You hopefully had a delightfully frightening Halloween recently, but all ghosts and spooks aside, one of the scariest things in real life is having your accounts hacked or your identity stolen online. Cybercriminals pose a major threat in this modern era. Virtually anyone who regularly accesses the Internet for work or school or owns or uses an electronic device is at risk of being exposed to malware (malicious software). The vast majority, if not all, college students today meet this criteria and are susceptible to cyber-attack. This article explains the common tactics of cybercriminals and how you can protect yourself online.
Just Who Are These Cybercriminals, Anyway? What Do They Want?
Hollywood loves to portray hackers as solitary, lone wolf computer geniuses, who rise up as either unstoppable super-villains or punky cyber-vigilantes on the fringes of society fighting the system. Unsurprisingly, these stereotypes are largely bogus—the majority of hackers are neither solitary nor geniuses and have nefarious intentions.
The unfortunate truth is that most cybercrime today is organized crime. Cybercriminals that engage in fraud, theft, extortion, and other illegal activities through the Web may be part of a larger networks, and cybercrime may generate revenue or provide money laundering services for organizations that also deal in drug trafficking, human trafficking, or terrorism.
Moreover, you no longer need to be a programming expert to be a hacker. In fact, you barely need to even understand the basics! High-level hackers produce and sell prefabricated ‘toolkits’ on the Dark Web. Those who purchase them can then easily deploy malware and attack unsuspecting victims. These low-level hackers may know just enough to modify the purchased code to better suit their purposes, or they may simply use them as is. These ‘toolkits’ are often meant for complete novices, who make up a large portion of cybercriminals. Moreover, various social engineering scams, such as phishing, remain prevalent.
Cybercriminals may sell your passwords and personal data, install dangerous malware such as worms, viruses, trojans, and ransomware on your computer, or extort money from you by threatening to expose your private, sensitive information.
Cybercrime costs the US billions of dollars annually. Here’s a few basic tips you can use to stay safe online; however, as cybercrime continues to rise each year, everyone should endeavor to become aware of these threats and take their cybersecurity into their own hands.
Basic Cybersecurity Tips for Students:
- Do Not Use The Same Password For Multiple Accounts-This is one many of us are guilty of, but credential stuffing is an extremely common tactic used by password hackers. If a hacker manages to get the login for your account on one site, they will input it to other random sites just to see if they can access your account there as well. It is especially important to use unique passwords for your bank account login, and other high-priority sites where hackers can directly access your assets.
- Avoid Easily Guessable Passwords-Obviously, do not use password123 or similar. You’ve likely considered using a password that is easy for you to remember and seems unique, such as your pet’s name, your elementary school, your significant other’s birthday, etc. However, this is a common practice and hackers can likely glean much of this information from stalking your social media accounts. They will try various combinations of the names of pets, people you know, and places you’ve lived or worked, along with numbers that might be significant to you, until they have cracked your account. Make sure the password you choose originates from something you haven’t posted about and can’t be easily guessed from your social media.
- Do Not Leave Written Passwords Near Your Desk Or Work Area-If you’ve come up with strong passwords for multiple sites, you’ll likely want to write them down to remember them. However, you’ll want to avoid leaving them taped to your desk, in the top drawer, or anywhere near your typical workstation at home, school, or work. While it’s less likely at home unless you’ve had a break-in, at school or work, someone may snoop around your area when you step away and find your sticky note of passwords in your desk. This may sound bizarre, but this is a common tactic, especially in public or semi-public areas, like busy campuses or workplaces where visitors are common. Use a password manager app to remember them for you.
You also should never leave a computer you are logged into unattended. Potential hackers may simply use the computer under your user login and cause all sorts of problems, including stealing or resetting passwords of sites you are logged into. Of course, they may also just steal your laptop while you’re gone, too!
- Use Only Safe Websites-Only use websites that include ‘https://’ in the URL and show a padlock icon. This means there is a basic level of built-in encryption that will help protect you. If your school’s IT administration or the security software on your personal computer blocks a particular website, you probably shouldn’t go there. Illicit websites can use ‘drive-by downloads’ to automatically download malware to your computer where it can wreak havoc without you even knowing.
- Identify and Avoid Fraudulent Scam Websites-If your computer does not automatically block a website, you should still trust your gut if it seems sketchy and check for these common signs of a fraudulent website:
- The URL sneakily mimics a popular website, such as rnicrosoft.com instead of microsoft.com—look closely, the first one starts with an ‘r’.
- If the website looks poorly or hastily put together and has numerous spelling and grammar mistakes throughout, and/or a faulty user interface.
- Check the site’s return policy and privacy policy. These should be thorough, clear, and professional. If they are poorly written, thrown together, or simply don’t exist, the website is probably a scam.
- Double-check on that padlock icon next to the URL. Click on it, then click on ‘Connection is secure’ and make sure it says, ‘Certificate is valid’. You can then click on that phrase to check the certificate. While not a foolproof guarantee the website is legitimate, the certificate should at least exist.
- Use a VPN-Public Wi-Fi networks are often not secure. Using a VPN can help protect your privacy by offering additional layers of encryption. This reduces the likelihood that hackers will intercept your data over a wireless network.
- Beware of Phishing Scams-These may include emails, texts, private messages or urges you to either pay money or input your login credentials.
- One key aspect of phishing scams is that they urge you to act immediately before your account is terminated or before you miss out on this free incredible giveaway or great discount.
- Keep in mind that while a legitimate company may email or text you a notification, that message should not contain a link to ‘update your payment information’; you should have to go through their usual website for that.
- Always look at the sender’s email address. The email may claim to be from Amazon, but the address may be from [email protected] or [email protected], or may even be just a string of random characters, because it’s a throwaway email for phishing.
- Never click on links provider by potential phishing scams. Even if you get suspicious and don’t give them your information, just clicking may install highly hazardous malware on your computer.
- Be wary of unexpected emails from IT services claiming that your password needs to be reset. When in doubt, contact your IT department directly to confirm the request, and if it’s false, inform them of the scam. Always report the phishing attempt to a relevant authority at your organization.
- Beware of Malvertising and Scam Ads-Many ads can contain malware or redirect you to fraudulent websites. Similar to phishing, these ads may seem especially enticing or use tactics to create a sense of urgency. Do not trust pop-ups that claim you have won a free gift from websites that you do not have an account setup. Malvertising can appear on legitimate websites. Unfortunately, sometimes you don’t even have to click on the ad to be infected. Therefore, you should also perform research to find and install a good anti-virus for your computer.
- Be Mindful of What You Post Online-This doesn’t only mean not to post your bank information or credit card number online—that should be obvious. It might seem cliché, but you really should avoid posting anything online that you wouldn’t want your grandmother or a potential employer to see. Even if you delete a post, it could still have been saved, screenshotted, or stored somewhere. Be wary of anonymous social websites as well; even if your screen-name doesn’t reveal anything about you, if the site gets hacked, your identity on the platform could be leaked.
- Be Proactive in Reporting Threats-Additionally, always try to report any suspicious activity, inappropriate content, misinformation, cyberbullying, or targeted harassment you witness online. This can go a long way toward making the Internet an overall safer place for all users, especially marginalized groups.
Conclusion
The Internet and social media can have many benefits. We can access education and entertainment, learn new skills, be part of a community or fandom, communicate with friends and family we don’t see as often, participate in charity or activism, and get two-day shipping on purchased items. However, the Internet has become so ubiquitous in our daily lives that we rarely stop to consider the risks. Cybercrime is and will continue to be a major global threat, as computers become more even ingrained in society. Always be cautious and vigilant online.
Links:
- If you believe you may be a victim of identity theft, go to https://www.identitytheft.gov/#/Info-Lost-or-Stolen.
- Report phishing scams: visit https://reportfraud.ftc.gov/#/ or forward the email to [email protected].
- Report cybercrime to the FBI: https://www.ic3.gov//.
- Report suspicious activity on campus sites by contacting the IT department: [email protected] or (304) 367-4810.