
Guide to AI-Driven Cyber Threats and Online Security
The vast majority of cyber attacks start with a phishing email. However, they also come via digital messages such as SMS or WhatsApp, messages on social media platforms, and phone calls. These phishing attempts often contain attachments with dangerous malware, including those exploiting zero-day vulnerabilities, or links to cyber threats disguised in Newly Registered Domains (NRDs). Threat actors frequently use NRDs to launch malicious campaigns.
This makes securing digital communication services critically important, as they remain some of the primary tools for cyber criminals to exploit.
Important Note: The recommendations provided here are only a few measures among many solutions to protect against cyber threats. For a more comprehensive understanding of cybersecurity, we recommend watching this video: Overview of Cybersecurity.
Table of Contents
Security Measures for Businesses and Personal Use
Security, including email security, should be implemented using multiple layers of protection. Relying on a single solution is not sufficient. For businesses, it is essential to confirm that your organisation uses:
- SPF, DKIM, and DMARC: These protocols help verify the authenticity of emails. DMARC should be configured with the reject option for maximum protection.
- MTA-STS Validation: Ensures secure email transmissions.
Additionally, having a third-party cloud-to-cloud backup for your data is vital. Consider our enterprise solution: Backup and Recovery Solution for Office 365 and Google Workspace. This is a cost-effective way to safeguard your organisation's data in case of an incident and incentivizes having a Plan B in place.
For personal services such as email accounts, phone calls, SMS, WhatsApp, and other social media communications, maintain good security hygiene by:
-
- Using strong, unique passwords.
-
- Enabling multi-factor authentication.
-
- Adopting a zero-trust approach by treating all communications with caution.
While these practices may seem tedious and time-consuming, prevention is far more manageable than dealing with the consequences of a security breach.
Common Scam Tactics
- Urgency and Pressure: Scammers often push you to act quickly, using phrases like “urgent” or “act now” to create panic. For example, a phishing email might say, "Your account will be deactivated in 24 hours unless you click this link."
The FBI warns that emails stressing urgency or the need to “act fast”, unless from someone you undeniably know and trust; should be avoided. Microsoft and Google echo this advice, urging caution with emails claiming you must click, call, or open an attachment immediately.
- Exploiting Current Events: Criminals often use disasters or high-profile events, such as fires, floods, or charity appeals, to trick people into donating money or sharing personal information.
- Impersonating Trusted Brands: Fraudsters use AI to mimic the language, tone, and appearance of well-known companies, making their scams appear legitimate.
How to Spot and Avoid Scams
- Be Suspicious of Unsolicited Messages and Cold Calls: Treat unsolicited messages or calls asking for personal information or money with caution.
- Do Not Click Links or Open Attachments: Avoid clicking links or opening attachments in unsolicited communications.
- Never Call Phone Numbers in Suspicious Messages: Always verify the contact information independently.
- Check for Subtle Changes: Scammers often use slight alterations to email addresses, website URLs, or spelling to trick you.
- Use Secure Payment Methods: Avoid transferring money through prepaid cards or direct bank transfers. Use credit cards or secure payment platforms instead.
- Enable Two-Factor Authentication: Protect your accounts by enabling two-factor or multi-factor authentication wherever possible.
- Limit Personal Information Sharing: Be mindful of the details you share online, such as your birthday, pet names, or school, as scammers can use this information to guess passwords or security answers.
Strengthening Digital Communication Security
Digital communication services remain major targets for cyber attacks. Businesses should:
- Implement multi-layer security strategies.
- Ensure secure email protocols like SPF, DKIM, and DMARC are in place.
- Invest in cloud-based backup solutions to protect your Microsoft 365 emails, SharePoint, OneDrive, and Teams data, or your similar data from Google Workspace.
Additional Advice
Fraud is a significant issue, stay informed by:
- Verifying the legitimacy of crowdfunding appeals.
- Looking for verified campaigns for disaster relief donations.
- Contacting organisations directly for any suspicious messages.
Glossary of Technical Terms
-
- DKIM (DomainKeys Identified Mail): An email security standard that ensures messages are not altered in transit.
-
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): A protocol that builds on SPF and DKIM to protect email domains from being used in attacks.
-
- MTA-STS (Mail Transfer Agent Strict Transport Security): A protocol that ensures secure email delivery.
-
- Newly Registered Domains (NRDs): Recently created website domains often used by scammers to host malicious content.
-
- Phishing: Fraudulent attempts to obtain sensitive information by impersonating trustworthy entities.
-
- SPF (Sender Policy Framework): An email authentication method to prevent spammers from sending messages on behalf of your domain.
-
- Zero-Day Vulnerabilities: Security flaws exploited before a developer provides a fix.
References and Further Information
Reach Out to Evening Computing
Let us help you optimize your IT infrastructure. Schedule a free consultation with our experts today!
Phone: 07815 105782 or 020 7101 1160
Email: [email protected]