Companies believe they will suffer a breach in customer data next year.

Social engineering is a malicious practice that aims to obtain sensitive information, doing so through the manipulation of legitimate users so that they reveal it to the attacker.

Every day there are new companies that have been damaged through social engineering.

Learn about the most vulnerable asset types for your organization:

• Information.
• Instances or servers.
• Hardware or software.
• Processes.
• Customer or employee databases.

Care! The most frequent social engineering strategies are:

1. Spear phishing

It is related to phishing, although this method is a bit more complex. It is a campaign aimed at employees of a particular company, from which cybercriminals want to steal confidential data.

1. Phishing

It is a very old method that is still used today to deceive users, sending spam emails in order to obtain any type of data or confidential information such as; usernames, passwords, access keys and passwords, among others.

1. Vishing

It is carried out by telephone. The attacker pretends to be a trusted employee, requesting confidential data: passwords, customer account access, systems, names of databases, instances and/or servers, among others.

What to do to prevent or in case of a possible attack?

• Raise awareness among users on social engineering issues.
• Phishing and Vishing tests.
• Report any spam email to a security officer in order to avoid any risk or threat within your organization.
• Avoid entering data into insecure Web sites or portals.
• Be cautious in links that arrive by message or email.

Do you have questions or would you like to learn more?

At Itera we can provide you with consulting services and solutions.

Contact a specialist:

delfino.vazquez@iteraprocess.com

seguridad@iteraprocess.com

Malware (“MALICIOUS SOFTWARE”) is considered a type of harmful software intended to access a device inadvertently, without the user’s knowledge.

Types of malware include:
•Spyware
•Adware
•Phishing
•Virus
•Trojans
•Worms
• Rootkits
•Ransomware
• Browser hijackers.

Where the malware is coming from.

Malware accesses the user’s device through the internet, email, hacked websites, game demos, music files, toolbars, software, free subscriptions, or anything else you download from the internet on a device that is not protected with anti-malware software.

How to recognize malware.

A slow computer is a sign that your device might be infected with malware, as are pop-ups, spam, and frequent crashes. You can use a malware scanner to check if your device is infected.

How to remove malware.

The best way to get rid of malware is to use a reliable malware removal tool, such as the one you can find in good anti-malware software.

How to avoid malware.

• Use antivirus and antimalware software.
  • Do not open email attachments from unknown or unexpected sources.

Source: https://www.avast.com/es-es/c-malware

At Itera we can help you.
Contact a specialist: seguridad@iteraprocess.com

Phishing refers to sending emails that appear to come from trusted sources, but in reality aim to manipulate the recipient to steal sensitive information.

How Phishing Works

Most phishing attacks begin with receiving an email or direct message in which the sender impersonates a real company or other organization in order to trick the recipient. This email includes links to a website prepared by the criminals – which imitates that of the legitimate company – and in which the victim is invited to enter their personal data.

In this sense, there is a link between spam and phishing, as fraudulent emails are often sent en masse to multiply the number of potential victims of hackers. E-mail continues to be the most used means by cybercriminals for this type of fraud, phishing can use other means of communication: attempts via SMS (sometimes called smishing), VoIP (vishing) or instant messages on social networks are frequent.

How to recognize a phishing message

• It is rare for companies to ask for personal data via email.
  • Be cautious when carrying out operations from your smartphone.

How to Protect Yourself Against Phishing

• After reading the email, don’t click on any links. Carry out the necessary verifications, going directly from the browser’s URL.
  • Keep the computer with the latest updates of the operating system and web browser.
  • Have a professional antivirus
  • Enter your sensitive data only on secure websites.
  • Periodically review your accounts.

Source: https://www.pandasecurity.com/es/security-info/phishing/

At Itera we can help you.
Contact a specialist: seguridad@iteraprocess.com