Enabled by the sharing culture on social media – and with ever more sophisticated malicious software known as malware at their disposal – cybercriminals have become far more adept at crafting attacks and targeting individuals and organizations. Phishing emails purporting to be from friends, often reflecting our interests – perhaps gleaned from social media sites – or from trusted organizations such as your bank encourages us to click on infected links or attachments containing malware.
Typically, these so-called “man-in-the-middle” attacks install colorfully named Trojans (pieces of malware, essentially) such as Zeus, SpyEye or Citadel on computers, which have the effect of compromising, for example, online banking transactions. “Everything you then do on your compromised laptop is subverted through a hacking site which means when you [communicate] with your bank, you are going through a man in the middle. Initially, man-in-the-middle attacks were passwords used in authentication – the criminal would wait until you had finished starting using the credentials they’d just gathered. This is why banks brought in one-time passwords or codes,” he says.
“But more recent malware will perform a man-in-the-middle attack to obtain the user’s session (a session is created after a user logs in successfully and the browser and the bank’s website use this to continue the interaction) and fake the logout requests. Once the user thinks they’ve logged out, the attacker can make payments using the existing session without the victim seeing any changes to their balance until the next time they log on. This is partly why banks have rolled out card readers to help prevent payments to new payees.” He adds: “It’s a constant game of cat and mouse.”
TWENTY COMMANDMENTS: THE DOS AND DON’TS OF ONLINE SAFETY
- Do not click the link you do not want to receive
Golden Rule The primary way criminals infect PCs with malware is to entice the user to click on the link or open the attachment. Integralis’ Sidaway said: “Sometimes phishing emails contain obvious spelling mistakes and grammatical mistakes that are easy to spot, but targeted attacks and good large-scale emails can almost be distinguished from real email.” Social media He has helped criminals analyze individuals and make them easier to locate, he added. “They can see what you are interested in or what you send, and send the information you’ve created, invite you to click on something, no.
- Use different passwords on different websites
Individuals typically have more than 100 online accounts, a trend that involves sharing one or two passwords between accounts or using very simple passwords such as their loved ones’ names, their first pet, or their favorite sports team. In fact, Ofcom’s survey last month showed that more than half of British adults (55%) use the same password to access most, if not all websites, and one quarter (26%) use birthdays or names as their password. Any word in the dictionary is easy to crack. Instead, Sian John, Symantec’s online security consultant, said there is an unforgettable phrase, or a favorite song or poem. For example: “Observer is a Sunday newspaper” becomes “toiasn”. Add numbers and special characters: “T0! Asn”. Now, for each site you sign in to, add the first letter and the last letter of the site to the beginning and end of the phrase, so Amazon’s password will be “AT0! Asnn.” At first, glance, can not guess. But for you, it is still memorable. “
- Never reuse your primary email password
Hackers who crack the main email password have the keys to your virtual kingdom. The passwords for other websites you visit can be reset from your primary email account. Criminals can browse your email and find the treasure trove of personal information: details from bank to passport, including your date of birth, all of which can make ID card fraud. It is estimated that identity theft costs nearly 2 billion pounds annually.
- Use antivirus software
AV-Test, the German Institute for Security Studies, found 49 million new malware in 2010, which means that anti-virus software makers are constantly playing the Mole game. Their reaction times are sometimes slow – American security firm Imperva tested 40 antivirus packages and found that the initial detection rate of the new virus was only 5%. Like flu viruses and vaccine design, it requires software designers to spend some time catching hackers. Last year, AV-Test released the results of a 22-month study of 27 different anti-virus software, including top-level software packages such as Bitdefender, Kaspersky, and F-Secure. In the meantime, security expert Brian Krebs published a study of 42 software packages that showed on average 25% of malware – so they are not the complete answer but one of the useful pieces.
- If in doubt, stop
Just socialize with people you do not know (like Facebook friends or LinkedIn connection requests). That’s the network that invites others who look at you at the bus stop to your home.
- Think before Twitter, and how to share information
Again, the main risk is ID fraud. Symantec Corp.’s John said trawling personal information is a modern day equivalent to “trash can diving,” in which case powerful thieves search for personal files through trash. “Many who learn to tear up bank statements and other documents will happily post the same information on social media, and once that information is available, you may not be able to control how others are being used.” She put forward a basic rule: “If you Do not want to stand in the corner of Hyde Park exit, do not put it on social media.
- If you have the “Wipe your phone” feature, you should make the settings
Features like Find My iPhone, Android Lost, or BlackBerry Protect let you purge all your personal data remotely if your device is lost or stolen. Derek Halliday of Lookout, a mobile security specialist, recommends: “Absolutely set it.” If your phone is gone, the wipe feature protects your information from falling into the wrong hands, and even if you do not have the foresight, many cell phone features can be erased In addition to the implementation of the facts. “
- Only shop online on secure sites
Before entering your card details, always ensure that the locked padlock or unbroken key symbol is showing in your browser, cautions industry advisory body Financial Fraud Action UK. Additionally, the beginning of the online retailer’s internet address will change from “HTTP” to “https” to indicate a connection is secure. Be wary of sites that change back to HTTP once you’ve logged on.
- Do not think the bank will give you back the money
Unless the customer can prove that the customer is “fraudulent” or “gross negligence”, the bank must return the customer if he or she is the victim of the fraud. However, like any fraud case, this issue is always personal. The pay committee spokesman, Michelle Whiteman, explained: “Interestingly, a former victim of phishing scams unwittingly provided fraudster with their account information and password Be refunded. “However, if they are harmed by the same fraud in the future, it is likely that future refunds will not be as straightforward as their banks educate them on how to stay safe. Under the payment service provider, the payment service provider proves that the customer is negligent and vice versa, credit card protection is provided under the Consumer Credit Act and provides similar protection.
- Ignore the pop-up window
Pop-ups may contain malware that can trick users into verifying something. Sidaway said: “[But if you do that], the download will be executed in the background and the malware will be installed.” This is what’s called a “go-through” download, where pop-ups are always ignored on e-commerce sites such as site surveys, because they are sometimes malicious code.
- Be wary of public Wi-Fi
Sian John of Symantec said most Wi-Fi hotspots do not encrypt messages and “clear” the information they transmit over the wireless network as soon as some data leaves the device for the network destination. “This means that any” packet sniffer “(a program that can intercept data) or a malicious individual sitting at a public destination can search for data transmitted over the Wi-Fi network through a piece of software, intercepting unencrypted The data you choose at public Wi-Fi internet banking, which is very sensitive to data, we recommend to use encryption [software], or just use public Wi-Fi data and you are happy to be public – this should not include ‘social network password’ “
- Run multiple email accounts
Think about your bank and other financial accounts, and the other for shopping and a social network. If an account is black, you will not find anything compromising. It can help you find phishing emails because if an email appears in your shopping account, that means your bank has appeared, for example, you will immediately know that this is a fake one.
- Mac is as fragile as PC
Do not be misunderstood, your shiny new MacBook Air will also be attacked. In fact, Apple Computer was not a target until now, just because criminals once followed most users, Windows, but that’s changing. Sidaway said: “Both Apple and Microsoft have added some security features that have greatly increased the effectiveness of software security, but certain attackers are still able to find new ways to take advantage of users on virtually any platform.
- Do not store your card details on the website
Be cautious when asked if you want to store credit card information for future use. Massive data security vulnerabilities (credit card information is a large number of misappropriation) is not common, but why take this risk? Each time you type your details takes an extra 90 seconds, this is a small price.
- Add a DNS service to protect other devices
The DNS or Domain Name System service translates URLs (a series of letters) into machine-readable IP addresses (a series of numbers). You may use your ISP’s DNS service by default, but you may choose to subscribe to services such as OpenDNS or Norton ConnectSafe, and you will be redirected if you attempt to access a malicious website. “It helps provide some security (and parental controls) on all devices in your home, including tablets, TVs and game consoles that do not support security software, but they should not rely solely on it as the only line of defense they can easily Be bypassed. “
- Enable 2-factor Authentication
If it is provided by your email or cloud service – Gmail, Dropbox, Apple, and Facebook – set it up effortlessly. In addition to entering the passcode, you are asked to enter the passcode sent to your phone via text message. For Gmail, you only have to enter a new password every 30 days or log in from another computer or device. So hackers may crack your password, but no unique and temporary CAPTCHA should not be able to access your account.
- Lock your phone and tablet devices
Stay locked, just like your front door. Lookout’s Derek Halliday said: “The password or password may be more than 40 times a day, but this seems to be a troublesome thing,” This is your first line of defense. However, next-generation devices will use fingerprint scanning as an additional security measure.
Google Translate for Business: Translator ToolkitWebsite Translator
- Be careful on auction sites
On these sites, in particular, says Symantec’s Sian John, exercise vigilance. “Check the seller feedback and if a deal looks too good then it may well be,” she says. “Keep your online payment accounts secure by regularly changing your passwords, checking the bank account to which it is linked and consider having a separate bank account or credit card for use on them, to limit any potential fraud still further.”
- Lock down your Facebook account
Facebook regularly updates its timeline and privacy settings, so it is wise to monitor your profile, particularly if the design of Facebook has changed. Firstly, in the privacy settings menu, under “who can see my stuff?” change this to “friends” (be warned: setting this to “friends of friends” means that, according to one Pew study, on average you are sharing information with 156,569 people). Also in privacy, setting “limit old posts” applies friends-only sharing to past as well as future posts. Thirdly, disable the ability of other search engines to link to your timeline. You should also review the activity log, which shows your entire history of posts and allows you to check who can see them. Similarly, you should look at your photo albums and check you’re happy with the sharing settings for each album. In the future you may want to consider building “lists” – subsets of friends, such as close friends and family, who you might want to share toddler photographs with, rather than every Tom, Dick and Harriet.
Also, remove your home address, phone number, date of birth and any other information that could use to fake your identity. Similarly, you might want to delete or edit your “likes” and “groups” – the more hackers know about you, the more convincing a phishing email they can spam you with. Facebook apps often share your data, so delete any you don’t use or don’t remember installing. Finally, use the “view as” tool to check what the public or even a particular individual can see on your profile, continue to “edit” and adjust to taste. If this all sounds rather tedious, you just might prefer to permanently delete your account.
- Remember you’re human after all
While much of the above are technical solutions to prevent you being hacked and scammed, hacking done well is really the skill of tracking human beings, not computers, by preying on their gullibility, taking advantage of our trust, greed or altruistic impulses. Human error is still the most likely reason why you’ll get hacked.
There’s no way for you to prevent a data breach from occurring at a company that has your business. You can, however, make sure your accounts are secure from other forms of attack.
Here are my top methods to maintain safe and secure online accounts.
Check List to be Safe from Hackers
- Turn on security features
- Install reputable security software
- Turn your Bluetooth off when you’re not using it
- Use encrypted wi-fi networks that require a password and ensure your device does not automatically connect to new wi-fi networks
- Check app permissions. Consider whether you want apps to have access to your information
- Set and use strong passwords
- Back up your data
- Be wary of emails even though they may appear to come from a legitimate source
- Set your anti-virus and anti-spyware software to scan every incoming and outgoing email and attachment automatically
- Regularly update software
- Read and understand social networking privacy settings
- Protect your accounts with strong passwords
- Consider turning off geolocation features in social networking apps
- Never access social networking by clicking a link in an email or other websites
- Never click on suspicious links, even if they are from your friends, as their social media account may have been hacked