Staying safe in a digital world
Whether you prefer a personal computer, carry a tablet or use a smartphone, connecting with the world has never been easier.
But there's a darker side to our digital world, where threats to the privacy of your personal information lurk.
Phishing is one common scam. And according to figures released in the 2016 Norton Cyber Security Insights Report, in 2015 86% of people experienced a phishing incident with 13% of those people taking a compromising action like responding with personal information or clicking on a link.
80% of those who took a compromising action experienced negative consequences including identity theft, money stolen from bank accounts or credit cards opened in their names.
Not enough of us are tapped into how quickly cybercrime is evolving. Hackers creating mischievous computer viruses that wreak havoc is "old news". Now, the stakes are much higher as hackers often focus on stealing your private information, your identity and your assets.
Cybercrime: email and connected devices
Consumers are more attuned to safeguarding their personal computers from established risks. But email and connected home devices; where the public is less aware of the dangers – are also avenues for fraud.
Norton's research noted that 51% of people are not truly sure how to tell a fake email from a real one. And nearly one in five connected home device users do not have any protective measures in place for their devices.
Here are some of the most dangerous privacy threats to watch out for.
Phishing, or brand spoofing, uses emails and look-alike websites to trick you into providing personal information.
Under the guise of a reputable brand like a financial institution, credit card company or government agency, thieves will approach you with a bogus appeal to lure you into responding. This might be a request to update your account, confirm billing information or enter a contest. That request often includes a time element such as a threat to cancel or close your account if you don't respond quickly.
The malicious email will direct you to click on a link connected to a web address that's standing in for a legitimate website. Once there, you'll be asked to provide personal or financial information like credit card details, social insurance numbers or banking passwords.
Phishing scams often target the financial and payment services sectors.
SMiShing (SMS phishing)
SMiShing, short for "SMS phishing", is similar to phishing. But it is the practise of using text messages sent to a mobile device in an attempt to get you to release personal information or click on a fraudulent link. Many people are unaware of this type of scam.
A SMiShing attack usually has a call to action for the intended victim that requires an “immediate response”.
Sample SMiShing text
According to Central 1 Credit Union, the following is a SMiShing scam that has taken place across Canada. People receive an alert, requesting that they call a toll free number because their account has been locked due to exceeding online attempts. The text messages reference a financial institution name, however the person receiving the text does not always have a relationship with the financial Institution referenced, which indicates that the text messages are being randomly sent.
Customers who call the number are prompted for their card number, expiry date, and their personal access code. You should not provide this information over the phone to anyone at any time, as this may lead to your account being compromised.
BlueShore Financial has implemented a number of safety measures to combat scams including security alerts. One of which advises clients if an account has been locked due to three unsuccessful login attempts.
If you have any suspicions or concerns at any time, it's best to contact your financial institution directly.
Vishing or "voice phishing" works phone contact into the act. A visher calls and speaks directly to you or leave's a voice message to try to get you to call them back. Either in person or through an automated system, they then attempt to get you to release personal information.
Recent telephone scam
A recent telephone scam involves receiving a call from an unknown person who asks, "Can you hear me?" Any response to the question is being recorded.
If the answer is "yes", because it is recorded it can then be used as a digital authorization for fraudulent charges. If you receive this type of call it is best to not answer and simply hang up the phone.
Spyware and ransomware
Spyware is a type of malicious software or "malware" that, once installed on your computer, allows criminals to monitor your behaviour and gather valuable data. Spyware isn't intended to crash your system or wipe its memory like the computer viruses of the past. Instead, it works quietly in the background tracking your keystrokes, searching your hard drive and sniffing out your personal details to send to unknown parties.
Ransomware on the other hand, is software designed to block access to a computer system until a sum of money has been paid. While often targeted to company networks, individuals have also been caught.
Many people use free or unsecured Wi-Fi networks in airports, coffee shops and other public places. The perils of open Wi-Fi begin when you log on to a network labelled "Free Wi-Fi" or a similar descriptor.
That free network may be nothing more than a gateway to track your activities, observe passwords you enter or view your sensitive information. Criminals will sometimes use a different tactic, setting up copycat hotspots with the same name as a legitimate network hoping to fool you into thinking you're connecting to the real thing.
How you can protect yourself
Despite the sophisticated methods fraudsters are devising to invade your privacy there are steps you can take to protect yourself.
1. Remember the essentials
A few basic steps will go a long way to protecting your personal information.
- Keep the operating systems on your devices current with the latest updates and patches
- Install security software that can detect viruses, spyware and other malware and provide a firewall to protect your data
- Use email spam filters
- New malware is appearing constantly so ensure your protective tools are set to update automatically
2. Understand how reputable businesses act
It's easier to spot potentially dangerous communication if you know how trustworthy organizations behave. As an example, BlueShore Financial will never send you an unsolicited email asking you for your password, account numbers, confidential information, or urge you to restore your account access in this manner.
Also remember, before entering sensitive data through the website of any company you deal with, make sure you first see the "https:" prefix or a padlock in your browser's address bar.
3. Verify, verify…and verify
Learning to be a skeptic can keep you safer online. Don't click on a link or call a phone number that comes with an uninvited email, pop-up or phone message without first verifying it's valid. Avoid opening attachments or installing software from an unknown source.
When you're mobile, know what you're connecting to. Only download apps directly from a service provider's website or an authorized source (e.g. Apple App Store). If you must use a public Wi-Fi network, check with a representative of the place you're visiting to make sure it's a genuine connection.
Using the privacy settings on your mobile device, including the password or passphrase feature, will help protect your connection and keep your data secure should your device be lost or stolen.
4. Don't overlook old-school risks
It's no surprise that security in the smartphone age concentrates on the digital channel. However that doesn't mean yesterday's threats have disappeared.
Be vigilant to identity theft and breaches of your privacy when you're offline as well.
- Don't write down PINs or keep them in your wallet
- Remember to sign your credit and debit cards as soon as you receive them
- Monitor your accounts and statements for unusual activity and shred confidential documents you no longer need
- It's wise to get in the habit of reviewing your credit report at least once a year
5. Use complex passwords and change them regularly
Norton stresses that using complex passwords and changing them regularly is still one of the best ways to protect your privacy online.
When creating passwords, longer is better.
- Go with one that's at least eight characters in length
- Use a mix of upper and lower case letters, numbers and special characters
- Avoid choosing real words, numbers in sequence or personal information that can be easily obtained like your birthdate, names of family members or phone numbers
- Set a reminder to change your password every six months
6. Take steps to protect you home network, connected devices and smartphone
- Use two-factor authentification on home computers, email accounts and smartphones where both a password and a second authentification step are required
- Install anti-virus software on both your computer and smartphone
- Ensure your home network is password protected by a password that you created, not the default password that comes with your router
- Password protect all your connected devices with different passwords
- Keep your personal computer on one network, and your connected devices on a second network - multiple networks can be set-up with many routers
- Never click on links in emails
Technology will continue to open doors to greater convenience in your financial life and beyond. That technology can be used more safely if you understand the risks and take the right steps to secure your privacy.