“Ama, hami baira jada kina ghar ko batti balera gako? Ama: Belka dhilo bhayo bhaney manchey cha jasto huncha ni Ghar ma”. When I was younger my parents would close the curtains and keep the hall light on when we went out. On asking why they said in the evening to a robber it would look like someone is home. A simple olden gen security add-on along with the locks we use.
I remember the early days when everyone was so hyped about creating their email addresses. Cybercafes and computer institutions were opening up in every corner inviting us to take a glimpse of the future. Clicking that first send button to have a distant friend read that email in real-time gave us all power that has since changed our lives for the better.
Fast-forwarding to today we each hold a smartphone that fits in our pockets with computing power that makes the tech of yesterday look like a broken light bulb. But as the saying goes “with great power comes great responsibility”. The internet while being established only took the finer aspects of life into account and did not take into consideration the bad that it could be used for.
We all hear about scams, frauds, data leaks in the news. You think… But these happen only to large enterprises and to people who have millions in their bank accounts. Why should I bother myself with this?
Well, imagine you on vacation with your family. The first thing you do is click a pic of your boarding pass and post it online with a fancy hashtag #VacatonTime. You go on to check into amazing places, have a fun time and post a tonne of pictures. All in all, it’s a good vacation, until you reach home and find out that your house is as empty as it could be. How could the robber have known that you weren’t home?
A simple click of a link could lead to someone getting access to your webcam, microphone or your entire computer which you use to perform secure banking transactions. There is further disturbing news where children have been kidnapped by following their online footprints. These may seem like far-fetched scenarios out of a Hollywood movie but believe me, it could be you or your loved ones.
In today’s era information is key. You may have met a person taking a survey in a mall who notes your details and registers you for a free lucky draw. In the cybersecurity world, this is a simple form of a social engineering attack. The information that you so freely disclose is sold in the market for as less as 0.10p per individual to advertisers and scammers.
I strongly believe that it’s up to us to protect our families and especially our non-tech savvy elderly from the online evil just as we’d defend them in real life.
Here are a few common social-engineering attacks that attackers use to get valuable information.
Phishing: By far the most common way to target people and corporations alike. Just as it sounds phishing (fishing) is an attack technique that preys on our humanness and uses email, messages, websites and other forms of communication to retrieve information from users. According to recent studies over 80,000 people fall for these scams every day and disclose their personal information.
There are multiple ways in which you could be phished.
- A simple email with a spoofed sender address leading you to believe the communication is legit.
- An email with a document attachment containing macros with malicious payloads infecting your computer.
- URLs that direct you to a form/phishing page to get your credentials.
- An unsuspecting shortened URL (e.g. https://tinyurl.com/yytuwnhy) which expands on click to a suspicious web-site.
- As most of our population is hooked to smartphones there is an increasing amount of advanced phishing techniques targeting cellular devices these days.
Spear Phishing: Unlike common phishing techniques this is a more targeted approach to steal information. Rather than sending emails to hundreds of users, the attacker conducts reconnaissance and sends specially crafted emails to only a few likely users who would fall prey. E.g., if you’ve recently been to the hospital the attacker is more likely to send you an email regarding a pending bill with a link to generate it.
Pretexting: The subtle art of manipulation by pretending to be someone else to obtain sensitive information from users. I’m sure all of us have faced this at some point, maybe even unknowingly fallen prey. A call regarding your phone number winning the lottery and requesting you to send verification details to claim your prize. Or targeting specifically the elderly, a life insurance personnel requesting bank details or the account would be frozen immediately. The list goes on and on.
Baiting: An attack on your curiosity. What would you do if you found a USB drive near your car or your front gate? Attackers can inject malicious programs on USB devices and take control of your computer once you plug it in. Similarly, online forms of baiting can also occur via flashy ads and URLs that could download and run code in the background on your machine. Once your device has been compromised it can be used to get your entire personal data, carry out further attacks on your loved ones or be used in a larger botnet for illicit activities.
Not to further scare you but this is just the tip of the iceberg when it comes to cyber-attacks. With so much ongoing it’s sometimes an overwhelming choice on how to best protect ourselves.
The first step towards this is awareness and education.
- Stay informed of your surroundings and always be sceptical about the content you receive. Don’t ever say “It won’t happen to me”
- Would you keep the same lock on all your doors and locker with one key that could open it all? No, you wouldn’t. Likewise, it’s a blunder to use the same password for all your accounts. Create passwords as complex and irrelevant to your personal information as possible. Use a password manager software that would help you in creating complex passwords and managing them. Never write your passwords on notepads/diaries.
- Wherever possible, always opt for 2-factor authentication especially in your online banking applications.
- Scams and Phone call attack awareness
- A call from Airtel/Reliance asking you to verify your details such as an address, DOB so on.
- Insurance personnel calling to take your PAN, Aadhar, bank details to credit your money.
- Call regarding the urgent expiration of your debit/credit card.
- Recently scammers are pretending to call on behalf of Paytm/UPI services for KYC details.
- Income Tax department call threats as you have outstanding tax to pay.
- Automated voice calls intimating you that your credit/debit cards have been cancelled and verification is required for reactivation by calling a certain unknown number.
The above list is far from extensive but you get the gist. Ask your bank if you’ll get a verification call for something you’ve applied for. If anyone calls you and creates a sense of urgency or pressures you to do something, be extremely suspicious. It’s a good option to go to the bank branch and sort out your issue rather than give out your details and have a whole new problem at hand. Also, no genuine business would urgently ask for your OTP for verification.
Social media awareness
- Be selective with friend requests. We learn at a young age not to talk to strangers so why would you want to share your pictures/information with people you don’t know.
- Be very careful about what you share. Do not give away your details so easily.
- Make sure to check the privacy controls on social media sites and customize them to your needs. The stricter the better.
- Practice safe clicking, if it’s something unexpected or looks too good to be true it probably is.
- Posting vacation pictures/location after is perfectly valid especially if you’re leaving your home unattended.
- If you logged into your account from a public computer make sure to logout.
- In case you didn’t know already, just hitting delete doesn’t exactly delete that image/video from your device. There are still numerous ways we can retrieve deleted information from your storage (SD card, hard disks, smartphones..) It’s best to never capture/record things you wouldn’t want in the open.
- Protect your devices with the latest antivirus software and make sure to stay up-to-date on patches and system updates. If you have a router at home reset its default credentials.
- Be very cautious of what you plug into your computer. Viruses can easily spread through infected USB devices or even smartphones.
- With ransomware on the rise, it’s always best practice to back up your data.
In the ever-changing cybersecurity landscape, it is of utmost importance that we equip ourselves with the latest news and awareness regarding our surroundings.
Stay safe online!
Writes: Pallav Raj Gurung