No-one expects to be caught by the phisherman, until it’s too late
Online fraud can be pretty insidious, especially if you think you’re doing everything right. But fraud is becoming more sophisticated and the bad guys know technology.
Many of them use advanced software that can reduce days of drudgery to mere hours of research and collecting insecure private information for their own use.
First and foremost: think and verify before giving out any personal information. Be fastidious when asked for your information and always request the person’s credentials. Be wary of suspicious emails and texts, use secure internet connections, and up your password game. October is Cybersecurity Awareness Month, and we’d like to share some tips on how to do these things and more.
Beware the phisherman
Phishing is what it sounds like: a fraudster is trying to lure you into opening a link, clicking on a video, or sending money to a “trusted” person. Not getting reeled in takes awareness and a bit of suspicion.
Phishing may start with an email supposedly from your bank, a trusted merchant brand, or a non-profit organization. Pause before you open it or open any links. Banks rarely email customers with links to click and provide their information, and trusted brands don’t often have 90% discounted items.
Fraudsters use software that duplicates your bank’s or merchant’s brand to look quite genuine. In many cases, though, the email is poorly worded, uses weird multicolored graphics, or just seems unprofessional somehow. But not always.
If you were to open the link – but we know you won’t – you would end up on what appears to be the institution’s website, but it’s also a spoof. In the short time you are on that site, the system can download malware to your computer that intercepts the information you send. You can also hover your mouse over the link and see the URL it takes you to: is that the real company’s website?
If you want to stay safe, simply go to the company’s website as you normally do, not through the link on the email, and look for that offer or log into your bank account.
Likewise, if the email is confirming an order you didn’t make, phone the merchant. Ignoring the problem may give the fraudster time to finalize their fraud.
Yes, smishing may sound cute
Smishing sounds like a stuffed animal, but it’s phishing done by SMS on your mobile device.
Don’t open unsolicited documents or apps on your mobile. From the moment the malware is downloaded, the clock is ticking. Most victims click on links within the first hour, providing private information or downloading malware-infected attachments. Once they do, their user credentials can be harvested to commit fraud or sell to other criminals, or their computer is infected with malicious software that can track users’ transactions.
Everything has a price, even free Wi-Fi
It’s great that so many public places have free Wi-Fi, from fast food and coffee shops to pubs, doctors’ offices, and even some public transportation. Problem is, that’s like blasting your private information through a megaphone.
While it seems harmless to browse Facebook while waiting for your lunch, public Wi-Fi systems aren’t secure. Hackers can access the system and find their way onto connected devices. They can also spoof the Wi-Fi so that you’re actually connecting to their computers.
How’s that done? Many people use their smartphones as a Wi-Fi hotspot, giving them access to the internet via their data plan. A fraudster can easily use a phone as a hotspot, call it “MTA Free Wi-Fi” and everyone taking New York transit on a particular train or in a certain station can access it. Any data you send through your phone is intercepted by the Wi-Fi owner.
Mass scale breaches through public Wi-Fi
Public Wi-Fi is more than a gate to the user’s personal data, it can also open up access to a company’s entire network, such as through guest internet connection. In one case, fraudsters broke into a hotel’s property management system through an insecure Wi-Fi network and a set of smart-enabled remote-control curtains. Using this back door, the hackers were able to steal customer credit card information, resulting in a massive breach of 383 million records.
In general, any time you are using a public connection without your own VPN (which I recommend you use), avoid sensitive activity like sending money through your banking app, telling your brother your credit card info over an online call, or resetting your email password.
When you use apps and free Wi-Fi, you are not only at risk of having your personal information stolen, but hackers could be planting malware for future, often bigger, damage like spreading it to your work computer or everyone on your contact list. And no one wants to be patient zero of an online pandemic.
The gift of giving empty cards
It’s always great to get a gift card from someone who appreciates you. Who doesn’t love a meal at a favorite restaurant or a few songs from iTunes? Unfortunately, they too require a “Use with Caution” sticker.
Fraudsters have also been discovered taking down gift card numbers at stores, then registering an account for that gift card. When they see it’s been activated, they drain the account before the eventual purchaser gets to use the card. Register your card or use it right away. If you’re buying cards for others, try to purchase from a merchant that secures their gift cards behind the counter and not on racks where anyone can access them.
Does your password have a 1 and an ! ? – Time to change it
Long gone are the days where cute, easy-to-remember usernames and passwords were safe. With 15 billion user records breached only in 2019, chances are your password is in some dark web marketplace available for a few cents. If you reuse your password across various accounts, then, rest assured, fraud is in the making.
If your password hasn’t been breached, but you created a weak one, bad actors can also access social media to collect various clues to your passwords, like hobbies, schools you attended, family member names and the birthdays, your first pet’s name… the list goes on.
Ah, but you add a symbol and various capital letters! Let me guess, you capitalized the first letter of your password and put the symbol right at the end? Look at a “most-used passwords” list. When a bad actor focuses on your account, they will deploy a brute-force attack where they try different iterations of what they think could be your password.
The good news is that this is the easiest problem to solve: get a password manager. The program will generate random passwords that are long and difficult to guess. Be sure to generate a different password for every account you have. Do your research, but a few popular programs are LastPass, Keeper Password Manager, and Dashlane. Some browsers have built-in password storage, but they have limitations. They don’t work when you switch browsers or use someone else’s computer. Also, their business is not to protect passwords but to provide an internet browser, so stick to companies that are dedicated to the protection of your passwords.
In all cases, you are able to sync all your devices to your password locker to ensure you can always access your stuff.
How often do you clean your house?
Staying safe online is like any other household task. It’s a pain to think about, but setting up a few systems and some password hygiene will have long-lasting benefits. A few simple tools and regular habits can keep your online activities private and your information safe. After all, most people don’t think fraud will happen to them – until it does.
Related to this post: Five ugly ways scammers take advantage of your COVID-19 stimulus payment