It's a crazy time in the world of cybersecurity. Computer viruses aren't the only things threatening your online security these days. Now, there are several risks you take each time you surf the web or make a purchase.
That's why you need to know about these three top threats to your finances, privacy and personal data.
The current king of malware threats is ransomware. This attack takes your computer files hostage by locking and encrypting them unless you pay the cybercriminals a specified amount.
And it looks like this business is booming. Likely due to ransomware's profitability, the number of attacks rose greatly last year, making it the fastest growing threat in recent memory.
There are different variants of ransomware and we've covered much of them. There's Locky, Cryptolocker, PowerWare, Delilah, RAA, and the recent massive attack dubbed WannaCry. They basically fall into two categories: crypto ransomware and locker ransomware.
Cryptos are designed to encrypt certain types of files or extensions. Common file targets are videos, photos, Microsoft Office documents and PDFs. Locker ransomware locks out computer components, like your screen, or even entire systems.
Ransomware's scope is widening too. Criminals are reportedly casting a wider net by increasingly targeting individuals and smaller companies with smaller ransom amounts. It has been spotted on smartphones and tablets so it seems like no one is safe.
Different strains, changing vectors, but basically the same modus operandi - pay up or say goodbye to your precious files.
How to protect yourself against ransomware
The best way to defeat a ransomware attack is to take precautionary steps. Here are suggestions that will help:
- Back up data regularly - this is the best way to recover your critical data if your computer is infected with ransomware.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Never open risky links in emails - don't open attachments from unsolicited emails, it could be a phishing scam. Ransomware can infect your gadget through malicious links found in phishing emails. Can you spot one? Take our phishing IQ test to find out.
- Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Have strong security software - this will help prevent the installation of ransomware on your gadget.
Backing up your critical data is an important safety precaution in the fight against ransomware. It's the best way to recover your files without paying a ransom.
We recommend using our sponsor IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost!
2. Data breaches/Password leaks
We have seen quite a few data breaches and password leaks lately. Yahoo was the victim of multiple data breaches over the past year and over 1 billion customer accounts were exposed. This attack is the worst in history so far.
We've seen hacks on fast-food chains like Wendy's, hotels like Hyatt and even voter records.
The strategy here is simple. Hack into a company database with various computer tools, siphon out customer data, which may include user credentials, decrypt the passwords, maybe sell them on the Dark Web for willing buyers.
News of user information leaks and credentials getting hacked and sold are fast becoming issues that all of us have to deal with, one way or another. An online data breach, unfortunately, is now a fact of life.
What you need to do after a data breach:
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when after a massive data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your online account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on highly-reported data breaches. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that will lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. Bad idea. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.
Phishing attempts and social engineering tactics have also been on the rise. Phishing is when attackers send an email or another form of communication that pretends to be coming from a legitimate institution such as banking or shopping websites to steal sensitive data.
A more intricate form of this particular threat that is on the rise is spear phishing. Spear phishing is a form of a targeted email scam aimed specifically at an individual or organization by including individual information like name, phone number, or the company you work for to fool you into thinking that it is authentic.
Another scam that's gaining traction with cybercriminals is Business Email Compromise (BEC), which aims to trick employees into sending money transfers by impersonating executive email accounts. These attacks are initiated either by social engineering tricks, email spoofing or malware, targeting upper management executives, accounting and HR departments.
Follow these important safety steps to avoid falling victim to phishing attacks:
- Be cautious with links - If you get a text or email that you find suspicious, don't click on its links. It could be a phishing attack. It's always better to type a website's address directly into a browser than clicking on a link.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
- Have strong security software - Having strong protection on your family's gadgets is very important. The best defense against digital threats is strong security software.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.