Personal data is valuable to cybercriminals. Did you know hackers can resell Netflix passwords for $3 each? Financial data is even more valuable, and hackers can get as much as $2,000 for reselling online banking credentials.
Because data is so valuable, attempts to steal it are becoming more commonplace and more sophisticated. Techniques include malware, phishing, SMiShing and social engineering. Here are a few steps you can take to reduce your risks.
Protecting your devices
Desktops, laptops, phones, and tablets are primary targets of malware. Malware is a piece of malicious code that infects a device, and can spread to different files and programs. Depending on the purpose of the virus, the malicious code can use your device's computing power to conduct broader cyberattacks, delete important files, or spread to other devices.
Malware is also becoming more sophisticated and there are many different types. You've probably heard about ransomware, a type of malware that locks you out of your device until you pay a ransom. A keylogger virus or spyware can record what you type in online forms, such as online banking login credentials, and send that information to a cybercriminal.
Here's how you can protect your devices from malware:
- Install an antivirus program on all the devices you use, including your phone and tablet. Make sure to keep it up to date.
- Use a firewall to control which programs have access to the internet. Your firewall can prevent an infected program from broadcasting your sensitive data.
- You can avoid malicious webpages and links by installing a browser extension that scans the pages you visit.
- Secure your home Wi-Fi network with a strong password.
- Avoid using public Wi-Fi networks. Don't use public networks to shop online or log into your online banking account.
- Be wary of emails with attached files and links. Don't open files or click on links from unknown senders. The same rule applies to links you see on social media.
- Online downloads are common sources of malware. You can get malware from illegal downloading sites or from viruses bundled with software downloads that look legitimate.
Phishing and SMiShing are especially prevalent
Phishing and SMiShing, respectively, use emails and text messages that trick you into clicking on malicious links. The links will either download malware to your device, or steer you to a spoofed webpage where you'll be prompted to enter your login credentials. Spoofed webpages, a web page that closely imitates an actual site, often look like an online banking portal.
It's important that you be aware of common phishing techniques since more than 90% of cyberattacks start with a phishing email.
Most phishing and SMiShing attempts are fairly easy to identify if you know what to look for:
- The messages usually convey a sense of urgency. They may claim that your online banking account requires attention or that you have to verify your login information.
- Some phishing emails contain typos and bad grammar.
- The message will likely come from an unknown sender, but the email address may resemble one from a legitimate company.
- A more sophisticated phishing or SMiShing attempt can imitate or masquerade as a legitimate address or come from the email address or phone number of a contact whose device has been compromised.
- You may receive messages or comments with malicious links from fake social media accounts or even from friends whose accounts were compromised.
Reduce risks by following a few simple rules
You can reduce your risks of having your information stolen if you always think before sharing something online. Ask yourself whether a link or email is safe to open, and consider whether you're using a safe device and network for certain online activities such as shopping or accessing an online banking portal.
Don't respond to an unsolicited email, text, or telephone message directing you to a website or requesting confidential information like login credentials or social security numbers. Instead contact your bank, social media site, etc., using telephone numbers or links you know to be good and verify whether the information is required.
Strong passwords are an effective way of protecting your devices and online accounts. Use long one passwords, avoid common phrases, and change your passwords regularly. If two-factor authentication is available, enable it.
Another rule to follow is to avoid oversharing online. It's very easy to reveal your location on social media or share information that can be used to open one of your online accounts, including your birthday or answers to security questions such as a pet's name or a school you attended. Keep your social media profiles private and avoid sharing any kind of personal details.
Be sure to follow those online safety tips to protect your devices and avoid falling for common phishing scams.