As technology changes and hackers quickly adapt, many people are finding cybercrime and the steps to keeping their online information secure too difficult or confusing to keep up with. Here are some common hacker schemes and ways to protect yourself from identity theft.
Cybersecurity Starts With Your Passwords
Sometimes cybersecurity comes down to something as simple as understanding the importance of passwords. It’s surprising how many people still don’t give their passwords the attention they deserve. You may find it difficult to remember multiple complex passwords and are drawn to the ease of using the same login credentials for all of your online activity. But once a hacker discovers your password, you've made it easy for them to access all of your accounts. Hackers don’t discriminate, they are interested in everyone's data, including yours, even if you don’t do much online.
One solution is to download a mobile application that stores all of your passwords so you don’t have to remember what they are or where you saved them. Once you sign up and pay a relatively low annual fee, you’ll use one password to access the app containing all of your passwords. Most password apps remind you if you need to save or update a password, and your login credentials sync from one device to the next, so if you sign up for a new site on your mobile phone, it will sync to your desktop and tablet as well.
If you are currently storing your passwords on a spreadsheet, most password managers let you upload them. They also allow you to import passwords saved to all the popular browsers, like Google. (For related reading, see: Detailed Ways to Protect Digital Data.)
Phishing for Your Data
Phishing is a means for hackers to trick you into sharing your private information through an email plea or webpage offer. It can come in the form of legitimate-looking emails and webpages. The successful “hook” uses a bit of social engineering in the form of content designed to lure you into taking some sort of action. Cyber-criminals often send emails with heartfelt requests, exciting click-bait notices, shocking headlines or legitimate-looking offers. If you click, you may be sent to webpages that install malicious software on your computer. To spot phishing emails, look at the “from” address and be wary of urgent requests for money and bank transfers.
Spear phishing can look like it came directly from someone you know or even a respected company who asks for confidential information or sends you to malicious sites. Because spear phishing is so cleverly customized, traditional anti-virus protection does not help thwart these types of attacks. Email security programs help ward off attacks, but education and awareness are the best line of defense. (For related reading, see: Phishing Scams Have Cost ICO Investors $225M.)
To protect yourself from phishing and spear phishing:
- Question the legitimacy of every email you receive to help avoid unwittingly giving up private information. For instance, emails that look like they come from your bank or credit card company and ask for personal information or send you to sites requesting personal information can be verified by calling the number on your statement or the back of your bank card.
- If you receive an urgent email from a friend or co-worker that asks for money or a bank transfer, or an email that just seems out of place, call them to verify if they sent it.
- For charitable donations, always make them directly on the company’s website instead of through an email request.
Pharming Mines Your Personal Data
This is the practice of sending users to legitimate-looking websites that mine personal data like login credentials, Social Security numbers and account numbers. This can occur when you inadvertently click a link that installs a virus on your computer that changes addresses of sites you wish to visit. (For related reading, see: 10 Tips to Avoid Common Financial Scams.)
To protect yourself from pharming:
- Install anti-virus and anti-malware software and keep it updated.
- Use smart computer practices such as not clicking on suspicious websites or emails.
- Watch for unfamiliar or unusual email addresses.
- Be wary of sites that ask for personal information.
- Get in the practice of looking for a lock on the address bar indicating the website has special security encryption before you share information on the page.
- Click on the security lock in the address bar to make sure the website has an up-to-date, trusted certificate.
Reducing the amount of spam you receive will help you sort through emails faster. To keep from creating more spam, never respond to it. Replying to messages and asking to be removed shows spammers your email is active. Also, think twice before unsubscribing. If the email is from someone you do not know, or a company you have not done business with, responding to the email or clicking the unsubscribe button lets spammers know the email address is active and will likely result in you receiving more spam.
Ever get a strange email from a friend suggesting you take a look at a link or picture that is completely out of character? This is the result of a botnet. Botnets are large, zombie networks hackers create by linking together thousands or even millions of affected computers to stage a spam attack or distributed denial of service (DDoS) attack. A DDoS is simply a fancy way of saying spammers overload a website with requests to the point it malfunctions. (For related reading, see: Identity Theft: How to Avoid It.)
To protect yourself from botnets and spam:
- Keep your anti-virus and anti-malware software up to date and do not click on anything that seems suspect.
- Keep your computer and browser updated. These updates offer the latest security updates and fix flaws in previous versions.
- Have at least two email accounts. Use one for personal emails only and the other for public use like signing up for new accounts, mail lists and public forums.
Ransomware and Scareware
Ransomware is a type of malicious spam that prevents you from accessing personal information on your computer. Victims are either sent emails “booby-trapped” with attachments they open, or they click malicious links while browsing. The three types of ransomware are scareware, screen locks and encrypting ransomware.
Scareware usually takes the form of pop-ups claiming your computer is infected and you must purchase their software to remove it. Your files are usually safe, but if you back out or pay you’ll continue to get the annoying pop-ups.
Lock-screen ransomware will lock you out of your computer, often with an official looking seal that says illegal activity has been detected and you must pay a fine.
Encrypted ransomware means your files were snatched by a hacker who encrypts them and claims you will only get them back if you pay. Still, there is no guarantee the files will be returned to you if you decide to pay.
To protect yourself from ransomware:
- Keep your computer system, software and browsers updated. The WannaCry attack in 2017 was successful because it exploited many users who did not apply the Microsoft updates to their computer.
- Never pay a ransom to get your data back. You may be able to use other alternatives to get some of it, but you may never get it all.
- Routinely create secure backups to external drives that remain unplugged when not in use, so they do not become infected. You can also back up to cloud storage that includes highly encrypted, multi-factor authentication.
- Use multi-factor authentication whenever possible.
People often think if large, seemingly locked-down companies can fail at keeping hackers away from personal information and login credentials, what hope could they possibly have at thwarting a cybersecurity attack? The key to keeping yourself safe online is by using multi-factor authentication, routinely updating your computer, programs and browsers, and setting a regular backup schedule just in case. With awareness and vigilance, it is possible to help keep yourself safe online.
(For more from this author, see: How to Manage a Financial Windfall.)
Disclosure: Kris Maksimovich is a financial advisor located at Global Wealth Advisors 18170 Dallas Parkway, Suite 103, Dallas, TX 75287. He offers securities and advisory services as an Investment Adviser Representative of Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser.