Cyber Nani – Education About Cyber Security
- IWB Post
- July 7, 2015
With all the fancy new words and jargon flying around these days, it gets quite difficult at times to actually understand what is being said. I mean what does “Enable HTTP over SSL” mean? Even in my advancing years I’d rather not be helpless and I will share with you whatever I’ve learned about staying secure online. I am fondly called Cyber Nani in my social group. Now although I have wrestled with the terminology and technology related to the interwebs, it is essential for me to hold on the title of influential matriarch by corresponding over email, liking relatives’ pictures on Instagram, or even by surreptitiously following the young ones’ online. Yes!
I am, however, very concerned about the careless and casual attitude that almost everyone shows towards security on the internet. All these stories of people getting robbed quite easily online these days have added a few more worry greys. Sacrificing privacy and safety for temporary popularity and convenience is not done. Therefore, as part of ACT (Action against Cyber Theft) imitative, I am going to delve into my experiences and help un-complicate a few things for you, the internet-savvy generation.
1. Phishing Dhansak fridays with my friend Perizaad is our thing. Peri learnt to cook online and was part of an online cooking chat room. One of the members had sent her an email posing as a retailer with access to cheap ingredients to help with her cooking experiments. She clicked on the link in the email and ended up giving a virus access to her computer which tried to access her passwords, credit card details or bank account numbers.
Luckily for her the virus failed to get the information but almost ruined her computer. Well, she could have averted this if she had taken my advice and deleted such spam emails.
#ACTNOW and never visit unreliable websites which sound and look familiar like http://www.fasebook.com (note the s rather than c in face) or http://www.facebock.com (note the ck in book) instead of the real http://www.facebook.com/
Can I say I-told-you-so to my best friend?
Some more death by spelling, but SMiShing is as effective as Phishing but done using SMS (Short Message Services) on your mobile phone. The crafty senders entice you into clicking on a website link or the common one of calling an Automated Voice Response (AVR) system which asks you to enter numbers. This way they can track your passwords and other personal information. This applies to social media apps like Whatsapp and Facebook messenger as well.
I was conned into changing my social media password this way once when I clicked on a link in an SMS. It was a tough task to create a new account and send friend requests again.
If you want to avoid the hassle of recreating your online persona, #ACTNOW and delete such text messages that might still be in your phone.
My Laughter Club Whatsapp group received a forward once to click on a link to download a new version with data-free picture downloads. Smart alec, Ranjit, always wanting to impress the ladies by being the “first to”, clicked and then licked his wounds when his smartphone was hacked and he lost all contacts and emails and private pictures (hmmm)!
Thus, I say #ACTNOW and protect yourself from hacking by installing and regularly updating the antivirus software on your computers and mobile-devices. Buy software from authorised vendors only.
All of us love to cheap-out now and then, but certainly not in this case or you will grab cheap headlines as a victim of hacking a la Ranjit. Well, at least we had a good laugh about it!
4. Advanced Persistent Threat (APT) When my granddaughter was in school she had to submit her craft items in a basket to her teacher for grading. She did not realise that her envious and sly classmate had swapped nametags on the basket while she wasn’t looking and bagged a top grade for work she did not do.
APT is almost the same except that it’s not just one person, but an organised group or network of people that try to gain access to personal or work related files on your computer. Occurring mostly in corporate settings, cyber gangs install malicious and often undetected software on to your computer or mobile device. To avoid this, corporate cyber security in firms should be regularly reviewed and antivirus and anti-malware software should be periodically updated.
5. ClickjackingA yoga aficionado, I love browsing yoga sites and one day I saw this amazing image of a 60-ish lady trying an impossible yoga exercise I had been attempting. Intrigued, I was tempted to click on it and so was my grandson, with whom i shared the image. Luckily my knowledge in the cyber space asked me to do so. Such images are a trail of breadcrumbs, i explained to my grandson. If you clicked to enlarges the image and was lead to a site encouraging me to click on another image. Me and My grandson echoed that I would get clickjacked!
Yes! Clickjacking is a malicious attempt to redirect you to a site that is entirely different to the destination you were expecting to reach so that personal data stored on your system can be accessed or your computer or device taken over. My grandson advised me to update my browsers (such as Chrome, Firefox, Opera) and so should you, to the latest available version. Installing clickjacking detection/prevention software like NoScript or Comitari Web Protection SuiteHome LE is also helpful.
6. Certificate AuthorityAs I had mentioned earlier, i am tech-savy and along with the help of my grandson and some his friends, and yes a lot of surfing, I learned all I could about Cyber Security. Here I learnt why some websites have a portion in the address bar highlighted in green. It indicates that a website is certified and owned by a legitimate company or organisation.
Ah! now I can safely indulge in online shopping for my friend Peri’s son’s wedding by checking for the green light.
7. TyposquattingSome websites are purposely misspelt or have different top-level domain names such as .org instead of .com which busy people and those with failing sight, like mine, are prone to miss. This is called Typosquatting or URL Hijacking or Fake URL and provides a gateway for hacking attempts.
8. Credit Card Skimming Uncovering secrets is my lesser known hobby which helps me keep my grey cells active like my beloved Hercule Poirot. I discovered gorgeous Nina’s secret behind her age-defying gorgeous skin. It wasn’t good genes, but beauty products shopping with her forgetful husband’s credit card. Another secret she was robbed off and did not realise this until she swiped the card at a retail outlet and the teller mentioned that her card was unauthorized.
This is one of the ways we fall prey to theft attempts. Watch out for unbranded ATM machines and any detachable devices, which may be placed on the ATM Machine. Perpetrators use these to store card details for robbing you at leisure.
9. Social Engineering The youth these days use this devious method called social engineering to get the latest on the competition in the dating scene by posing to be a friend of a friend. I was stunned to find out that cyber criminals use this same trick to access our passwords.
Fraudsters using fake charities requesting for donations, impersonating people you know to access personal information or even fake lotteries requesting bank details to credit your possible winnings are some ways we become victims of engineering. Once these tricksters have access to one password, chances are it is common across various other social media platforms as well. Always ensure you keep different passwords for different sites!
10. Cyberheist This one actually happened to Peri. She opened a forward from someone who had recently joined her Sunday social group. It unfortunately had a key-logging software inside that went undetected and managed to get almost all of her passwords.Thankfully, she used the virtual keyboard to log into her bank account.
Parents sometimes genuinely and innocently install antivirus to keep an eye on their children. But in the hands of a cyber-criminal, it is a deadly weapon! Most antivirus companies nowadays include anti-keylogging features. #ACTNOW and check that yours does and that it is turned on by default.
This article was first published in Huffington Post.