How to Protect Yourself and Stay Safe Online
Cybercrime has become more profitable than the drug trade (Fortune, 2020). That is a pretty profound statement to take in. In our society, the mental image of drug cartels and drug dealers brings to mind images of endless money, power and fear. To consider that criminals are now an abstract idea of a hacker in some far corner of the world does not have the same imagery or emotional response, but the threat is ever so much more real.
Cybercrime has become more profitable than the drug trade
Our society is rapidly changing, and technology is forcing this change at an even faster rate. In 2019, there were an estimated 4.4 billion active internet users. With the upcoming emergence of 5G wireless technology, Ericson projects that over 65% of the world population will have access to the internet (Taylor C., 2019). Crime happens when motivation meets opportunity. When we also factor in the crime opportunity theory (Wikipedia 2020) that offenders make rational choices and thus choose targets that offer a high reward with little effort and risk, it makes sense why criminals are now turning to cybercrime. They can target large groups of people with minimal effort, with virtually no risk, and the potential for large rewards.
The unfortunate reality is that criminals are typically ahead of the curve in exploiting vulnerabilities and finding new opportunities. Governments and law enforcement cannot adapt as quickly as the criminals. The good news is that with some information and awareness, we can significantly reduce the likelihood of you falling victim to cybercrimes. In this article, we will look at the common type of cybercrimes and how you can protect yourself.
What are the most common types of cybercrimes?
There are many different types of cybercrime, too many for us to cover in this article. We will explore the most common types of attacks that you are likely to encounter in your everyday life:
- Phishing
- Identity Theft
- Social Engineering
- Hacking
- Malware
- Scams
Using a unique password for all your services is an important practice in keeping safe online. Password managers are an important tool in securely storing and managing your passwords. You can learn more about password managers here.
Phishing
Phishing attacks are when criminals will send a form of electronic communication, typically an email, text or other type of message, that contains malicious URLs (links) or file attachments to obtain information or access to your accounts. A common approach used in this type of attack is to ask you to update your password or account information by clicking a link or downloading an attachment.
Identity Theft
Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name, and perhaps to the other person's disadvantage or loss (Wikipedia, 2018).
Social Engineering
Social Engineering is a technique used by criminals to obtain information or access to a system by utilizing a psychological manipulation. Many of these attacks will seem to come from a credible source; a friend, colleague or service. This type of attack is targeted. The criminal has done research into the company to make the communication look and feel like it is a real message.
Hacking
Hacking is a broad term, but generally refers to a criminal looking to gain unauthorized access to a computer system, network or other resource. There are endless possibilities as to the motivation of a criminal, but common reasons include: to steal information/data, identity theft, to use the compromised system as means to obtain unauthorized access to resources and also as a means
Malware
Malware, or "malicious software," is an umbrella term that describes any malicious program or code that is harmful to systems. Hostile, intrusive, and intentionally nasty malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device's operations. Like the human flu, it interferes with normal functioning (Malwarebytes, 2020).
Scams
A scam is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person (Hope, C, 2020). Common techniques used by criminals for online scams are in the form of ads, emails or other messages.
How do I protect myself from the most common types of cybercrimes?
Now that we've learned what the most common attacks are, let's look at what actions you can take to protect yourself and minimize the risk and likelihood of you falling victim to one of these crimes.
Phishing
Awareness is half the battle when protecting yourself against a phishing attack. Any time you receive an unsolicited email, message or notification of any kind asking you to click a link or download an attachment, reply with information or even to call a number, you should follow these steps:
- Check the full email address.
- Does it look weird, off or not from the company or person they are claiming to be?
- Hover over any links in the email, but DO NOT CLICK.
- Does it look weird, off or not from the company or person they are claiming to be?
- Do not reply to the message directly.
- Do not call any number listed in the email.
- Open your web browser and navigate to the service's website directly.
- Login to check for messages or get the number directly from their website.
Identity Theft
Identity theft can take many forms. You need to take proactive steps both online and offline. Follow these steps to reduce your risk of identity theft:
- Use strong passwords, and a unique password for each service/account. You can read more about password best practices in our blog post here.
- Be vigilant and only provide your social security number online when necessary.
- In general, it is also a good idea to limit how much information you are sharing online. Even "private" profiles, such as facebook can be leaked and provide more information to criminals then you realize. Many social services have a security review tool; utilize this tool every so often to ensure new features of the service are not leaving you vulnerable.
- Check for a secure connection. Most browsers have a lock icon near where you would type in a web address. You can click this icon at any time to review and verify that your connection is secure and valid.
- Use passwords on all your devices.
- Disable bluetooth when not using it. Many stores and even smart devices in your home are using beacons to derive and track you.
- Be sure to shred mail, letters and documents.
- Be sure to monitor your "snail" mail. If you are missing items, it can be a sign that your identity could be compromised
- Check your credit reports at least once a year.
- Monitor your finances, bank statements and credit cards.
- Cover the pinpad at the ATM and other terminals where you need to enter a private pin or access code.
- Treat public Wifi as an insecure network. Not knowing the security practices in place and just the public nature of this open connection, you can not be sure who is listening and capturing your data going over the network. Avoid logging into sites that could provide a criminal with your login information and potential sensitive information. If you have access to a hotspot on your phone or other device, use it, as it is a much more secure means to access the internet in public places.
If you believe your identity has been stolen:
- File a report with the Federal Trade Commission (https://www.consumer.ftc.gov).
- Contact your local authorities.
- Contact the IRS.
- Freeze your credit.
- Change all your passwords, on all desktop, mobile, tablets or any other devices your own.
- Change your password for all online services including but not limited to: social media, banks, financial services, work accounts.
- Contact your bank, credit cards and other financial institutions.
Social Engineering
Protecting yourself from social engineering follows a similar path to protecting yourself from phishing.
- Check the full email address.
- Does it look weird, off or not from the company or person they are claiming to be?
- Hover over any links in the email, but DO NOT CLICK.
- Does it look weird, off or not from the company or person they are claiming to be?
- Do not reply to the message directly.
- Do not call any number listed in the email.
- Open your web browser and navigate to the service's website directly.
- Login to check for messages or get the number directly from their website.
The biggest difference between general phishing attacks and a social engineering attack is that it is much more targeted, specific and will seem like it is coming from someone you know. Follow these additional step when you "feel" that you might be under a social engineering attack:
- Does the information or action being requested of you seem off?
- Does the tone, vocabulary, or general feel of the email seem off?
- Is the signature and footer of the sender correct?
- Many times the criminal will get the footer images and information almost correct. You can compare with other emails from the valid sender
Pro tip: Have a rotation of a word or phrase that is only known by those in your organization. These can be added to emails to help identify valid emails where the information in the message could be misinterpreted.
Hacking / Malware
To protect yourself from hacking attempts and malware follow these guidelines:
- Keep your operating systems and software up-to-date.
- Always use strong passwords.
- Be judicious of what software you allow to be installed on your computer.
- Chose to install programs from trusted sources such as the App Store (Apple devices), Microsoft Store (Windows devices), Google Play (Google/Android) over programs that you download directly from a website.
- If you need to download directly from a website, be sure to do a thorough search for consumer reviews of application and company name.
- Use antivirus software.
- Be sure to enable a firewall on your computer or network.
- Watch for prompts from your operating system when installing a program; read what access the application is asking for.
- If you are unsure, do a web search to check what others are saying about this topic to evaluate if the requested level of permissions are necessary. In general, it is best to deny and re-open the access level at a later date if needed.
- Ensure the security of your network.
- In work environments, your IT department will take care of this.
- For home, you can call your internet service provider (ISP) to ask them to do a security check and ensure best practices are being followed.
- The common items are:
- Make sure the administrator account on your router and modem (setups vary, could be one or more devices) has a non-factory username and password.
- Use a strong password to access your wifi network.
- Install router updates as they become available.
- Delete any emails that you deem suspicious.
- Follow the steps outlined above.
- Use multifactor authentication wherever possible.
- Utilize account alert notifications wherever possible.
If you believe you have been hacked:
- Disconnect your device from the internet
- Unplug the network cable
- Turn off your wifi connection
- Let others know
- Contact your IT department
- Let friends and family know to watch for any type of suspicious activity or messages coming from you
- Monitor your financial and other accounts online
- Have a forensic analysis conducted on your compromised device
- It is best to take your device to a technical friend, family member or local shop
- Avoid online technical resources; it is best to physically take the device for service
- On confirmation of being hacked, notify the authorities
- After your machine has been repaired, or from another device
- Begin to change your passwords.
Scams
Scam is another umbrella term that encompasses many different attack types. We covered a variety of the most common tactics criminals use and how to protect yourself, but we need to briefly discuss some other general tips to protect yourself from other current and future scams not discussed here. The Federal Trade Commission provides a 10 item list on how you can avoid scams and fraud (consumer.ftc.gov, 2018):
- Spot imposters. Scammers often pretend to be someone you trust, like a government official, a family member, a charity, or a company you do business with. Don't send money or give out personal information in response to an unexpected request ? whether it comes as a text, a phone call, or an email.
- Do online searches. Type a company or product name into your favorite search engine with words like "review," "complaint" or "scam." Or search for a phrase that describes your situation, like "IRS call." You can even search for phone numbers to see if other people have reported them as scams.
- Don't believe your caller ID. Technology makes it easy for scammers to fake caller ID information, so the name and number you see aren't always real. If someone calls asking for money or personal information, hang up. If you think the caller might be telling the truth, call back to a number you know is genuine.
- Don't pay upfront for a promise. Someone might ask you to pay in advance for things like debt relief, credit and loan offers, mortgage assistance, or a job. They might even say you've won a prize, but first you have to pay taxes or fees. If you do, they will probably take the money and disappear.
- Consider how you pay. Credit cards have significant fraud protection built in, but some payment methods don't. Wiring money through services like Western Union or MoneyGram is risky because it's nearly impossible to get your money back. That's also true for reloadable cards (like MoneyPak or Reloadit) and gift cards (like iTunes or Google Play). Government offices and honest companies won't require you to use these payment methods.
- Talk to someone. Before you give up your money or personal information, talk to someone you trust. Con artists want you to make decisions in a hurry. They might even threaten you. Slow down, check out the story, do an online search, consult an expert ? or just tell a friend.
- Hang up on robocalls. If you answer the phone and hear a recorded sales pitch, hang up and report it to the FTC. These calls are illegal, and often the products are bogus. Don't press 1 to speak to a person or to be taken off the list. That could lead to more calls.
- Be skeptical about free trial offers. Some companies use free trials to sign you up for products and bill you every month until you cancel. Before you agree to a free trial, research the company and read the cancellation policy. And always review your monthly statements for charges you don't recognize.
- Don't deposit a check and wire money back. By law, banks must make funds from deposited checks available within days, but uncovering a fake check can take weeks. If a check you deposit turns out to be a fake, you're responsible for repaying the bank.
- Sign up for free scam alerts from the FTC at ftc.gov/scams. Get the latest tips and advice about scams sent right to your inbox.
How cyber attacks became more profitable than the drug trade. (2020). Fortune. Retrieved 2 April 2020, from https://fortune.com/2015/05/01/how-cyber-attacks-became-more-profitable-than-the-drug-trade/
Taylor, C. (2019). 5G coverage will span two thirds of the global population in 6 years, Ericsson predicts. CNBC. From: https://www.cnbc.com/2019/11/25/5g-will-span-two-thirds-of-global-population-in-6-years-ericsson-says.html
Identity theft. (2018). En.wikipedia.org. Retrieved 3 April 2020, from https://en.wikipedia.org/wiki/Identity_theft
What is Malware?. (2020). Malwarebytes. Retrieved 3 April 2020, from https://www.malwarebytes.com/malware/
Definitions, S., & Hope, C. (2020). What is a Scam?. Computerhope.com. Retrieved 3 April 2020, from https://www.computerhope.com/jargon/s/scam.htm
10 Things You Can Do to Avoid Fraud. (2018). Consumer Information. Retrieved 6 April 2020, from https://www.consumer.ftc.gov/articles/0060-10-things-you-can-do-avoid-fraud