It’s up to each of us to become more cyber aware so we can protect ourselves online
Online theft is nothing new – but 2021 saw cybercrime go to a whole new level. As we all spent more time at home (and therefore more time online), Avast tracked increases in everything from ransomware to cryptocurrency scams to phishing.
Phishing attacks are a popular way for criminals to access personal information, utilizing social engineering to convince people to hand over their credentials, banking information, or even send money directly to the scammers. From June to October 2021, Avast researchers noted a 40% increased risk of businesses getting phished, along with a 20% increase for individuals. In one case, cyber criminals took advantage of the increase in online shopping during the pandemic to infect people’s devices with malware called FluBot via a fake shipping tracking app.
But phishing attacks are just one way, splashy way that you’re vulnerable online. Concerned about your internet security? Here are five tips for staying safe online.
With FluBot, scammers were able to implant malware on victims’ computers by sending links that looked like they were from a legitimate delivery service, like FedEx or UPS. When people clicked on the link, they were instructed to download software to track their package – and that’s how they got the malware.
As an increasing number of businesses are turning to SMS messaging to get time in front of our distracted eyes, so too are scammers. As a general rule, don’t click on any links sent to you – whether it’s via SMS, another messaging service, or even your email – without checking in with the person or company the message is from first, via a different and trusted medium.
So, for example, if you want to track a package? Go to fedex.com and put in your tracking number directly there. Or if you get an urgent email from your boss? Ping them on Slack or shoot them a quick text to make sure it’s really them. It might be slightly annoying but, trust us: It’s much less annoying than being the reason your company gets hacked.
Think incognito mode is protecting you from being tracked across the internet? Think again. Incognito or “private” mode is designed to keep your browsing history secret from anyone who’s trying to access your computer from your computer. So it’s great if you don’t want your kids to know what sites you're visiting, but not so great if you don’t want Facebook or Google or your boss or the government to know what you’re doing online.
For that, you need a Virtual Private Network (VPN). A VPN creates a secure, encrypted connection between your computer and the internet. Picture a tunnel traveling through the air between you and a server. You can see what you’re sending; your server can see what you’re sending; but no one else can see inside that tunnel. Using a VPN means that any information you send or receive over the internet is protected from anyone who shouldn’t be peeking in at what you’re doing.
VPNs are great all the time, but be sure to use one when you’re connecting via free Wi-Fi – like in an airport or a cafe – as those networks tend to be especially vulnerable to cyber criminals.
Because computers don’t “speak” English (or Chinese or Arabic or Swahili or any other human language), they need a translator. That’s where a domain name system (DNS) comes in: DNS translates your human words into numbers, which is the “language” computers “speak.”
So, for example, when you type, “facebook.com” into the bar at the top of your screen, your computer reaches out to the DNS, which comes back with a series of numbers so that your computer can bring you to Facebook.
However, a hijacked DNS can send back fake information, which brings you to a hacked version of the site you’re trying to access. For example, if you wanted to access your bank account but your DNS had been hijacked, you’d be redirected to a look-alike site – and you wouldn’t know the difference. You’d put in your banking info, just like usual, only to have that information (and potentially all of your money) stolen.
But how do you know if the DNS your computer is using is reliable? Most of us don’t – which is why you need software to ensure you’re only being sent to a reliable DNS and not a hijacked one.
One of the most important things you can do to keep yourself safe online is regularly update software. Software updates — from the apps you use everyday to the operating system on your computer or phone — often come with security updates, large and small. If you don’t download the update, however, your device is open to attack from those security gaps.
Think about it this way: If someone put out an announcement on Facebook that they were going to leave all of their windows unlocked while they were away for a three week vacation, what would happen? Most likely, thieves in the area would break in and ransack everything they own.
A notification about a security gap is like that Facebook message, but it will catch the attention of cyber criminals instead of television thieves. If you don’t “lock your windows” (a.k.a. update your apps and systems), they’re going to come and take you for all you’re worth.
If, say, you fell prey to the phishing attack we talked about above, how secure would the rest of your accounts be? If you use the same password for multiple sites? Not very secure. That’s why it’s essential to create unique passwords for every login and every website.
But who has the memory to keep track of all of those? Certainly not me. That’s where password managers come in. Password managers are secure vaults where you can store every single password. All you have to remember is one master password to gain access to any login information that you need. They’ll also generate random passwords for you, either as a combination of letters and numbers or as unrelated words.
And if you want to create a password on your own, without the help of a password generator, it’s good to use three completely unconnected words — like, for example, zebra-auto-house — or use a tool like our random password generator, which will give you a truly random combination of characters that add up to a more secure password.
The internet is amazing — but it’s also dangerous. It’s up to each of us to become more cyber aware so we can protect ourselves online. Follow these tips, and you’re off to a great start.
One type of phishing scam that tends to occur during tax season is the W-2 scam, in which hackers pretend to be company executives and request employee W-2 forms. Here's how to stay safe.
Malicious USBs can allow attackers to obtain a user's passwords, access their devices, and even irreversibly damage their computer.