Cybercrime is big business and we all may be at risk. In 2017, £130bn was stolen from consumers by a range of attacks including phishing, ransomware and online fraud. Already, data theft and ID fraud have become a major global industry and as we put more and more of our lives online, the danger is going to grow.
However, even as the threat grows, many people still appear blissfully ignorant. They believe they will not be targeted and allow defences to lapse. Worst of all, people know little about the types of attacks they might face and what action they can take to protect themselves. So, if you’re worried about keeping your data safe, here are a few key questions to ask.
How Can Criminals Steal My Data?
Whether you’re an individual, big business, charity or government agency you will have something the scammers want. Worst of all, as everything becomes more connected, scammers are finding new ways to get at us.
- Phishing Emails: Emails that try to persuade you to click on suspicious links or reveal sensitive information such as bank details.
- Social Engineering: Using social networks to gain information about you and make scams look and feel more convincing.
- Data Breaches: Targeting companies to gain access to the data they hold about people. This can leave you vulnerable without knowing it.
The majority of attacks are targeted at personal email accounts. Phishing scams have been with us for years, but some are more convincing than others. At the bottom end of the market are those which are fairly easy to spot such as a badly spelled email asking you to contact them about a job offer or a cash prize. It doesn’t take an expert to spot this type of fraud, although the fact that they are still being used means that someone is falling for them.
Unfortunately, phishing emails are becoming more convincing all the time. Emails can look and feel as if they have come from a bank or a reputable company. Scammers will often go as far as recreating the content tone and branding of a site to make the illusion more convincing.
In many cases the targeting is random. They will send branded emails from several banks hoping that it’s the one you bank with, but once again they are becoming more sophisticated and finding ways to target us all individually.
Social media has become more popular than ever before. Facebook passed two billion users earlier this year. Twitter, Instagram and other social media sites are also growing rapidly. Millions of us use dating websites, streaming services, message boards and ecommerce platforms – all of which require us to upload a significant amount of information about ourselves.
How Does This Affect You?
Cybercriminals can use easily accessible information – much of which is publicly available – to find out a lot about their target. For example, using social media posts they might find out who we bank with, what services we use, where we work and many other important details. This helps them develop attacks which look and feel more convincing.
Emails may come from organisations you work with and can seem more personalised. Scammers have even been known to pretend to be work colleagues asking for logins to certain parts of a business account. With many companies routinely using freelance staff working remotely, criminals see this as a good way to gain access to sensitive personal and financial information on both employees and customers.
Are You Browsing Safely?
Browsing the web can be more dangerous than you think. Programmes you download or websites you visit can act as a doorway to viruses, worms and similar threats.
- Viruses: These attach themselves to a programme and, once downloaded, start to spread throughout the system
- Worms: Unlike viruses, they do not need to piggyback onto a piece of software. They use networks to send copies of themselves to other computers. They often exploit weaknesses in legitimate programmes in order to get onto your computer.
- Spyware: A file which monitors your activity and can, depending on the type of attack, take control of your computer.
- Logging Keystrokes: A programme that records your keystrokes. By doing so, it can access information such as passwords and account numbers.
The threat often comes from applications which look safe. Malicious software is designed to exploit weaknesses in familiar and trusted programmes. Even antiviruses are not immune as users of Kaspersky found out in 2017 after a widely publicised data breach.
However, it’s not all doom and gloom. New rules give you a greater say about what information companies hold about you. You can demand to be told what information a company holds, and what security measures they take.
If you don’t feel comfortable having them holding your data, you can ask for it to be removed. It’s worth noting though, that if a company has a legal or regulatory obligation to keep the data on file, they don’t have to delete it.
Most people understand the value they get from a third party holding their information and will be willing to take the risk. However, since it is you who will suffer if that data goes missing it makes sense to do everything you can to ensure you are protected.
What Are The Warning Signs?
Many pieces of malware are designed to sit in the background and may operate without your knowledge. That said, there are warning signs which could suggest your computer has been compromised.
- Unfamiliar Programmes On Your Computer: If you are the only person who uses the computer or mobile device and you see programmes or apps you didn’t personally install, it’s a big red flag. There may be an innocent explanation. Your device may have downloaded updates, or another piece of legitimate software may have installed programmes it needs to run. Either way, you should check your computer for viruses.
- Firewalls & Antivirus Software Is Disabled: Viruses may disable antivirus software to prevent it sending alerts. If you find that your computer’s defence programmes have indeed been disabled, there may be a virus on your computer.
- Your Email Starts Sending Spam: Cybercriminals can take control of your email address and use it to spread advertisements and viruses. If your friends or family start to receive suspicious emails from you, it’s a sure sign your account has been compromised.
- Your Device Starts Running Slowly: If your computer takes longer to start than usual it could be an indication of malware. Of course, there are many other reasons why your devices might run slowly including lots of active background apps, inefficient use of disk space and a shortage of memory. However, it’s better to be safe than sorry and perform a thorough scan if you notice a performance drop.
- Passwords Have Been Changed: If hackers have gained access to your accounts they may change passwords. They may also change the password to access your computer.These will not change on their own, so if they have, get in touch with the company which runs the account.
How Can I Protect Myself?
Defences against data and ID fraud have become tighter. The latest anti-viruses provide excellent protection, but you must update them regularly. An anti-virus works by scanning incoming programmes and checking them against a database of known threats. If it identifies a programme as dangerous or suspicious it can place it in quarantine or remove it completely.
Because attacks are evolving, the database that anti-virus programmes check suspicious programmes against is changing all the time. If you don’t download patches or update your anti-virus software, it will become less effective. It can become annoying when you get frequent messages suggesting you install updates, but this is the best way to stay protected.
It’s also good practice to perform routine cleaning operations on your computer. Anti-virus applications can identify malicious programmes, or you can remove them yourself by deleting suspicious files. Aside from anything else, a regular spring clean will not do your hard drive any harm.
Anti-viruses can do a great deal to keep your computer safe, but the biggest weakness is human error. The majority of successful data thefts occur because a person clicks through to a scam website or provides personal information to an unfamiliar source.
Only ever disclose information to verified sites (look for https and the lock symbol in the URL bar) and never click on links you aren’t 100% confident are legitimate.
This is also true of mobile devices – make sure that you follow the same common-sense guidelines when browsing or opening emails on a phone or tablet.
If you receive an email from someone you don’t know asking you to click on a link or hand over personal details, you should be careful. Make sure you only share information with people that you know and always contact companies directly via information on their official sites to discuss any suspicious messages you have received.