The Top Browser Threats

When end users venture out onto the Internet, it’s easy to get tangled up in the vast web of threats lurking on many website pages. Some of them are readily apparent, but others are well hidden.

Malvertising—a form of malicious code that distributes malware through online advertising—can be hidden within an ad, embedded on a website page, or bundled with software downloads. This type of threat can be displayed on any website, even those considered the most trustworthy. End users also need to beware of social media scams. Hackers have created a playground of virtual 0bstacles across all the major social media sites. According to an article in The Huffington

 Post, some of the most common Facebook hacks and attacks include click-jacking, phishing schemes, fake pages, rogue applications and the infamous and persistent Koobface worm, which gives attackers control of the victim's machine while replicating the attack to everyone on their Facebook contact list.

Just 43% of Twitter users could be classified as “true” users."
-According to CNET News.

Twitter isn’t immune to security issues either. Since the microblogging site is both a social network and a search engine, it poses extra problems. According to CNET News, just 43% of Twitter users could be classified as “true” users compared to the other 57%, which fell into a bucket of “questionable” users. Among the things to watch for on Twitter are direct messages that lead to phishing scams and shortened URLs that hide malicious intentions.

As for Web-based exploits, Internet websites are now the most commonly-used angles of attack, most often targeting software vulnerabilities or using exploits on the receiving client. This makes keeping up-to-date browsers paramount for all employees.

Website Browsing Best Practices for Employees

  • Be conservative with online downloads.
  • Beware of antivirus scams.
  • Interact only with well-known, reputable websites.
  • Confirm each site is the genuine site and not a fraudulent site.
  • Determine if the site utilizes SSL (Secure Sockets Layer), a security technology for establishing encrypted links between Web servers and browsers.
  • Don’t click links in emails—go to sites directly.
  • Use social media best practices.

Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
-According to the DBIR.

Want To Test And Train Employees On Phishing Attacks?

Ray Morgan Company runs email phishing exercises within organizations to best determine how prepared your staff are for these kinds of attacks. Our exercise will provide a report of phishing events and recommended “self-training” modules for your staff. Employee education is essential.

Exercise Overview

  1. All employee email addresses are targeted
  2. A baseline test is scheduled with reports going to the main contact to last 7 days.
  3. A link to download the training material or a USB stick is provided.
  4. A 45 day out follow up test out is scheduled.
  5. Daily Report and overview report is provided.
  6. Training is recommended 10-20 days after the baseline starts.
  7. 45 days later the next test triggers and associated reports are provided.
  8. Continue to use the training provided for future meeting topics. Your trained staff will reduce helpdesk calls and lower risk for infection.