More Useful Stuff
Cyber crime is on the rise and your smartphone makes you an easier target – protect yourself with these tips
It’s important to know that not all hackers are out to sow mayhem and destroy credit ratings. Some are just trying to make things better by making changes to existing systems that benefit the public – those hackers are the whitehatters. Blackhatters are the type that are on a search and destroy mission.
Hackers have the ability to get your valuable information like email addresses and address books. These can be sold as marketing ponds, or to genuine marketers, who will send you spam in the hope of landing your personal data. Whether hacker’s are working to benefit you, or to get their hands on your valuable information, it’s important to know how to protect your data from others.
There are various types of hacks: system hacks, device hacks and social engineering hacks. Here’s how to protect yourself from all three.
Social engineering hacks
These is the most prevalent type of hack, called phishing. (You should have got a couple of emails from your bank about this.) A person will give up their data voluntarily thinking that they are interacting with a legitimate site – like the spam from the Chinese chemical company or Ghaddafi’s son. Due to the overwhelming numbers involved it usually runs as an automatic script rather than one person interacting with the user. To avoid getting caught, position your mouse cursor over the “link” in the mail. If the web address that appears in the bottom of the email or browser window doesn’t match the link description in the email then you are almost certainly headed into a trap.
These come from insecurities in the software you’ve loaded or the access you’ve mistakenly given. Either you haven’t blocked a device from external connections, or a bluetooth channel is permanently left open. Device hacks can be the fault of the software loaded on the system or the fault of the user who is downloading viruses and trojans through their browsing or other risky online behaviour.
At some point you’ll entrust your details to a company and if they haven’t adequately secured their website, premises, system, data or building they can be hacked. It happened to big online corporates like Linkedin and Apple, but it can happen to any company, bank or government.
Watch your websites
Even a “strong password” that includes numbers, letters, capitals and symbols can be hacked. It doesn’t matter what you type in if there’s someone on the other end of the website that is reading the field where it’s stored. If a website gives you an option to send you your “lost password” (via email or SMS) beware. This means they have stored the mechanism to decipher whatever hashing they’ve done. Websites that send you a link to reset your lost password are slightly better.
Some security projects use salted passwords that are hashed and stored in their transformed format. They take your password and then use a unique key that transforms your password into something unintelligible. If you use a different key for every single person in your database it can be a little bit more challenging to find out the actual password. But it can still be deciphered. Linkedin used a very simple hash for its password system and it got hacked. Once someone has the ability to see the salted password and they know the value that was entered to arrive at that password they have a basis for interrogating the algorithm for everyone on that system.
Vary your passwords
You use the same password for every website, email account and bank account right? Not smart. A hacker only needs to find one site or system that is not secure and the rest of your accounts are theirs for the taking. If you can’t remember a million different combinations of your dog’s name, download Safewallet (download at sbsh.net or you smartphone applications store). It’ll give you random passwords – that can be as complex as you want – and store them for you. (But a hacker only needs to crack your Safewallet password to get access to everything… so it’s a bit of double edged sword.)
Avoid QR codes
You have absolutely no clue what you’re doing when you scan those little black and white QR code blocks. Unlike a normal domain name link where you can usually tell that it’s not the official website, QR codes will take you to the site before you even know it may be a trap. There are QR code readers that can give you a clue about where you are going to be surfing to, but nobody but the very paranoid will actually ever stop to read the code before surfing straight to it. And even if you know where you were going, there’s no guarantee that it’s safe.
Do business face-to-face
All a hacker needs is an existing credit card number and a name to attach to it in order to hide under the anonymity of an online profile. Because of FICA regulations setting up a credit card under a fake name is difficult, messy and opens you up to being caught. So keep your credit card details safe. (Hackers prefer to use details of someone who has died, that way when someone doesn’t recognise a bank charge or gets called to collect a bad debt then there is no one to physically find or contact.) Be careful of keeping large amounts of data on th web, like Cloud storage – this is no different from uploading your data to a website or your email on a hosted server. Its still your data that’s on a server somewhere, there’s just more of it and it’s password protected. Its up to you what you are exposing and you have no guarantee of its security. Ever.
Keep it simple
You can take small precautions but there are never any guarantees. Be vigilant. Check on your credit profile every now and again. Use a software program to give you different passwords. Change them for every site from time to time. Get a reputable anti-virus programme – free or paid for. But remember that even an anti-virus programme isn’t full proof. New viruses are created all the time and software bugs are a natural occurrence in systems, (and no virus program will ever stop you from being exploited through a social engineering hack).
Kaspersky One is your protection solution for all your devices. Worldwide, 50 million people are now members of the Kaspersky Security Network, sending data to the company’s Moscow headquarters every time they download an application to their desktop. When it comes to keeping computers free from infection, Kaspersky Lab is on its way to becoming an industry leader. phoenixsoftware.co.za