Cybersecurity Awareness Month Lessons Learned: Out of Bounds Communication



When staying safe online, it’s important not to go “out of bounds” for communication. Simply put, going out of bounds could mean a recipe for how your users could fall victim to a phishing attack. For example, if you or your users are buying something on eBay, stick to eBay for bidding, negotiating, and payment.

Because it's Cybersecurity Awareness Month, I wanted to also share a quick video explaining why it's so important to stay in bounds and what can happen if you don't: 

 

Criminals and scammers want nothing more than to take communications with your users out of bounds. The reason for this is because going out of bounds strips away any protection the platform is offering. 

Let’s look at our eBay example. eBay holds a lot of personal information such as your name, address, phone number, email address, your browsing history -- and through PayPal, it also has bank account information.

However, all of that information is shielded from other parties, and only the relevant information is revealed to them when it is necessary. Even then, certain information such as bank account or credit card number will always remain confidential. 

If the other party reneges on a deal, or sends the wrong goods, or there is any other form of dispute, then eBay offers a certain amount of protection and can help refund or block any further communications.

ebay paypal out of bounds communications

Consider this when compared to going out of bounds when the bad guys attempt to communicate with your users. All the protections have been removed, so not only does the other party need access to your user’s details to proceed with any transaction, they can send malicious links through other channels, resulting in your users to be phished. And if there is a dispute, there is no arbitration available. 

out of bounds no protection example

It can be tempting to go out of bounds, after all, sometimes the platform takes a commission from each sale, and you may want to avoid that. But is saving a few pence really worth potentially losing a lot more to a fraudulent transaction?

But this isn’t just restricted to commercial transactions. We see this kind of activity occur in the corporate world all the time. Sometimes it’s just a colleague asking for a favour and asking for something to be done without going through the trouble of raising a ticket with IT. While this can be an innocent request, if it is a criminal, then there is no audit of where the request originated from, and why it occurred. 

Processes and official communication channels are often put in place for a reason, and staying within the confines of those channels offers protection for all parties involved. 

Therefore, at all times, it’s important for your users to stay within the bounds and don’t use unauthorized channels, regardless of whether that’s to buy or sell something online or to interact with your colleagues in the office.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews