For those of us who shop, pay bills, and bank online, digital online security is something we expect to be built into the system. Our computer or ISP (Internet Service Provider) will take care of it, our programs, or the company I am contacting on the net is responsible for that, right? Unfortunately, this isn’t the case.
Identity Theft, Credit Card Breach, and Ransomware: That Stuff Only Happens to the Other Guy, Doesn’t It?
As we’ve seen with the recent attacks on major healthcare companies like Anthem and Premera, retailers like Home Depot and Target, banks like JP Morgan Chase, and Citibank, and government offices like the OPM and US Postal Service, our data can be exposed and circulated for sale in the Deep Web without any mistakes on our part. But what does that mean to us? What are we really exposed to now, and more importantly, what should we do?
In the recent days, a breach has been merely an inconvenience. Hackers scraped all or parts of our credit card from a recent purchase, the bank caught it, cancelled our card, and we had to wait a few days to get our replacement. It’s simply a hassle and more of a pain than a crisis.
Well, the next round of cyber crime will not be so tame. Criminals who have gone for the “low-hanging fruit” and easy targets, will turn to harvesting the plethora of identities and personal information that is for sale in the deep web. Phishing attacks, and more concerning, spear phishing attacks, will really start to hit home. Protecting your identity and privacy is more important than ever.
A spear phishing attack is harder to pick up on.
Hackers will do research on the person they wish to attack to trick them into clicking their infected link. These emails will be targeted to the individual using facts about them found through Google searches and social media sites. This attack takes longer for the hacker, but the chances of it being a success are greater. Stay skeptical when going through emails. Even if an email says it’s from a friend, it may not be! It may be a spear phishing attack.
Other attacks include, drive-by-downloads, malware programs that are automatically dropped into your system with just a simple visit to an infected website, and even social engineering calls to your home or office. In these cases, professional criminals call impersonating anyone you may know, your IT department at work, Microsoft, the local police, your bank, or your child’s school. We can’t forget about tried-and-true attacks such as Trojans. Trojans are programs that you choose to download believing it’s something else. In example, a useful new program for printing, or a great new app for your smartphone. However, it actually has another program hidden inside the code, and once it’s on your system, it will deploy and infect it. Often these Trojans are hiding Botnet programs which infect your system and contact their command and control center for more malware or instructions on who to attack next.
So, the bottom line is simple: there is much more to worry about, or better yet, prepare for, than having your identity stolen. Keep your system(s) updated, use antivirus software, and use strong passwords.