Would you hand out your name, social security number and email address to a total stranger on the street? Probably not. However, when it comes to giving out the same information online, we are somewhat less adamant. Is it really easy to gain information on an individual from seemingly trivial data? How could your online presence be used against you? In this article, we answer these questions and discuss how to mitigate these risks.
Would You Give Out Your Email Address?
A social experiment conducted by People’s ID Bot Project and London agency Abundance has shown how incredibly easy it is for fraudsters to glean a disturbing level of personal information online, by simply using an email address. Bar customers wrote their email address on a sham mailing list, then researchers used their email addresses to evaluate the target’s details online. Within a matter of minutes, the researchers had gathered so much private information on the individuals that they succeeded in convincing the patrons that they had known them for years. Would the same have happened to you?
Sharing Your Life Online
The shocking experiment highlights the dangers of leaving yourself open to online identification fraud – it reveals how easy it is for a stranger to research individuals. People should be aware of the how much of their personally-identifiable information is freely available online. In the wrong hands, this information is used to commit identity theft or sold to other criminals. Usually, the victim is only made aware after a crime has been committed against them.
Often, people disclose all types of personal information on the Internet that allows identifying data to be deduced. Social media services such as Facebook, Twitter and Instagram are libraries of personal minutiae – school and work chatter, snapshots of family vacations, and books read are just the tip of the iceberg. Such seemingly superficial pieces of self-revelation can gradually be gathered and reconstructed by computers to help create a picture of a person’s identity, sometimes even down to the Social Security number.
How to Prevent Victimization
People can increase their defenses against identification in social networks by implementing tight privacy controls on information in personal profiles. Unfortunately, an individual’s actions are not sufficient to protect privacy in the interconnected world of the internet. In today’s online world, personal privacy is no longer an individual phenomenon; although you may not disclose personal information, your online friends or colleagues may do it for you, denoting your gender, education or employer, location, and interests.
The Web offers us excellent value and convenience, however it is important to be vigilant in protecting our online identities. It is essential to exercise caution and implement these simple adjustments to online behavior in order to prevent victimization. People should exert more caution with personal details – it is by obtaining such data that the process of identity theft starts.
In one of our previous blog posts, we started our discussion with cybercrime prevention tips. In the following article, we shall further provide advice on how to prevent cyberattacks, with a more in-depth focus on mobile technology and deployments.
Many cybercrime attacks can be avoided with the implementation of straightforward preventative steps. Cyber criminals prefer to attack easy targets, thus the more difficult you make their job, the more likely it is that they will move on to an easier target.
By implementing the following precautionary measures, you can effectively fight cybercrime:
- Protect your computer with security software
Several necessary security software elements are required for basic online security. Antivirus programs and firewalls are just two examples of security software essentials. Generally, a firewall is the first line of cyber defense, as it controls who and what can communicate with your computer online. Firewalls block connections to unknown or phony sites, and will prohibit certain types of viruses and intruders. Antivirus software monitors all online activities such as e-mail messages and Web browsing, offering protection from viruses, worms and other types of malicious programs. More recent versions of antivirus programs also protect from spyware and potentially damaging unwanted programs, such as adware.
- Secure your mobile device
Mobile devices, such as smartphones and tablets, are also vulnerable to cyberattacks; these devices are attacked by cyber criminals in a similar way to computers. A more in-depth look into smart phone security can be found here.
When smartphones are used for business purposes, a number of safety practices should be followed, such as not saving any sensitive business data directly on the device, to prevent unauthorized data access.
- Turn off location settings
Numerous smartphones, tablets and even some digital cameras now come GPS-enabled, allowing geotagging (the addition of GPS coordinates to your online posts or photos) is especially popular with photos. A geotagged photo is the most marked threat for the user’s personal privacy and security.
The problem with such location-based services is not the information they provide, but rather the information they might also provide to other parties. Providing information about your current location is risky, but even more precarious, the data may be permanent and searchable, allowing criminals to build up a clear picture of your activities through time.
To mitigate these risks, the best thing to do is to completely disable the location settings when requested by applications and refrain from using geotagging. Alternatively, in some cases, these may be turned on only when you specifically need it, then turned off again immediately after; even in this scenario, only a restricted number of friends should be able to see the information of where you are and where you have been.
- Secure your offsite workers
Offsite workers, such as teleworkers and remote workers, including vendors and customers, making use of any type of mobile device (e.g., laptops, smartphones and tablets) should be equipped with remote access solutions or other modern solutions, so as to assure a secure access to the corporate network.
- Back up critical dataAlthough this is not strictly a way to prevent cybercrime, backing up critical data is a crucial step in the event of an attack. Recovery of data and return to normal operations is essential for business continuity; any down time to mission-critical systems may be harmful. Details of the backup processes should be part of the business continuity and disaster recovery plans.
The most really effective steps taken by a computer user to avoid being a victim of a crime render the user’s computer somewhat less convenient to use. Every user must balance how much security is considered enough to keep unauthorized intruders at bay. The German software developer HOB offers its customers the perfect balance between user experience and security. The Secure Remote Access Suite HOB RD VPN allows users to remotely access corporate files and servers from anywhere, at anytime. Due to SSL-encryption and modern authentication methods, HOB RD VPN offers its users a maximum of security. The recent Common Criteria (EAL4+) certification is yet another independent proof for the high security level of HOB RD VPN. If you are interested in learning more about HOB products, please visit our website www.hobsoft.com.
Every week, we hear new reports of new cyber breaches and the exploitation of security flaws. Internet connected activities are as susceptible to cybercrime as physical crime, and both can lead to severe damages and lasting negative consequences. Ultimately, it is the responsibility of the individual to protect themselves and their families against cybercrimes through safe online practices.
Cybercrime Prevention Strategies
Preventing cybercrime is not an easy task, however cybercrime prevention can be achieved relatively rapidly and in a cost-effective way. The following tips help prevent cyber attacks:
Install the latest patches and updates
By regularly updating your computer operating system with the latest patches and other software fixes when they become available, you can block attackers from taking advantage of software flaws that would otherwise compromise your system.
Keeping your computer up-to-date renders it much more difficult for cyber criminals to gain access to your system. Although updates alone do not guarantee protection, they block several basic and automated attacks completely and may discourage a less-determined hacker to look for a more vulnerable computer somewhere else. Fortunately, most Windows-based systems can be configured to download software patches and updates automatically.
Choose strong passwords… and protect them
Choosing a password, meaning one that is not easily guessed, is the first step towards keeping passwords secure and out of the wrong hands. Strong passwords use a combination of upper and lower case letters, numbers and special characters or symbols (such as ?, @, $ and &). Any type of personal information or dictionary words should be avoided.
A different password should be used for each service used; although this makes it more difficult to manage your online accounts, it is well-worth the effort. Passwords should be changed regularly so as to limit the damage caused by someone who has already gained access to one account. It is essential to store passwords in a safe place. If you suspect that one of your online accounts may be hacked, one of the first steps to take is to change your password.
Shred old or unwanted paperwork
Any paperwork that contains personal details should be shredded or made illegible before discarding or recycling it. Criminals can go through your trash to recover sensitive information such as receipts and letters from banks that they can use online.
Protect your personal information
Refrain from revealing personal confidential information in the public domain, for example social media websites. Overexposure can lead to social engineering, whereby attackers gather small bits of personal information from several portals, such as Twitter and Facebook, to launch an attack.
Although absolutely not divulging any personal information is rarely possible, the following is a checklist for how to share personal information safely online:
- Pay attention to privacy policies on websites and in software
- Steer away from fraudulent websites used to steal personal information
- Keep an eye out for phony email messages – do not open email attachments unless you are certain that they are authentic
- Do not respond to email messages that ask for personal information
Be social media savvy
Check your security setting to ensure that your social networking profiles (such as Twitter, Facebook and YouTube) are set to private. Once information is posted online, it is extremely difficult to remove it!
Cybercrime: No Intention of Slowing Down
As the technology evolves, so does cybercrime. This exposes new vulnerabilities which attackers can exploit, therefore implementing the rightful preventative measures is essential to stay one step ahead of attackers. Stay tuned for Part 2 of this blog series where we will discuss further methods to protect against the ongoing threat of cybercrime.
The dependence on mobile browsers to accomplish security sensitive operations is increasing. With this comes an increase in mobile cyber threats, as cybercriminals are now moving beyond computers and shifting to mobile handheld devices.
A phishing survey reported that the number of phishing targets increased from 2012 to 2013, indicating that e-criminals are spending time looking for new opportunities. Mobile phishing occurs when identity thieves collect the user's information, including financial or account information such as user name and password, Social Security Number, date of birth, and credit card information from mobile devices, for the purpose of committing fraud or other illegalities.
Limitations of Mobile Devices
Specific limitations of the mobile platform make mobiles susceptible to phishing attacks:
1. The mobile device’s much smaller screen size constrains the ability of the mobile browser to entirely display any anti-phishing security elements a website may contain. Most mobile browsers in use today simply lack any room to incorporate security indicators and certificate information that alert users of site identity and the presence of strong cryptographic algorithms, as is done with their desktop counterparts. This leaves users unable to verify whether the website they are logging into is legitimate or not; a critical security flaw rendering mobile browsers unsafe.
2. The permanent default browsers preinstalled on certain phones are another limitation. Their ability to automatically start up and display links the user opens makes it less difficult for cybercriminals, who can now focus on only one browser to exploit.
This combination of a radically reduced screen size and absence of security indicators makes it difficult for users to determine the security standing of mobile browsers, and makes mobile browsing more dangerous for average users, since it provides a false sense of security. Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers.
Advantages of Mobile Devices:
However, the mobile platform also has some benefits that reduce the concern of mobile phishing:
1. The mobile platform allows phishing targets, including online shopping and banking sites, to develop their own apps for customer use. Assuming there are no spoofed apps and there is a mechanism for constant updates, these legitimate apps facilitate more secure exchanges of information between organizations and their customers.
2. Mobile browsers are increasingly becoming more powerful, and are able to process and run complex scripts. Websites that involve login details may take advantage of this fact to implement better security measures.
Protection Against Mobile Phishing
One can prevent mobile phishing from taking place by adopting and following the following best practices:
1. Avoid opening links in emails, especially from suspicious or unknown senders. One should always verify the legitimacy of the email messages received.
2. Utilization of official apps. If the website one is trying to log in to has an official app, one should use it rather than the browser.
3. Checking the permissions of all the downloaded apps. One should exert extreme caution when choosing which apps to download, as some apps may be requesting too much data, which could result in a violation of privacy.
4. The URLs of the websites one visits should be manually typed in and subsequently bookmarked for future visits. This procedure eliminates typographical errors in the URL that can be directed to a phishing website.
5. Installation of a security solution. Modern solutions for mobile devices enable secure access to data located in the corporate network, without the data ever being downloaded to the device. This eliminates the risk of phishing.
The direction of cybercrime is shifting towards the “post-PC” era, as cybercriminals follow where the users and their money go. Cyberattacks on mobile devices can be prevented by adopting mobile computing best practices.
Cybercriminals have been stealing debit card information from customers of dozens of financial institutions in a phishing campaign that combines fraudulent text messages with VoIP calls.
Voice phishing, or vishing, was discovered by researchers from cybercrime intelligence firm PhishLabs while investigating a recent attack against customers of a midsize bank. Bank customers received text messages claiming their debit cards had been deactivated and instructing them to call a phone number. An Interactive Voice Response system set up at the provided phone number asked callers to input their debit card and PIN numbers in order to reactivate their cards.
PhishLabs believes that a group of Eastern European cybercriminals launched the campaign of attacks around October 2013.
PhishLabs’ blog post announcing the hacker tactic recommends for consumers, including:
- Make sure a CVV1/CVC1 is encoded on cards and validated by payment processor
- Always call your bank using a phone number that is directly printed on the back of your card
A bank account hack can be a serious headache as it poses a threat to your identity and credit. Stay aware of vishing and protect your sensitive data!