Classic hacks—they’re still with us. Every day, the internet is filled with new threats and amazingly creative exploits that stun the imagination. But damage is also continually being done by the “oldies-but-goodies” of yesterday. Despite the fact that many of these cyber attacks were first attempted when the internet was in its infancy, they remain tried and true—and dangerous.
Malware
Malware, otherwise known as “malicious software,”secretly installs itself on your computer or mobile device, like a tablet or smartphone. It can then be used by an attacker to monitor and control your online activity. And despite the fact that we all know this, it continues to dominate the world of cyber hacking. More and more, cybercriminals have been developing and using sophisticated “exploit kits” that are designed to find and then take advantage of vulnerabilities in your computing environment. These kits are a big business, offered for sale or monthly subscription on the dark web for thousands of dollars per month.
And what cybersecurity researchers are seeing, in most cases, is the ongoing evolution of attack software in attempts to prevent disruption. For instance, while botnets (networks of malware-compromised computers) first were designed on a client-server model, more recent botnets now rely on existing peer-to-peer networks to communicate, making them harder for cybersecurity experts (the white-hatted kind) to disable.
Whatever new technology is out there, cybercriminals will quickly exploit. So be extremely careful about browser extensions, clickable ads, and gaming extensions, all of which have been known to be used for introducing malicious software. Ransomware, too, has evolved, and has now has migrated to being used over smartphones.
Phishing
Phishing attacks — fraudulent attempts to steal sensitive data — have been around since the advent of email. Attacks are often initiated when you click a link or open an attachment from an unsafe source. But now, new forms of phishing such as “smishing,” which are attempts to steal confidential information using SMS or other text messages, are growing. Just like the older phishing attacks, smishing can appear to come from anywhere, including trusted sources like government agencies, financial institutions, or friends. For example, this past summer, a statewide smishing attack targeted hundreds of thousands of users of several California social services.
As you might guess by now, entering any personal information at the proffered links, no matter from what kind of device, is a sure way to put your personal info straight into the hands of a malicious hacker.
Identity Theft/Imposter Fraud
Stop for a minute and think about how much information you’re sharing online. From birthdays to travel plans and family relationships, countless online forums expose sensitive personal information on a daily basis. With the introduction of smartphones and increasing popularity of smart homes, ever more information about you travels the internet, increasing the chances of internet scams and identity theft.
According to the Federal Trade Commission, there’s now a troubling new form of identity theft known as synthetic identity fraud. This is where a whole new fictitious person is created using data collected from a wide range of sources – Social Security numbers, address, names, work histories, and the like. This fictitious “person” then applies and receives loans, credit cards, and often builds up respectable credit scores before taking their illicit gains and vanishing. Synthetic identity fraud is the fastest growing and hardest to detect form of identity theft and was responsible for more than $800 million of fraud in 2017 alone.
Ways to avoid getting smished, phished, or hacked
Many precautions that can improve your internet safety seem simple to do. Where we typically slip up is in having the discipline and awareness to do them routinely and habitually. Technology can help keep you safe, but you must do your part. Traditional tips still apply, like installing antivirus software and keeping it up-to-date. Other things you already know: Be wary of links and attachments in emails from unknown sources. Make passwords long, strong and unique. And never access financial or other sensitive accounts from a public computer or Wi-Fi network.
You can also take advantage of newer technology to further protect yourself:
- Use two-factor authentication whenever possible. Two-factor authentication (also known as 2FA) requires you to use two different methods of identifying yourself before being allowed to log into an account. For example, you might need to log into a website with your password, and then enter an identification number sent to your mobile phone before receiving access to your account.
- Get a password management application. These “password managers” are the easiest and safest way to overcome the three biggest password culprits: creating easy passwords; using the same passwords on multiple sites; and writing your password down in an easily accessible location. A good manager tool allows you to remember only a single password and handles all these issues for you.
Every little bit of cyber awareness can help. Unfortunately, old tried-and-true hacks are still with us, though they might have evolved a bit from their beginnings. There’s no other choice than for us to remain vigilant, since unlike the dinosaurs, these threats are defying extinction.
#