If Facebook hearings taught us one thing
it is that your personal information is very easy to steal and use for some
shady purposes without your knowledge or consent.
All sorts of other hacks happen online more often than you think. Just remember how often you have seen the words “hack” or “ransomware” in the news this year. More than enough I suppose. The online realm isn’t safer than the IRL. Anyone connected to the world web can be vulnerable to anyone else on the Internet.
So just as you diligently lock your house before leaving, you should as well leave no “open doors” for online criminals to exploit. I previously wrote about what happens when your identity gets nicked online (Hint: the aftermath can be excruciatingly dragging). This time around, I want to dwell a bit more on cybercrime and share some tips on how to avoid getting conned by some “artists” online.
1. Instagram Account Hacks
After all the congressional hearings, Facebook has been ramping up their security and verification procedures, ensuring that no data will fall through the cracks or no fake account will submerge to spread shady information. But in that extreme effort to patch the “holes”, it seems like FB team has somewhat loosened attention on their darling second app – Instagram.
In August, hundreds of users got locked out of their accounts with their passwords and email addresses being changed to suspicious .ru mail accounts. Both personal and business accounts got hacked and users had to undergo a confusing official procedure for re-claiming their account back. On another note – a lot of Instagram influencers have been also under attack from hackers. In this case, however, the “savvy” criminals demand a ransom and threaten to delete all the content in case of non-compliance. Such “hostage” situations may seem silly…but imagine how would you feel if some bastard threatened to wipe years of hard work in 5 minutes? Not particularly chuffed, I imagine.
So how do you protect your Instagram account from being hacked?
Use Strong Passwords. Yeah, I know…you’ve heard that before. But before you toss that away, go on and check whether your current password has already been leaked online. Have I been Pwned website will tell you that for free. You may be unpleasantly surprised by the results.
Turn On Two-Factor Authentication. Again, this isn’t rocket science, but this way you get notified with a text whenever someone tries to log into your account from a new device/location and sound the alarm if things seem fishy.
Use a separate email for your Instagram. If you run a business account, do not use the same email you DM to random people for further communication or list publicly as your login email. Doing so just makes things easier for hackers.
Manage and revoke access to suspicious 3rd party apps…and don’t forget to do the same on Facebook. Check back this area frequently too!
Always double-check the legitimacy of emails sent to you by Instagram. Make sure that the email address is all right and does not contain any additional symbols e.g. you are receiving an email from firstname.lastname@example.org, not email@example.com. Don’t rush to click any links and do not ever email your password to anyone asking for it in an email!
2. Email Phishing Hacks
Email phishing attacks and scams have come a long way from the notorious “Nigerian prince scams”. Today the majority of common cyber attacks on businesses and individuals are spear phishing ones. In simple words, someone receives a very legitimately looking email from somebody else, clicks a link, downloads a file or does another triggering action, infecting the entire computer network.
That’s exactly how Chinese hackers managed to break into The New York Times the other day and caused massive havoc. The problem with spear phishing is that hackers are getting better and better at imitating the “real deal” – your bank, a popular online store, the company CEO or even the White House. In fact, 94% of employees cannot distinguish between the real and phishing emails. The same study also found that 96% of executives worldwide couldn’t tell the difference between these two. Clearly, this threat should not be taken lightly.
Is there anything you can do to protect yourself against such cons? Yep, there are a handful of preventive steps:
- Always use common sense. Before you click or download anything from an unexpected email, take at least 3 seconds to read through it once more, check security certificates, senders email and so on. Check with someone else if you are not sure if the email looks plausible.
- Allow automatic software updates. Oftentimes new versions come with enhanced security measures against new-gen hacks.
- Don’t immediately click links you receive via email. If you are directed to a website where you have an account, access it directly from your browser. Try to follow your own links as often as possible.
3. Logic Bombs
Logic bombs operate in a similar fashion to good ol’ viruses. The only difference is that they don’t start acting out up till a certain event takes place. This event can be anything from a certain time/date or specific action e.g. removal of a file.
The bomb can stay dormant for a while and then one day release a bunch of malicious code that will delete important files, leak unauthorized information, disable your network and perform a variety of other less than pleasant actions. These bombs can be used by hackers to blackmail the victims and demand ransom before it explodes and infects the entire system.
To avoid dealing with one, consider the next prevention measures:
- Be careful with downloading “free” software. Pirated or freeware such programs can come with a nasty bomb inside. So don’t download random stuff just because it’s “free”.
- Install the latest software patches, especially for programs such as Microsoft Office, Adobe and Java. All of them regularly add new features against such threats.
- Don’t download shady attachments.
4. Beware of Salami Slicing Attacks
The name may sound funny, but you won’t be amused if you ever fall for one. Salami slicing is a relatively popular technique used by cybercriminals. In essence, they steal your funds or resources one small bit a time, so that you don’t pay much attention until a good chunk of your “possessions” is gone.
However, such criminals typically don’t mooch off for too long and instead choose to go after multiple targets over time to avoid getting caught just too early in the play.
There’s not much you can do to protect yourself from such attacks, apart from staying vigilant and closely monitoring all your transactions.
The bottomline is this: don’t ride the crowded subway with an unzipped purse and then act surprised when your wallet is stolen. Or in other words – be vigilant about your online actions: don’t ignore security updates, use good passwords and two-factor authentication and avoid clicking or downloading something that is even a tad-bit suspicious.