipient must 'store' a large sum of money in their account.
• Be sceptical of competitions that have no direct connection to the company. For example: 'If company X sees this post, you will be in the running for free airline tickets/shopping vouchers/cash' campaigns on Facebook.
• Avoid giving any personal information to unverified callers. Some may pretend to be from a company you know, asking to renew a subscription, which most companies do automatically online.
  

What is it?: Malware is short for ‘malicious software’. It generally refers to any software designed to attack your systems.

What does it do? As the name suggests, malware can do some damage. It can crack passwords, work as a trojan horse to install fake software, spam you, perform data theft or spread to destroy complete systems. 

How do we avoid it?: 

• Invest in anti-viral software for extra protection
• Update your computer/phone software regularly; dated software can be more easily attacked
• Only file share when absolutely necessary
• Be careful about clicking on links - particularly in pop-up windows, downloading attachments or images.

Those involved in creating security attacks are becoming more and more efficient at what they do. Increasing your staff’s online awareness will reduce the likelihood of a cyber-attack. 

If you would like to discuss more complex methods, feel free to contact our security experts at: sales@citywatchsecurity.com.au