Social engineering is when someone uses a compelling story, authority, or other means to convince someone to hand over sensitive information such as usernames and passwords.
Scareware is another type of social engineering ploy that displays a pop-up alert that attempts to create a sense of urgency and panic by notifying the user that viruses have infected their computer or has been hacked.
The consequences can vary from having sensitive data stolen from the user’s machine, preventing access to certain files, shifting the social engineering tactic to ransomware, or coercing the user into providing credit card payment information to authorize fraudulent transactions.
[12] It is a popular attack that attempts to trick users into clicking a link within an email or on a website in hopes that they divulge sensitive information.
Its deployment can range from a bulk automated process, such as accessing the address book of a past victim and sending simple phishing attacks to their contacts (thus appearing to come from a recognized past contact), to more sophisticatedly hand-written communications to target specific recipients.
Internet of Things (IoT) based attacks are a form of cyber threat in the 21st century and beyond that leverage vulnerabilities in the embedded devices found in, i.e., cars, refrigerators, and smart speakers or digital assistants.
[19][20][21][22] These threats can include data theft, sabotage, fraud, or espionage, posing significant risks due to the insider's knowledge and access.
Security end user awareness guidelines include device scans for malware and updating the anti-malware application definitions.
Permissions and who can access data, which includes file sharing via email attachments, are additional safeguards that could be discussed.
Security awareness guidelines include encryption, protecting the system with a password, PIN, or multi-factor authentication, and other forms of credential.
Additional awareness tips include end-users downloading, installing, and reviewing applications and the requested permissions from unknown sources.
[24] Internet of Things Security: are remotely controlled capable, resource constrained devices with embedded sensor chips that interact with people and objects to collect data and provide it to remote sources on the Internet for additional analysis in an effort to personalize and customize a user's experience.
The goal of such a month is to increase awareness of the most common cybersecurity threats and adopt basic practices conducive to their prevention.
This initiative was built upon the collaboration of the private and public sectors in an exchange of expertise, with the intent of creating a safer digital world.
Their focus includes educating organizations on multifactor authentication, updating software, recognizing phishing, and checking privacy settings.
[36] This annual event, celebrated every October since 2004, is part of a collaborative effort to provide resources and raise awareness about cybersecurity, thereby increasing national resilience against cyber incidents.
[36] The nature of cybersecurity awareness training suggests it's an ongoing process,[37] primarily because threat vectors— or methods and paths by which hackers attack systems— constantly evolve.
This perspective aligns with the understanding that as long as technology advances and integrates more deeply into everyday life, the need for up-to-date cybersecurity awareness and training will remain critical.