The different cybercrimes & how to prevent them

LIFESTYLE | September 2018

One of the best ways to protect yourself from cybercrimes is to understand what they are and how they work. We can then make much more informed decisions when we’re online. Here are some common cyber threats and hacker habits; and what you can do to protect yourself from them.

Malware

Malware simply refers to any kind of malicious software designed to damage or harm your computer system. It’s generally used:

  • To gain access to and control your computer system,
  • For a profit,
  • To steal sensitive information from an individual or business, or
  • To blackmail

The aim of malware is to gain access to your computer, unnoticed, and it can enter your computer from opening files in emails, downloading files from the internet or plugging in a USB drive or something similar.

Ransomware

Ransomware is a type of malware that can lock you out of your computer or stop you accessing your files until you pay a ransom. Ransomware can and will target anyone, even individuals. It will prevent you accessing your files or computer by encrypting or scrambling your files, so you can’t read them. Attackers will usually ask for a ransom to be paid in an online currency like Bitcoin, which is harder to trace than regular cash.

Ransomware can get into your computer the same way that any malware does, such as visiting unsafe websites, opening emails or files from someone you don’t know or clicking on malicious links in social media.

Phishing

Phishing is a type of email scam where the sender will pretend to be from a trustworthy organisation in an attempt to trick you into doing something like provide personal and financial information. Phishing emails have become very sophisticated in recent years. They can look and feel like emails from a real organisation. Most phishing emails will come from someone trying to disguise themselves as your bank, a social media site, government agency, an online game or an online service with access to your financial details like iTunes or Spotify.

The goal of phishing scams is to get you to do something you wouldn’t usually do. A common example is clicking on a link within the email and going to a site to enter in your personal and financial details. The site is a scam and the details are simply sent to the attacker.

Unauthorised access

Unauthorised access describes the act of gaining access to someone else’s information online without their permission. This could be any kind of information found online such as:

  • Social media accounts,
  • Websites,
  • Bank accounts,
  • Emails, or
  • Business networks and systems

It’s usually done with the intention of personal gain or causing loss or harm to the owner of the accounts. Surprisingly, 22% of Kiwis think it’s acceptable to read someone else’s emails without their consent (One Million Kiwis Affected by Cybercrime, Scoop), but this is a type of cybercrime.

There are many ways people try to gain access to other people’s accounts, this could be through guessing the password, gaining access by brute force by using an automated software to guess things like usernames and passwords, or use social engineering to trick someone into giving them information. They may use existing unauthorised access to one system to gain access to another – that’s called lateral movement.

Prevention

So how do we prevent these attacks from happening to us? Here are some tips:

  • Always update your operating system (OS) and your apps when new versions are available
  • Install antivirus software on your computer and scan for viruses regularly
  • Install a firewall on your computer to stop traffic from untrustworthy sources
  • Be careful when sharing portable devices
  • Be cautious when connecting your computer to free WiFi
  • Back up your files regularly, to an external hard drive or trusted cloud service
  • Know what to look for in a phishing email:
    • You didn’t expect it
    • You don’t recognise the sender and their email address
    • The sender’s name doesn’t sound quite right
    • You don’t recognise the name of the company
    • Anything doesn’t look like it should – remember it is easy to copy logo’s in cyber space
    • The email refers to you in a generic or odd way – “Dear you,”
    • The email contains bad grammar or spelling
    • If you hover over a link with your mouse, the address that you see doesn’t match the place it’s saying it’ll take you
  • Check to see how companies will contact you, such as your bank
  • If you’re uncertain, call the organisation on a number you already know and ask
  • Be aware of social engineering and don’t give out any personal information unless you know exactly whose asking, and why
  • Choose unique passwords that are hard to guess
  • Turn on two-factor or multi-factor authentication
  • Make sure the answers to your recovery questions aren’t easy to guess

This isn’t an exhaustive list of the different cyberattacks, there are plenty more and plenty more ways you can keep yourself safe online. Check out NZ CERT for more information on the different cyberthreats and what you can do to keep yourself safe.