Jun 25, 2019 By Team YoungWonks *
How do you protect your computer from malware and not fall prey to online frauds? Given that we live in an age where the Internet has become all-pervasive, this is a rather important question. This blog then takes a hard look at how we can protect ourselves and our devices from virtual threats.
We can begin by understanding the concepts of computer malware and Internet fraud and how they can affect us today…
What is Malware?
Malware is short for malicious software. As the term suggests, this is software that has been created to gain access to or damage a computer. There are several types of malware, including spyware, ransomware, viruses, worms, Trojan horses, adware, or any type of malicious code that infiltrates a computer. Usually, software is called malware as per the intent of the creator rather than the actual features. At first, malware was created for experiments and pranks, but eventually it came to be used for vandalism and destruction of targeted devices. Malware is mainly created today with the goal of profiting from stealing sensitive information (spyware), spreading email spam or child pornography (zombie computers), forced advertising (adware), or extorting money (ransomware). Many factors make computers more vulnerable to malware attacks; this includes defects in the design of the operating system (OS), all computers in a network running the same OS, giving users too many permissions, etc.
What is Internet Fraud?
Internet fraud, also called online scams, refer to different types of fraud carried out by cybercriminals on the Internet. The purpose of these scams can be credit card theft, acquiring user login and password credentials and also identity theft. These scams can take place in several ways as explained below.
Most Common Types of Online Scams
• Phishing: This is when Internet thieves attack users by sending out phishing emails. In these emails, a cybercriminal attempts to trick the user into believing that he/ she is logging into a trusted website - it could be a bank, a social media account, an online shopping website, shipping companies, cloud storage companies and more. Another popular phishing scam is the Nigerian Prince, or 419 scam. These are phishing emails where you’re offered a large sum of money. This sum is just the bait; the trick is that the scammer first asks the user to send across a small fee citing it as a wire transfer fee or processing fee.
• Fake AV: Next is fake security software, also known as scareware. These start with a pop up warning saying that you have a virus. Then the popup gets the user to believe that if he/ she clicks on the said link, the virus will be rid of. Ironically, cybercriminals use the promise of free anti-virus and instead leave malware on the user’s device.
• Social Media Scams: Social media scams refer to an array of posts seen in news feeds, all of which aim to get the user to click on a link that could potentially host malware.
• Mobile Scams: Mobile scams can come in many forms and phishing apps are the most common variety. These apps look like the real thing, just like phishing emails. The premise is much the same, except in place of emails, the malware is being shared through a fake app.
• Social Engineering Scams: Social engineering is when cybercriminals use human-to-human interaction to get the user to share sensitive information. Since social engineering exploits human nature and emotions, there are many ways that attackers can employ so as try to trick the user both online and offline.
How to Avoid Malware Attacks and Internet Fraud
The best protection from malware is to take adequate precaution. Advice. A few general pointers would include being careful about the email attachments one opens, being cautious and not clicking on suspicious URLs and installing and maintaining an updated, quality antivirus program.
Below are a few steps that spell out in detail how one can protect one’s device from malware attacks and online scams:
1. Use strong passwords that have a good mix of alphabets and numbers, or use a phrase. Don’t repeat your passwords on different sites, and change your passwords regularly. Go for complex passwords; this means using a combination of at least 10 letters, numbers, and symbols. A password management application can help you to keep your passwords locked down. Remember that words found in the dictionary, proper names (especially spouses and children), and dates do not make good passwords. Also avoid using commonly attempted passwords such as a birthday, phone number zip code or street address.
2. As far as possible, sign in using Two Factor Authentication, also known as 2FA. Online sign-ins that need just a simple username and password are typically more vulnerable to criminals (either in organised gangs or working alone) aiming to gain access to a user's private data such as personal and financial details. One way to avoid this is to sign in using Two Factor Authentication, also known as 2FA. It is an extra layer of security that requires not only a password and username but also something that only a particular user has on him/ her. This makes it more difficult for potential intruders to gain access and steal that person's personal data or identity. As a result, two-factor authentication has become far more prevalent now.
3. Install antivirus software. You can do this by using a full-service internet security suite provided by leading antivirus software companies. This will help you avail of real-time protection against existing and emerging malware including ransomware and viruses, as the anti-virus software will help protect your online private and financial information. But make sure you keep the software updated. Run scans regularly, and let it scan your incoming and outgoing messages. This will ensure that cybercriminals are not able to use known exploits, or flaws, in your software to gain access to your system.
4. Use a bidirectional firewall, which will keep away unwanted inbound and outbound traffic. Whatever be your operating system, it’s best to turn on its native firewall application.
5. Allow auto updates. The makers of popular operating systems are constantly resolving security issues, as they are found. So it’s best to leave the auto update option on so you have the latest update on your computer/ laptop.
6. Change default passwords. Your router comes with a default username and password, which is publicly available and widely know. There are many common exploits for these default passwords so it’s imperative that you change the password. If you don't, someone could reconfigure your router, redirect all your traffic to their servers and possibly steal the information you pass from your computer to the Internet. Consult your router's user guide for information on how to change your password.
7. Be careful before opening an attachment, as it may contain malware or a virus. If you weren't expecting to receive an email with an attachment, then there’s a good chance that it contains a virus. Also make it a point to check the exact address of the sender and not just the subject line, especially if it looks suspicious to you.
8. Don’t click on random links in emails, unless you are sure that it is safe to do so. This includes links to online greeting cards. Email links are a common way for phishers to trick you into sharing your personal information.
9. Don’t trust pop-up security alerts while you are browsing the Internet. They are most probably links to viruses.
10. Do not enter personal information on unsecure sites. Look in the address bar for “https”. The “s” means it’s secure. However, bear in mind that a secure site doesn’t necessarily make it trustworthy.
11. Use phishing/ security filters wherever possible. In Firefox, click on the Security tab, under Options, and check the box next to “Tell me if the site I’m visiting is a suspected forgery” as well as the box next to “Check by asking Google.” You can turn on the phishing filter in Internet Explorer 7 via the Tools menu. Google Chrome comes with the default option set to “Enable phishing and malware protection” but you can make sure it is enabled by checking under “Options->Under the Hood->Privacy.
12. Always try to use a router for your WiFi, wherever possible. A router or wireless gateway will keep hackers from directly attacking your computer through the Internet. Many routers have additional security features keeping hackers at bay. Even if you only have one computer connected to the network, please purchase and install a router or wireless gateway.
Even when you are outside, say at a mall, shop, restaurant/ cafe or the gym, you should be more discerning about using their hotspot as it could be misused by someone to get access to your phone/ computer.
13. Secure your wireless router by using Wi-Fi Protected Access (WPA) or Wi-Fi Protected Setup (WPS), as it will help you strengthen your home network, control access to your router and thus your Internet connection or potentially your computer. Again, go for a strong encryption password and a virtual private network. A VPN — short for virtual private network — will encrypt all traffic leaving your devices until it arrives at its destination, so it’s a good idea to use a VPN when you are at a public place, say a library, café, hotel, or airport.
14. Manage your social media settings. Keep your personal and private information locked down, else cybercriminals would be able to access your personal information with just a few data points.
15. Keep up to date on major security breaches. If you are conducting business with a merchant or have an account on a website that’s been affected by a security breach, find out what information the hackers accessed and change your password right away.
16. Take measures to help protect yourself against identity theft. Identity theft is when someone uses deception and accesses your personal data for economic gain. A user may be conned into giving personal information over the Internet; for example, a thief could gain access to your mail to obtain your account information. This is why it’s important to guard your personal data. Bear in mind that identity thieves can target children too because their Social Security number and credit histories often represent a clean slate. You can help guard against identity theft by being careful when sharing a child’s personal information.
What to Do If You Become A Victim of Internet Fraud?
If you’ve fallen prey to an Internet fraud, make sure you need to alert the local police. This is important even if the crime seems minor. Your report may help authorities in their investigations or may help to stop criminals from taking advantage of other people in the future. If you think cybercriminals have stolen your identity, you can contact the companies and banks where the identity theft has taken place. Activate fraud alerts and get your credit reports. Report identity theft to the relevant authority looking into it; it would be the Federal Trade Commission in the US.
*Contributors: Written by Vidya Prabhu; Lead image by: Leonel Cruz