8 tips to avoid falling victim to cybercrime

8 tips for baby boomers to protect themselves against cybercriminals

How Over 60s can become more aware of suspicious behaviour online

With continued advancement in technology each year, it’s important for individuals to ensure they stay abreast of the widely used techniques of cybercriminals. It’s estimated that 91% of cybercrime is due to human error, so it’s important to know how to protect yourself from being hacked, as well as having some understanding of how cyber-attacks occur.

The McAfee Cybercrime Report 2018 estimates that cybercrime may now cost the world almost $600 billion. An increase of $100 billion in since 2014 estimates by Center for Strategic and International Studies (CSIS). This number is expected to grow as new users come online around the globe, and as more cybercrime ‘centres’ are being built (currently Brazil, India, North Korea and Vietnam) and cybercrime software becomes more readily available.

A contributing factor to the growth of cyber activity is that cybercriminals can profit easier from stolen data – from improvements in cybercrime black markets and the use of digital currencies. There are currently more than 6,000 online criminal marketplaces sell ransomware products and services, offering more than 45,000 different products.

Now this doesn’t mean we should just shut down our computers and disconnect the Internet. But it does suggest we need to be more vigilant with our user behaviour when connected to the World Wide Web.

This blog explores 8 online tips that will help safeguard you against cyber scams.

1. Check for inconsistencies in website URLs before clicking

Always check whether the link on a website, or in an email, matches that of the person or business you are engaging with.

Whether it’s an email, website or streaming channel, the best advice is to always however your mouse pointer over the URL, button, banner advert or any clickable link that you are about to click (but don’t click it). The URL will display on the bottom left-hand side of your screen. Ask yourself, does that link look real, or does it contain gibberish, inconsistencies, or names that aren’t associated with brand / company name.

For example, if you receive an email from JB Hi-Fi with a sale and discount code in the email contents, however, when hovering your mouse over the link, the URL displays http://e.gamesgalore0z.com – you can be certain this is scam. Delete immediately (and report as Junk if your email browser allows).

This is most common in emails, with reports stating that 91% of attacks by sophisticated cybercriminals start through emails. For more details on how to detect dodgy emails, read our blog How to identify phishing email scams here.

Visiting infected websites is also a common way of picking up viruses, or being victim to cybercrime. It can be more difficult to detect dodgy websites versus dodgy emails, as most of these infected websites look just as professional as a profession website. This is why it’s important to take notice of website URL. Another tip is to check whether the website is encrypted i.e. https (more on this in tip 2).

Put simply, if you’re uncertain or suspicious about the website you’re on – use your judgement, play it safe and close the window.

2. Always be cautious about giving your personal information online

Do not share your personal information online unless you are certain that you’re dealing with a safe website. As mentioned in tip 1, there a lot of websites that look professional and legitimate, but are far from it.

Another tip for good practise, is to ensure the website URL has an “s” at the end of the http (example: this website is https://www.60plusclub.com.au). This is another common identifier to certify the validity of a website, via what’s known as an SSL (Secure Sockets Layer). In IT language, the https:// (SSL) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication.

In 2019, if a website is asking for your credit card details or personal information and does not have an SSL certificate (https://), do not provide this information – and close the webpage down. However, it is still fairly safe to browse a website that only has http://, but do not purchase from one.

Whilst there are some dodgy websites that have SSL certificates, most don’t. So by checking the https along with other tips in this blog, you will have a greater chance of avoiding being attacked.

3. Create strong passwords & practice good password management

We all have too many passwords to manage – and it’s easy to take shortcuts, like reusing the same password, shortening passwords, or using basic / generic passwords that a hacker could break in less than 2 minutes. But as painful as it is, being diligent with your passwords will safeguard you from being hacked or having your data stolen in the long run. Alas, tip 3 is password management control.

Here are some general password tips to keep in mind:

• Use longer passwords – More than 8 characters or more is recommended.
• Use a mix of numbers, symbols and case sensitive letters if permitted.
• Try to avoid using the same password for multiple sites.
• Don’t share your passwords, especially via the internet or email.
• Update your passwords periodically, at least once every 6 months.

A password management program can help you to maintain strong unique passwords for all of your accounts. There are a range of online password management software programs (see best picks here), and some that also offer free versions – word of caution, don’t be too trusting with free software as they’ll have access to all of your passwords!).

4. Avoid using public Wi-Fi, especially when checking sensitive information or purchasing

Public Wi-Fi can be found in popular public places like airports, coffee shops, malls, restaurants, and hotels – and it allows you to access the Internet for free. These “hotspots” are so widespread and common that people frequently connect to them without thinking twice.

Fake public Wi-Fi networks have similar sounding names to legitimate public Wi-Fi networks – aimed to trick and confuse you in to using their fake alias Wi-Fi network. Once you connect to their public network, everything you do online is tracked by the cybercriminal, generally scanning for banking and social media login information.

They can also infect your computer with viruses and other malicious software, causing serious damage to your computer and jeopardising your personal information. For example, the cybercriminal may trigger a pop-up window to appear during the connection process offering an upgrade to a piece of popular software. Clicking the window installs the malware.

A few simple tips to reduce the risk of accidentally connecting to a unsecure public Wi-Fi:

• Verify your connection. Simply ask an employee what the actual Wi-Fi account is to avoid connecting to a dodgy network
• Do not log on to a network that isn’t password protected
• Avoid checking sensitive data when connected to a public Wi-Fi network. Which means avoiding logging in to your social media, emails and especially your financial accounts such as banking
• Turn your Wi-Fi off if you’re not using it (same with your Bluetooth). Even if you’re no longer connected to that Wi-Fi, if the Wi-Fi function is still on, it can still be transmitting data to the cybercriminal with any network in range
• Only visit sites using HTTPS, especially when purchasing or logging in to your bank
• Log out of any open accounts online when done using them
• Don’t allow your Wi-Fi to auto-connect to networks. Change your settings to disable this function and connect manually if needed

For more information – watch this 2 minute video by Kaspersky Labs

5. Don’t give away too much of personal information online

In today’s digital world, most websites try to gather as much information about you as possible, especially when asked to create a new user profile. It’s important to remember that your personal data is what is targeted by cybercriminals. Pay close attention to whether the fields are mandatory to fill, and always question why some companies will want to know more about you than necessary. i.e. If you sign up for a free e-newsletter and are asked for your D.O.B, phone number or postal address.

If these fields are mandatory and you want to proceed, consider using an alias or fake details where your real identity is not needed or relevant. You don’t have to use the real details all the time (unless it’s your banking information). And you can also check the website’s terms and conditions to see what they plan on doing with your data.

So as a general rule of thumb, be cautious about the amount of information you reveal online. It’s important not to reveal too much, especially on public platforms like social media (read our article on how much Facebook actually knows about you – read here). Or if you do feel it important to include everything about yourself on Facebook, you should at the least restrict who can access your profile, images and posts. This can be done in settings, and it ensures your information is only available to those in your Friends network.

Subscribe to our newsletter

6. Install anti-virus protection software on your computer

Malware, viruses, phishing, ransomware: It can be a dangerous digital world out there. So it’s important to get the right type of protection for you.

Most software is an annual cost, but just think of anti-virus software as insurance. Protecting yourself against malware will save you a lot of stress and unhappiness if you lose all of your files or have to rebuild your computer.

Unfortunately, we have a lot more to worry about than just viruses today. Malware is a general term that refers to many types of threats, such as:

• Virus: Harmful software that replicates itself and spreads itself to other devices
• Adware and spyware: Embedded in free software, such as weather trackers and screensavers; this type of malware generates ads and tracks behaviour
• Phishing: Seemingly safe links take users to malicious sites that gather personal data and login credentials, and can be found within websites, emails or even ads
• Pharming: Similar to phishing attacks, pharming attacks redirect users from a legitimate site to a malicious one
• Ransomware: When downloaded, ransomware blocks access to files and programs until users pay a set fee

So which anti-virus software brands are the best? This will depend on your price point, level of security checks, reporting, and much more. It sometimes pays to shop around on price, but only install an anti-virus program from a known and trusted source. If your computer has been installed with a freemium version, the brand can generally be trusted – or just shop around.

Here is a list of trusted anti-virus software.

7. Beware of suspicious emails and phone calls – Phishing scam threats

Phishing scams are a constant threat. Using various social engineering ploys, cyber criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.

So, what does a cyber-attack generally look like? It could be an email that appears to come from your bank or credit card company. It always appears urgent and includes a link to click or document attachment to open. However, if you look closely at the email, you can find clues that it might not be real.

Phishing scams can be carried out by phone, text, or through social networking sites – but most commonly by email. Read our blog in relation to a current phone scam – Protect yourself against phone scams from fake ‘Telstra technicians’.)

Some key aspects to be aware of regarding email phishing scams:

• Don’t trust display names as these can be anything a scammer wants them to be
• Check for fake email domains; they’ll often be slightly different versions of the real thing
• Look at the logo and other images; low resolution images can be a giveaway
• Review links carefully by hovering over the link text (without clicking). A link that is different from the one in the link text is a sign of a malicious link
• Look out for bad spelling and grammar, as this can be a tell-tale sign that it’s not a legitimate message
• Be suspicious of any official-looking email message or phone call that asks for personal or financial information
• Always look at the web address before clicking on the link – do this by hovering your mouse pointer over the link (but don’t click it), then look at the web address that shows up either above the link or in the bottom left corner of your screen. If the link looks in any way suspicious, just delete
• Never open an attachment from an unknown sender – by downloading email files, apps, videos, and music files online, your computer can be infected by thousands of infected files, usually a worm or a Trojan horse. If you don’t know the sender, do not open any file attachment and delete!

For more detail on identifying phishing scams, read our blog Tricks to help you identify potential email scam attacks.

8. Ensure your operating system and programs are up to date

Installing software updates for your computer operating system and programs is critical. Always install the latest security updates for your devices.

Hackers live for computers that are outdated and that have not had security updates or patches installed in a long time. They’ve studied ways to gain access to your computer, and if you haven’t installed updates or security patches, then you’re opening the door and inviting them in.

Two simple ways to ensure your operating system is up to date:

• Turn on Automatic Updates for your operating system. Your computer will generally prompt you to update.
• Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.

If you can allow automatic updates on your computer, do it. If not, then make it a practice to immediately install updates and patches as soon as you are notified they are available. Keeping your system up to date is one of your most effective weapons against cyber attacks.

Good luck!

Source:
– Telstra, Cyber security. Read more
– What you need to know about Australia’s three most common cyber threats. Dominic Powell, 13 October 2016. Read more
– Berkeley Information Security and Policy. Top 10 Secure Computing Tips. Read more
– Kaspersky. How to Avoid Public WiFi Security Risks Read more
– Norton by Semantic. The risks of public Wi-Fi Read more

Subscribe to our newsletter