By Ellen Morgan
Published: Wednesday, March 31, 2021
Our computers remember our passwords for us, and we can pay for our groceries with our telephones – it’s a weird and wonderful digital world we live in. But how do we stay safe in our increasingly online lives?
When it works, the wonders of technology can be astounding, but as it’s improved, scammers have also found new ways to perpetrate cybercrime and perform attacks on unsuspecting victims.
The aim of these online scammers? To steal your personal information and translate it into cash.
While most of us think about our bank details as the most commonly targeted data, hackers are often also seeking health records, legal documentation, personal contacts or even recent photos on our devices that could lead to our current whereabouts.
One individual’s information can sell for around $2000.
It can be daunting considering all the information we store online, but RAA Manager of Cyber Security Drew Ames shares some tips and tricks you can use to safeguard yourself against cybercrime.
“Following some simple guidelines and staying vigilant whenever you use online services will greatly reduce the risk of your personal information being hijacked by attackers,” he says.
Common security threats and how to recognise them
One of the most common cyber security attack methods is phishing. Generally, phishing takes the form of emails, but similar attacks can also arrive via SMS messages or through social media.
Typically, the scammer sends a number of fake emails (or messages) out to a range of recipients. Essentially, they’re casting a cyber net out, hoping at least one recipient bites the bait. This could mean replying, clicking a link or opening an attachment.
Any of these activities could allow a scammer to gain access to your computer (and your personal or business files), online accounts such as your email or bank accounts, other personal information, or even trick you into scamming your own contacts.
Here are some tell-tale signs of a phishing email:
- The email is unexpected. For instance, it may be unrelated to other conversations or regular emails you receive.
- The sender is someone you don’t know. Always check the address in full by hovering your mouse over the sender’s name.
- The content of the email is impersonal. The sender may not greet you by name or send content that fits your interests.
- Sentence structure and grammar is poor. It’s likely the sender will have put in little effort and hurriedly worded the message.
- The source of the links in the email look suspicious. It’s important you check the source of any links within an email before you decide whether to click or not. Hovering your mouse over the linked text will usually allow you to see the full link (either on the bottom left of the screen or as a pop-up above the link) before you click on it. If it doesn’t look like a company or website you recognise, it’s best not to click the link.
- If an attachment is not a file type you’re expecting (for example if the sender normally sends you a PDF file and this time, they send a ZIP file), think twice before clicking on it. Play it safe by saving attachments to your local drive and scanning them for viruses before opening. It’s important to be vigilant before opening any attachments as they can be used by scammers to install malware and viruses onto your computer to gain access to your files and personal information.
As with many things in life, if it seems too good to be true, it probably is.
What should I do?
If you notice any of the above red flags, we recommend you avoid replying, clicking links, or opening attachments.
The best course of action is to report your email as phishing or spam. You can usually do this via a drop-down box in your browser or email application. Then, ensure it’s deleted from your account. Do not reply to the email. This will be giving the scammer a nibble on their hook.
Fake or malicious websites or ads
There are many websites that aren’t reputable. It’s important to keep this in mind whenever a website asks you to enter personal information.
Likewise, some advertisements or headlines you see on websites, including social media, can be fake and potentially damaging if you click on them. These are often called click-bait – the fishing analogy continues. Following these links may lead to the same outcomes as a phishing email.
What should I do?
If a web page is prompting you to enter your personal details, make sure the URL (that’s the address of a web page) begins with https rather than http. Why? Communications to sites using Https URLs are encrypted and minimise the possibility of your information being intercepted. Look for a padlock icon alongside the URL to confirm the identity of the site has been verified.
Don’t click on any ads that don’t seem like they come from a familiar brand.
Only click on ads by advertisers you have directly sought after previously, otherwise it could cost you more than you planned,” says RAA Manager of Cyber Security Drew Ames.
Online shopping fraud
Many of us shop online for anything from our weekly groceries to that leather backpack we absolutely completely need.
Online shopping fraudsters often use Facebook Marketplace, Gumtree, and eBay to carry out their dirty work. Cyber criminals may target online shoppers by posting fake items for sale or by creating fake bank accounts that lead the attacker to your personal information.
What should I do?
Read product descriptions very carefully, as pictures can be misleading. There are stories of people who’ve paid hundreds of dollars for a new outdoor setting, only to discover it’s doll-house sized.
While often very cleverly disguised, the most tell-tale sign of an attacker in this environment is a lack of information or personal contact details.
The best course of action is to keep your personal information and bank details safe and secure until you have made personal contact with the seller. For instance, speak with them on the phone if possible.
Many websites now have reviews and star-rating systems for sellers, too. Check these before you buy, to see if the seller has a track record of doing the right thing.
Remember, if a deal seems too cheap, there’s a good chance it might be a scam.
Remote access through public WiFi
Connecting to a free public WiFi service can expose your device to attacks, as these networks are generally not secure.
Attackers may be able to intercept the connection and attack your computer through the network. Likewise, other users on the same public WiFi system may be able to access your computer.
What should I do?
We recommend using your own private internet connection or your phone’s mobile hotspot. These are generally secure, password-protected networks.
If you need to use a public network, ensure that you use encryption for your website and email connections to minimise the risk of your information being intercepted.
How to improve your online security
First and foremost, awareness and education are your best defences against attackers. The above tips and tricks can be an exceptional first step in improving your online security but they are not a guarantee of absolute security.
Sadly, not everyone is a nice person, and while cyber attackers might not necessarily be targeting you specifically, you may simply be a vulnerable target, like a mouse running through a field at the time an owl flies by,” Mr Ames says.
It’s important to make sure every individual or organisation you communicate with is reputable and valid. Ask yourself– are they traceable as a real company or a real person?
Choosing strong passwords for your online accounts and ensuring they’re different for each service you use is a good way to limit the information an attacker can get.
You can also invest in anti-virus software to protect yourself from known viruses or other digital nasties that come your way.
What to do if you think you’ve been hacked or scammed
If the attack is via email or some form of communication channel, ensure you have reported the message as phishing or spam, and blocked the sender (if possible). This will lessen the risk of future or continued communications.
If you think you might’ve been hacked, it’s best to report it to the Australian Government’s cyber security division.