By: Lea Ysabel Q. Evangelista and Kristin Clarisse H. Mateo
With the increase of reliance on the internet due to the pandemic, cyberattacks and cybercrimes have also become more prevalent as cybercriminals take advantage of the current situation.
According to Cisco Systems Inc., cyberattacks are malicious and deliberate attempts by an individual or organization to damage the information system of another individual or organization. On the other hand, as defined by Kaspersky, cybercrimes are criminal activities that are done by hackers or cybercriminals that target a computer, computer network, or network device.
Therefore, online users need to have a stronger line of defense to not become victims of these illegal cyber activities.
Knowing the common types of cyberattacks
By being aware of how cybercriminals do these illegal acts, people can avoid being potential victims of cyberattacks and cybercrimes. Some of the common types of cyberattacks are phishing, smishing, malware, and man-in-the-middle (MITM) attacks.
To start, phishing is a type of attack that occurs when cybercriminals impersonate a legitimate company or business and send emails that ask for sensitive and private information. For example, a phishing site might have a domain name like facebo0k.com and a similar interface to the actual Facebook login page to acquire data from unsuspecting individuals.
A subtype of this cyberattack is smishing – short for SMS phishing – which is a rising threat that occurs through short message services and phone numbers to extract data from the intended victims. For instance, a well-known online payment and digital wallet application reported issues regarding this cyberattack since there were circulating text messages that asked for the online users’ pin codes and other private information.
Malware or malicious software, meanwhile, get transmitted through unsolicited email attachments, social media messages, or downloaded files that serve as a passageway for it to catch the victim’s attention. When downloaded into and opened in a vulnerable device, malware can cause varying levels of damage depending on the type. Some examples of malware include trojan viruses, spyware, and ransomware.
Lastly, a MITM attack is when a cybercriminal intercepts a conversation between two individuals to steal important data. Typically, this attack is executed by having access to unsecured Wi-Fi routers such as free Wi-Fi hotspots and even at home. From there, scripts and programs are deployed to intercept and decode encrypted data.
Defense against these common cyberattacks
To prevent oneself from being a victim of phishing and smishing, never provide sensitive information without verifying the content of the email or message and its sender as these may not be legitimate. If in doubt, send a message to the sender’s email or reach out via call or other means. Report this incident to the concerned authorities if it was a phishing attempt. Also, to avoid logging into look-alike websites, double-check the domain name of the website that one is accessing and verify if it is a legitimate website. Check if it has a secure HTTPS protocol as well.
Next, to prevent malware from wrecking a device, scan downloaded files first using an antivirus or antimalware software before opening them. It is also possible to scan for malware before downloading using services like VirusTotal, which can be integrated into browsers. Learning to identify suspicious websites and questionable links is also a critical preventive measure to be safe.
Lastly, to avoid MITM attacks, do not use public networks for confidential matters. Also, implement virtual private networks (VPN) to ensure safe surfing and transactions. Make sure that the websites being accessed are secured with HTTPS protocol as well.
General security measures for online accounts and transactions
To be able to protect one’s online accounts against cyberattacks and cybercrimes, Engr. Eric B. Blancaflor, a CompTIA Security+ certified professor of the Cybersecurity track in the Information Technology program of Mapúa University, shared some tips from the Certified Secure Computer User (CSCU) material of the EC-Council Foundation, a non-profit organization determined to raise awareness on cyber safety issues and unify global cyber defense. These tips focus on securing online accounts from unauthorized access, phishing, malware, data breach, and identity theft.
As mentioned by Engr. Blancaflor, the common measure to protect one’s online accounts is to “always protect your password and personal information.”
First, online accounts for email, social media, banking and finance, and other transactions should have strong and passwords that contain a combination of letters, numbers, and special characters to protect users from brute force or dictionary-type attacks to a system. These passwords should also be changed regularly. Do not use common information for verification as well. Furthermore, it is not recommended to use the ‘Keep Me Signed In’ or ‘Remember Me’ functions as these allow cyber attackers to access a user’s computer with malware. Refrain from sharing personal information and divulge only the required and necessary details. Physical documents that have sensitive information should be shredded, not thrown away, so that these details could not be used on illegal cyber activities.
For emails, provide an alternate email address for faster email recovery. Email attachments may also have malware in them, so double-check the content and the sender and scan these files to ensure that these are malware-free. Taking a step further, creating a junk email, and using spam blockers to filter out unwanted emails can come in handy to avoid ambiguous messages.
When using social media accounts, make sure to read the terms and conditions of the website carefully. It is also best to change the settings of one’s profile to private and not share sensitive information to others. Additionally, limit the access of the media shared online to friends. Accept friend requests from trusted people only and be careful when interacting with others as well. When installing third-party applications, confirm if these are safe as these may be malware. Lastly, avoid clicking on questionable links that may lead to suspicious websites.
Before proceeding to online transactions, check if the operating system of and other installed applications in the device are updated. Ensure that the wireless network being used is secured too. Run security scans regularly to verify that the system has no viruses or other malware. Ensure that accounts used in online transactions have been logged off completely once done to minimize the risk of being compromised by potential threats.
Furthermore, check the legitimacy of the online platform for such transactions. Established names are safer since these invest in online transaction security. To know if it is a legitimate and safe site, digital certificates for cybersecurity, positive feedback from customers, and a privacy statement that follows the data privacy policy should be available.
“Good thing nowadays is that the information is freely available on the internet; just Google or search [for] such info,” Engr. Blancaflor added.
By being familiar with the common types of cyberthreats, online users can avoid being victims of these illegal cyber activities. Without a doubt, strengthening these defenses on protecting online accounts is an effective way to get ahead of these cyberattacks and cybercrimes as these are recommended by cybersecurity experts.
References: