In 2016, several major breaches occurred including the news that Yahoo lost almost a billion account records to hackers. Even security experts can fall victim to phishing emails and embedded document malware. As a consumer, your data is valuable to a hacker, so it’s important to know the signs and take precautions to ensure that your data is secure. Here are some tips and information on Internet safety to help you avoid attackers.
Identity theft is the main reason you should always be cautious with any email or download. An attacker can use your data in so many ways, including ones that you probably don’t even suspect.
The obvious reason for an attack is to steal your information to open credit cards and bank accounts in your name. The attacker can also file tax returns in your name for your refund. Your data is money for the attacker, so you should always be cautious who you give your information to.
There are several ways an attacker can get your information. The first way is through phishing emails. Many providers have checks and balances on their email servers to block phishing emails, but a few get through every year. All it takes is one successful phishing attempt for an attacker to get your data. He can then use the data for his own financial gain, or he can sell it to someone else who will use the data. He can even do both.
Another way an attacker can get your data is using malicious downloads. They are usually attachments in a phishing email, but malware can also be attached to document downloads you find on random websites. Macros are making a comeback for attackers who use them to install malware on your machine. You should never run macros on a document from an email attachment. Macros can install backdoors, Trojans, and even ransomware. All of these malicious applications can give the attacker access to your computer and personal documents.
The final way an attacker can get your information is to successfully attack a business that has your information. Online businesses have several regulations they must follow to protect your data, but a small website owner might not necessarily follow these rules. Always be careful about where you enter your data. It’s best to keep sensitive data with larger enterprise sites where they follow security rules, but it does not guarantee your data’s safety.
What Can You Do to Protect Your Data?
Because identity theft is so important to avoid, what can a consumer do to protect data? You can’t protect your data from hackers if they attack an external site, but you can take precautions from your end to limit your data’s exposure and reduce the chance that you could be a victim of identity theft.
Attackers generally go for your email address, but how do they know your information? Social engineering is also big in the identity theft world. Attackers will research your social media accounts. They will even friend your friends on Facebook, and then attempt to friend you. Since many people accept friends when they have mutual friendships with others, you now have the attacker on your social media account. With some research and observation of your account, they can get much of the information needed to then attempt a phishing attack.
Always make your social media accounts private. Don’t accept friend requests from people you don’t know even if they have mutual friends with you on social media. Even if you believe you know everyone on your friend list, don’t ever release sensitive data through social media.
After the attacker gets some information about you, he attempts a phishing attack. Many of these attacks are blocked by email providers, but it depends on your provider and spam filters they have in place. Even the best ones still allow a phishing email to pass through occasionally, so you must know the signs before you fall for them.
Phishing emails look like an official correspondence. They sometimes use the same logo and layout from an official bank or financial institution. Usually, there is a link to a website that looks like the official site. For instance, many attackers use PayPal to phish information from victims. The email tells you that you need to change your password, and a link within the email takes you to a phishing site that captures your username and password. The attacker can then steal money from your PayPal account.
First, you should know that financial institutions would never ask you for your password. If they ask you to reset a password, it’s because they have been compromised. The best way to handle an email that asks you to reset your password is to type the domain into your browser directly and never go to a site from an email link. This will take you directly to the site, and you will be able to log in and change your password. Many sites such as PayPal will let you forward suspicious emails and help guide you as to whether the email is phishing or not.
The final way to protect yourself is to disable all macros on documents. If you open a document and a warning pops up telling you that there is a macro, always decline. Never run macros from attachments. Even macros on attachments from trusted sources should be declined.
Always be aware that phishing emails and identity theft are a part of working on the Internet. You should always be careful with opening attachments and clicking links in email. If you are unsure of an email, contact the business’ customer service and ask if it’s legitimate communication.