I may have had a near panic attack last week when I thought someone had successfully hacked into my email. Especially as I consider myself pretty aware of most forms of cyber attack. As mentioned in my July recap, I was even going to do a post on Cyber Security. I get a lot of scam emails. And no, not just those ones from people who wish to give me a million dollars. But more phishing emails which seem very credible and appear to come from trusted persons/ organisations.
I'd just left the pub where my colleagues and I met up for drinks (and in usual fashion had a glass of white wine) when I got an email from 'Microsoft' notifying me that an attempt had been made to access my email from another device. they advised I log into my email to see details. No guys, this wasn't even the wine acting, but I actually clicked on the link and put in my email address, before a light bulb went off in my head. Thankfully I hadn't put in my password. But I was still so freaked out. I rang the husband immediately and asked him to sign into my account and change my password (See why you should be okay with sharing passwords?). I don't think any damage was done because I didn't actually enter my password. But day my day accounts get hacked. Not just emails, but bank details. And such attacks won't stop anytime soon, because it appears that single bank account number could be sold on for up to $400 on the US black market. And every second, 350 billion sophisticated attempts are made to hack online information. Yep, you read right. 350 billion per second.
We need to be extra careful. Let's briefly talk about the different kinds of social engineering cyber attacks and then the top tips you need to know.
Phishing: This pretty much what happened to me. It's a type of social engineering cyber attack that relies on email messaging. It appears to be from a legitimate sender and requests you to take certain action and usually includes hyperlinks. Unfortunately once you do so, hackers obtain sensitive information for malicious purpose.
Spear Phishing: This is slightly different from phishing as it appears to be from a familiar sender and contains specific content which seems reasonable. An example will be if my friend's email gets hacked and the hacker sends email saying 'Hi Kachi, I tried out this amazing drink. It's awesome. Click here to check it out'. Think it's from my friend I may be tempted to check it out.
Smishing: This is used to describe text based or SMS based phishing scams. Often, the text message promises prizes by calling a number or clicking a link. These could however download malicious data into your device.
To avoid being a victim of these scams, here are some top tips:
1. Use a smart password: Reports suggest that it could take a sophisticated hacker less than 6 hours to hack a six letter password. Believe it or not, the most common password is still "password". A smart password attempts to strike a balance between being easy to remember and hard to guess. Names of the children, spouses and birthdays are often commonly used and should be avoided. Generally a pass phrase is a preferred option. It has personal meaning and could be from the lyrics of a song or a movie. Use of special characters is often advised. A pass phrase like "dontworrybehappy" could be written as 'd0ntw0rrYb3h@ppY'. The ys are capitalised, a becomes @, e becomes 3 and the O becomes zero. Of course, be generally careful when using devices, to limit who can see your passwords!
2. Always check the sender of the email. Even if it appears to come from a legitimate sender like Microsoft, Dropbox or your financial Institution. Clicking on the senders name will reveal the true email of the sender. In addition, read the message carefully, as grammar mistakes and typos often appear in such scam emails.
3. If the email asks you to click a link, hover across the link first to see the address and check if it looks legitimate. I'll admit that sometimes these hackers get a bit tricky, and I've seen fraudulent mails appear a bit convincing like 'firstname.lastname@example.org'.
4. If you're asked to click a website, avoid clicking it directly via your device. Instead, use a search engine or your browser to find the website. Also avoid replying directly to such emails, but open a new email and type a reply, if you must.
5. If possible, scan all attachments for viruses before opening.
6. Avoid as much as possible using unsecured connections / hot spots. These are connections which don't request a password and are found in a lot of restaurants and airports. If you must use these, please avoid conducting any sensitive transactions on such connections.
7. When travelling, it's advisable to put your electronic devices in your carry on hand luggage and not in your checked baggage.
That's all folks. Stay safe online and I hope this is helpful. Please don't forget to share!
Do you get such phishing / smishing messages. Had any bad experience or any tips to add. Are you one of those whose password is 'password'? Share with us!
pS: Just before I posted this, someone on Twitter posted a phishing email he just received supposedly from his bank, asking him to click a link. Thankfully he checked the sender. Are you on Twitter? It's becoming my fave social media account. Lets connect on there? Please comment leaving your handle or add me up: @KacheeTee
ppS: Can I ask a tiny favour peeps? If you like this blog even just a teeny weeny bit, could you please like my Facebook page HERE? Thank you!