Recently, security researchers at Internet Security firm Sophos identified a new phishing scam aimed at deceiving fans of Wimbledon Tennis Championship. Internet users receive an e-mail, which reportedly appears to arrive from HSBC Bank. Attackers attempt to entice users to click on an ‘html attachment’ through a specially crafted e-mail. The e-mail claims that the recipient has won two free tickets for Wimbledon, along with a chance to interact with Tim Henman. When unwary users click on the html attachment, the page seeks confidential personal and financial information such as date of birth, Internet banking user ID, security number, credit card information, card expiration and security code. Attackers create a sense of urgency by asking users to submit the form the online form within three days to avail the opportunity. Many Internet users may not doubt the authenticity of the e-mail as the Bank is one of the sponsors of the Championship, and they did organize a competition to meet the retired tennis professional.
Phishing is one of the common methods used by cybercriminals to deceive Internet users and extract confidential personal and financial information. Cybercriminals are leveraging advancements in technology to launch sophisticated phishing attacks. As Internet users are now able to identify common phishing mails, phishers are devising new ways to make users fall prey to scam. They are making use of genuine events to defraud users. Social media sites such as Facebook, Twitter, MySpace, LinkedIn and Orkut have become popular among Internet users. Attackers may easily gain access to such information and launch phishing attacks on users. Phishers also attempt to seek information by using social engineering techniques such as impersonating legitimate users.
Negligence, lack of cyber security awareness, and risks involved in the cyberspace are some of the major reasons for successful phishing attacks. Attackers are increasingly targeting employees to gain access to privileged business information. As such, employees must be aware of different types of phishing attacks to ensure protection of sensitive information. The attitude of placing convenience over security also increases possibility of falling prey to malicious attacks. E-learning and online IT degree programs may help employees in understanding different types of social engineering threats and cyber security practices.
Internet users also tend to ignore security guidelines on safe usage of Internet, and regular software updates which make them vulnerable to sophisticated cyber threats. E-tutorials and online IT courses may help Internet users in understanding and implementing safe online computing practices. Regular adherence to security advisories, threat alerts, installation and regular update of security software is crucial to safeguard computer systems from malicious attacks. Internet users must be cautious while sharing personal information on social media sites and other online channels. Banks and financial institutions will never seek confidential financial information through e-mails. As such, Internet users must avoid revealing financial information through e-mail, and delete suspicious e-mails.
The growing menace of cybercrime has resulted in increased demand for professionals qualified in security certifications, computers forensics, and IT degree programs, master of security science, system administrators, and security analysts.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: [email protected]
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
