In our previous post, we answered the question, “How do I keep my passwords safe from cybercriminals?” It explained some of the behind-the-scenes tactics like password cracking that cybercriminals use to gain access to user accounts. But what about the tactics cybercriminals use to trick us in to revealing our passwords outright? To combat those, we need to improve our cybersecurity awareness.
I’m here to make sure that today you learn a thing or two (or four) about cybersecurity awareness. If you combine strong password behavior with a basic level of cybersecurity knowhow, you become a big problem for cybercriminals.
1. Be on the lookout for phishing attacks in your email inbox
A phishing attack is when a cybercriminal creates a fake email that looks like a real email from a service you’re likely to use, like the infamous Gmail scam from 2017. They do this in order to either elicit sensitive information like a password or credit card number, or get the target to click on a malicious link that infects the computer with malware.
Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— Zach Latta (@zachlatta) May 3, 2017
Phishing scams are everywhere nowadays and they’re shockingly effective—I’d bet a small fortune that most people reading this article have been tricked into clicking a false link or submitting their information on a fake login page. (Myself included!)
Be skeptical of any email that asks you take an action or submit sensitive information. This is especially true when the email uses urgent language.
Keep in mind—services that you use will almost never ask you to submit sensitive information online through an email request. You can always separately reach out to a support agent from that company or service if you’re worried about the authenticity of an email.
Always double check the “Sent from” address, and never click on links or attachments without scrolling over them and hovering your mouse to ensure the destination URL is legitimate.
If it smells fishy and looks fishy, it’s probably a phishing email.
2. Keylogger attacks are game over for you and your data
One of the reasons phishing attacks can be devastating is because if you click on a bad link or attachment, you can accidentally install a keylogger on your device.
A keylogger is a type of malware that does exactly what it sounds like—it logs everything you type on your device and sends the data to the cybercriminal that initiated it, including username and password information.
But wait, there’s more.
Keyloggers can take screenshots on your device, track the websites you visit and the applications you download, capture copies of emails in your inbox or sent box, and record all of your messages from any messenger app or service you use (e.g. Facebook Messenger).
In other words, if you have a keylogger installed on your device, you might as well throw it in the trash and light it on fire. (Or, you can try and salvage it. Your choice.)
3. Social engineering is a tricky beast
Social engineering is a targeted attack that uses publicly available information about you to try to convince you to hand over sensitive information or click on a malicious link.
Imagine someone gives you a call claiming to be from your bank or cable company. They ask for a few details to shore up a minor, but urgent, problem in your account. You say yes, because it will only take a couple minutes to resolve and you don’t want to deal with it later.
Voilà—in just two minutes, they have all the information they need to access your account and steal your credit card information—or worse, withdraw a large sum of money directly from your bank account.
Always be skeptical! You can reach out to a bank or service directly if you have any doubts.
Remember, if a service you use is asking for personal information like a password or account number, it’s very likely a scam.
4. WiFi traffic monitoring means being careful with free WiFi
You’re alive, so I assume you’ve been to a coffee shop, hotel, restaurant, or store that offers free WiFi recently.
If you’re using free WiFi, you should always be sure you’re only using websites with an “https” secured connection. Setting up a WiFi sniffer on a public WiFi is easy and allows cybercriminals to collect any username and password information you type while you’re browsing unsecured sites.
Want to use free WiFi without being paranoid? Use a VPN (virtual private network) to secure your connection and block any malicious actors that could be middle-manning your free, unsecured WiFi network.
That wasn’t so bad, was it? Your cybersecurity awareness is through the roof right now. Try to remember the lessons you learned today, and teach your friends, parents, children…whoever will listen. Because this stuff is important!
Good luck out there.
If you have any questions, feel free to leave them in the comments below, and I will try to answer them as quickly as I can!