We all have an online presence, even if we don't always realise how extensive that is. We use the internet more and more on a daily basis, and that ever increasing use brings a certain degree of risk along with it.
Every day sees an increase in the number of attempts to hack websites. Every day sees an increase in the amount of phishing attempts and virus attacks. So, how does all this affect you and what do you need to do in order to stay safe online?
How bad can it be?
You may not have your own website and you may only use email occasionally and carefully, but that can be more than enough to expose you to significant risks. Here's one possible scenario:
You sign up to a website, or email newsletter because of your interests or a hobby that is covered by the site or newsletter. You use the same "secure" password that you've used on other sites because it's easy to remember and it's specific to you, so surely someone else couldn't guess it. All goes well, and you think no more of it, you get your newsletter updates and maybe even cancel it a few months later, when you've seen enough.
But... the website or newsletter service gets hacked and the subscriber database, including all of the email address and passwords pairs for each subscriber, is copied, maybe even without the web owner knowing.
The details, including yours gets passed around or sold within hacker communities. That single pairing of an email address and password can be enough to cause you significant damage if used by those with particular skills. From something as simple as hacking your email account (if you used the same password for that) to full-on identity theft, by gradually building up a copy of your online and real life persona and using that to access finance in your name.
Cybercrime and more - What do these terms mean?
As the amount of online crime and the various types increased in recent years, a new terminology grew to describe it. Some of it is obvious, some not so obvious. So here is a little glossary of terms to help keep up to date with cybercrime.
Cybercrime: Any online criminal or illegitimate activity, or any criminal activity which makes use of internet services.
Hacking: Unauthorised access to online resources or gaining access to online resources without going through normal access routes. There are also "good" hackers known as "white hat" hackers that engage in a practice called "ethical hacking" in order to restore access to a resource after a legitimate user has lost access, and ethical hacking practices are also use for security testing. However, most mentions of hacking refers to "black hat" hackers and malicious or criminal activity.
Phishing: Mostly conducted through email, this involves creating a message disguised as something from a legitimate service in order to trick the recipient into providing a password, credit card, or other sensitive information. For example, you might receive an email with logos, contact details and links for a well known financial institution, requesting you to update your details by clicking on a particular button or link in the email. The button or link might take you to a fake website disguised as a login page for financial institution's site. This would then capture your login details and possibly produce an error message saying "login error, please try later". This would give the criminals time to use your login details on the real site to steal from your account.
What can you do to stay safe?
Think before you click. Always be sceptical of links in emails and never click on email links to financial institutions. Banks and similar organisations may inform you of issues via email, but they do not ask you to click through to a login page from an email. They will always ask you to visit your site as you normally would, by going directly to your web browser and typing the address or using a saved shortcut.
If you think an emailed link might be legitimate, view the email on a laptop of desktop computer, as these allow you to hover over the link before clicking. Links can have their text disguised to look legitimate, but when you hover over a link, you will see the actual destination address of the link pop up either beside it or at the bottom of your screen.
Unless you are certain of the source of the email, continue to be suspicious. Even when the hovered link looks ok, there is a possibility that it is using a "special characters" substitution trick. In this case, a link to a site like apple.com might actually be to a fake site where the address is using Cyrillic/Greek characters that look like some Latin alphabet characters, swapping out a "p" from "apple" with a Cyrillic "er" which looks identical.
Avoid using the same password across multiple websites and services. Some people find it easier to use a pass-phrase. For example, you might use something like"Ferrari4MeSavingsFund" for your online banking.
If you have used the same password on any given service for some time now, consider changing it. Your details may already have been compromised without you realising it, even if they have not yet been used.
You can use an service such as https://haveibeenpwned.com/ to check whether your details have been found on hacker lists. The Have-I-Been-Pwned site allows you to enter in you email address (just the email address) and it will tell you if and when your details have appeared in any known hacks lists. It is these lists that are often the basis of emails telling you that you have been hacked and demanding some amount of bitcoin as blackmail. They will often include an actual password for that email address as "proof". Hopefully, if you have been careful, it will be an outdated password taken from and old database hack as described above.
Another very good service to help you stay safe is Firefox Monitor ( https://monitor.firefox.com/ ). This service from the people who make the Firefox web browser allows you to enter just your email address, no other details, and it will run a check like the Have-I-Been-Pwned service. If you scroll down a bit on that Firefox Monitor page and sign up for a Firefox account they will continue to monitor data breaches around the world and email you with a notification if your address appears on any of the data breach lists.
Be careful where you go online. Just as in real life, there are some areas where it is not safe to visit. Certain sites contain links or embedded code that can compromise the security of your system. Some popular media download sites can provide content that is infected with viruses/malware. Taking a chance on getting that movie, music or software "for free" may not be worth it.
If you have any questions on online security, contact John McCormack at extension 202, email
