Skip to content
Skip to main content
header search
ahihi OpenLearn
OpenLearn
Menu
sticky search

About this free course

Become an OU student

Share this free course

Course content Course content
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

More free courses

1.3 Cyber security attacks and phishing

This section is part of the amber and green pathways.

Download this video clip.Video player: ou_futurelearn_cyber_security_vid_1046.mp4
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript

Transcript

CORY DOCTOROW
So there was a time that I actually got phished. I was successfully attacked over the internet. And it really illuminated the fact that security depends on you never making any mistakes, and attacking depends on finding one person who can make a mistake.
So the way that happened was the night before, I'd reinstalled the operating system on my phone, and so every time I logged into a service that normally I'd have a password stored on my phone for, it was prompting me to reenter my password, because I had a new operating system. And also, I had a new browser, and the browser hid part of the URL of the website I was looking at. So that made things bad, too.
I went to the coffee shop after dropping off our daughter at school with my wife, and she sat down to read the free sheet and I stood in the queue, and I fired up Twitter and there was a direct message from a friend of mine that said, was this you? And a URL. And the day before, I had also published a bunch of newspaper editorials, so I was getting a lot of emails and direct messages, saying oh, I saw that, or how was this, or whatever. And so it seemed kind of plausible. And I clicked on it, and it prompted me for my password. And it brought me to a Twitter login screen and prompted me for a password, which was normal. Everything was prompting me for it. It looked like I was visiting Twitter dot com, because of the way the browser was displaying, and I entered it in.
And then I got three more DMs from other people saying, is this you? And I was like, oooh, they've all been infected by something that presumably I've just been infected by, too. And if nothing else, I just entered my password into this.
The consequences, thankfully, were pretty light, because it happened immediately, and I had good password hygiene that I didn't recycle passwords across services. So I immediately sat down in the cafe, cancelled all my morning meetings, and changed that password and went through and made sure everything looked OK and then ended up blowing out the operating system on that phone and reinstalling it. Luckily, the consequences were pretty slight and nothing bad happened to me apart from losing that morning and feeling like an idiot.
End transcript
Download
 
Interactive feature not available in single page view (see it in standard view).
This bar chart shows the percentages of businesses and charities that have identified a breach of attack in the last 12 months.
Figure 7 Types of attack/breach identified by organisations
Show description|Hide description

This bar chart shows the percentages of businesses and charities that have identified a breach of attack in the last 12 months. A footnote explains that the data is based on 748 business and 134 charities. The types of attack and percentages are as follows: Fraudulent emails or being directed to fraudulent websites – businesses 86%, charities 85%; Others impersonating organisation in emails or online – businesses 26%, charities 39%; Viruses, spyware or malware – businesses 16%, charities 22%; Hacking or attempted hacking of online bank accounts – businesses 9%, charities 10%; Ransomware – businesses 8%, charities 10%; Unauthorised use of computers, networks or servers by outsiders – businesses 6%, charities 8%; Unauthorised use of computers, networks or servers by staff – businesses 3%, charities 6%; Any other breaches or attacks – businesses 5%, charities 6%.

Figure 7 Types of attack/breach identified by organisations

The nature of cyber attacks has changed since 2017 (see Figure 5). Over this period, there has been a rise in businesses experiencing phishing attacks (from 72% to 86%), a fall in viruses or other malware (from 33% to 16%), and a fall in ransomware (from 17% to 8%) (DCMS, 2020). Let’s now look a little into what phishing is.

Phishing

It may be surprising that many cyber security breaches do not result from technical failures. In fact, it is commonplace for attackers to exploit the goodwill and trust of people to gain access to systems, using a form of attack that is known as ‘social engineering’. Pretending to be technical support personnel or crafting emails that ask for usernames and passwords are common forms of social engineering attacks. You may have heard the term ‘phishing’ used to describe these kinds of emails. Phishing is a form of social engineering. In the video, course guide Cory explains how it happened to him.

In the next section you’ll find out about three high profile cyber security breaches.