The internet plays an integral role in nearly every aspect of daily life. We live in a global village that is connected in ways unimaginable a few short decades ago.
However, this connectivity has given birth to a new breed of criminal - the cybercriminal - who use the internet to ply their trade. A 'pre-internet' criminal ventured out into the world to commit their crimes. Now they are able to remain stationary and, in effect, let victims come to them ... en masse. In the process, the personal information and money of millions can be accessed with a few strokes of a keyboard.
Famously, one band of cyber thieves stole in excess of $2 billion and announced their retirement via a farewell statement, part of which read: "We are a living proof that you can do evil and get off scot-free. We are getting a well-deserved retirement."
Cybercriminals thrive on the naivety - ignorance, even - of internet users and their lack of knowledge regarding the scope and scale of cybercrime, or the tactics used.
One such tactic - the 'brute force attack' - uses massive combinations of usernames and passwords to attack accounts until one works. Despite more and more stories about the perils of cyber-attacks, more than 30 million accounts around the world still use the passwords "123456" and "123456789". This can only lead one to believe that many - MANY - take the "it won't happen to me" approach when it comes to cybersecurity (those 'easy', 'moderate' and 'hard' ratings when you submit a password are there for a reason).
It's naivety like this that keep the cyber criminals coming back because, even though they have to put in some effort to reap the reward, we make the job easier for them.
And when it comes to making the job easier, sharing the troves of information about ourselves online, usually via social media, works wonderfully for cyber criminals.
This info may include such things as name, date of birth, where you've worked, studied and lived; your relationship status, phone number and website; bank account details, credit card numbers, driver's licence and passport details. Unknowingly, for many, this information amounts to their 'online identity' and even some of this is enough for a baddie to hijack someone's identity.
SOCIAL MEDIA
Social media has integrated into our lives to the point where it's now an extension of who we are. It's become a mouthpiece through which we converse with the outside world ... and this world can also peer into not only our lives but those of our family and friends.
Something as commonplace as leaving a birthday message on a friend's social media page can have unintended consequences. If your page is set to "public", anyone can access your friend's name, date of birth, and location. This amounts to enough information to 'become' them.
If someone's online identity is compromised, all manner of damage can be done, including accessing bank and credit card accounts, redirecting mail, and fraudulently obtaining such things as government benefits.
Cybercriminals can even obtain your full name and use it to guess your email address. If obtained, a phishing email containing malware can be sent to it which, if opened, is able to penetrate your device/s and collect all sorts of data.
No matter how good your cyber security is, cyber criminals are always finding new ways to get around defences. However, there are ways you can make it harder for anyone with 'intent', including adjusting your social media privacy settings to keep your information, and that of others, safe:
- Set your page or profile to private
- Limit who can see your contact and bio information and what you share
- Disable location sharing
- Don't accept 'friend' requests from strangers
- Share your photos and posts with people you know and trust
Social media aside, cybercriminals have other ways to trick you into giving them your personal information.
'REPUTABLE' ORGANISATIONS AND PUBLIC WI-FI
We trust not only people we know but also well-known and reputable organizations. Cybcercriminals know this and use it to their advantage as a means of obtaining your information. In the case of COVID-19, emails containing malware have been sent from fake accounts purporting to be, among others, those of the World Health Organization and the US Centers for Disease Control. Cyber-crims have even imitiated legitimate FBI websites in an effort to trick people in an effort to gather credentials.
Many businesses advertise that they will never ask you to update or confirm your details via links in messages, and that you should log into the organization’s official website ... so beware of any official-looking websites that do otherwise.
In this increasingly cashless society, using credit card details online is the norm. However, websites you're unfamiliar with that ask for not only credit card details but an excessive amount of personal information should always be viewed with caution. It's best to treat online transactions with a healthy level of paranoia and check your accounts regularly to see if there is anything suspicious going on.
If this is starting to sound a bit daunting, the bad news is there's more to watch out for.
For those of you who love piggy-backing free Wi-Fi, this is akin to leaving home with the front door wide open and all your 'goodies' sitting in the entrance hall. In fact, you might as well put up a big, flashing "HELP YOURSELF" neon sign out the front, just to make sure. It goes without saying that doing something personal online, such as banking, should be avoided at all times. Use your own personal data when you're out and about. It may dig into your monthly quota, and you may even end up going over your limit and paying a little more. However, the consequences otherwise could cost you a lot more.
If you do need to use public Wi-Fi, lessen your chances of something bad happening and turn off your file-sharing apps (including AirDrop). And before typing in sensitive info such as your credit card number or a password, look at the webste URL for a lock symbol. This means the website is secure. Furthermore, make sure the address bar has just that - an address e.g. google.com. If there is a series of numbers e.g. 192.168.0.1, this is a major red flag indicating the site is fake.
PASSWORDS AND SOFTWARE
Other cautionary measures you can take include regularly checking your online account statements e.g. credit card, bank, telephone and internet, for unusual activity.
Where possible, make use of two-factor authentication. And don't have one, or a couple of passwords for everything. Use a mixture of symbols, numerals and upper / lower case text to make it difficult for anyone with ill-intent.
The fear and uncertainty surrounding COVID has seen a sharp rise in cyber attacks this year. Many of these have occurred via 'holes' (vulnerabilities) in software. These holes need to be patched, so take heed of updates and security patches.
Keeping across the many email alerts from each software vendor can be time-consuming, especially for businesses that use a multitude of software. However, one missed alert could let in a cyber attacker and the consequences (there's that word again!) could be expensive in both money and time ... use the one link below.
You may need to employ the services of a software security specialist. Some organisations offer vulnerability (CVE) alerts, but they come as part of a suite of products, many of which you won't need and / or can't afford.
SecAlerts, on the other hand, does one thing and does it well. It foregoes a suite of products and matches vulnerability (CVE) alerts to your software stack. Choose your software from a range of over 15,000 and receive one email alert - either weekly or hourly - telling you which CVEs affect your software, as well as the current versions of your software and cyber news relating to your stack.
