When it comes to online security, things can feel like a bit of a minefield. Developments in technology have seen the wider population’s preferences move from bulky desktop computers and landline telephones to tablets, smartphones and netbooks in the space of a couple of decades – bringing an incredible level of convenience, and access to on-the-go information and communication. But as our tech habits have changed, the security risks that come with them have increased.
Gone are the days when the biggest threat to your devices was having them physically stolen – now there are a broad range of possible security issues to be aware of, ranging from every day to the more unusual. Some, like a scam email asking for bank details, are fairly easy to spot. Others, like SSL stripping or a Man-In-The-Middle attack, can go completely unnoticed until it’s too late.
The best way to keep your data and devices safe online is to first become aware of possible threats to your privacy and security. Then, you can take simple steps to protect yourself against them. Here are a few key things to watch out for.
Phishing Scams
Probably the best-known online security threat is phishing. That is, attempts to trick people into sending money or personal data, or into downloading malware, over email or via a fake website. Phishing emails used to be consistently obvious – a stranger getting in touch to say you’d won a vast sum of money and just needed to give them your bank details, or that someone you’d never met had died and wanted to give you millions of dollars.
Nowadays, phishing scams are little more intelligent. Emails that look near-identical to those you might receive from your bank, PayPal, or a parcel delivery service, file into your inbox. They seek to persuade you that you just need to re-enter a few personal details in order to unlock your account or receive a delivery that’s being held. These kinds of scams don’t need a flaw in your software to work – they just need a little human fallibility.
Some things to look for that can give away an emails phishy undertones are unusual or misspelt return addresses, a lack of personal greeting and links to irrelevant URLs or unexplained attachments. But even when paying close attention, these attempts at attack can be hard to spot.
A useful tool in your armoury against data theft and one that should be considered compulsory is an antivirus. Antivirus software can scan your incoming emails for suspicious content, and flag or quarantine anything that may be a risk.
SSL Stripping
Less well-known than phishing, but a growing issue and certainly one to be aware of, is SSL stripping. SSL stripping is a process which downgrades your connection from Https to Http – essentially, from a secure connection to an open one. Online banking systems and e-commerce stores will often reassure you of their Https status with a green padlock symbol in the URL bar, but this doesn’t always guarantee you the security it should.
In an SSL strip, attackers redirect your web traffic via a proxy server. To put it simply, this means that rather than connecting to your bank’s servers and processing details through a secure connection, you’re re-routed to an alternate, unsecured server instead. To any user, it’s usually impossible to tell the difference – because the page you’re viewing still looks the same. But to prying eyes, this unseen removal of the Secure Socket Layer that protects your information is all it takes to expose the lot.
To ensure your privacy online and maintain a layer of secure encryption no matter what site you’re on, consider using a Virtual Private Network or VPN. VPNs offer end-to-end encryption of your internet activity, so if a website you’re visiting has been downgraded to Http, data you send is still impossible to read.
Ransomware
Considered by some to be today’s number 1 security threat, ransomware is a type of malicious software specifically designed to lock you out of your device or files within it, demanding a cash fee in exchange for returning your access.
Ransomware encrypts your system files, and in many cases even if you pay the monetary demand, when you manage to access your files again you’ll be unable to decrypt them – and therefore unable to read or use them. There are various different types of ransomware that can occur, from Scareware – which claims to have found issues on your device and asks for money to fix them – to Lockers, which completely lock you out of your device.
Though this type of attack is associated with larger organisations, such as the WannaCry attack on Great Britain’s NHS service, ransomware attacks on individuals are common. Thankfully, it usually isn’t difficult to remove this kind of software from your device. Provided you have an antivirus program in place, you should be able to enter Safe Mode and use that antivirus to delete the offending ransomware. The problem is, if your files have already been damaged, you may not be able to recover them.
A truly effective internet security setup should include antivirus that has Ransomware Protection, so that suspicious apps aren’t able to encrypt your files in the first place.
Other Man-In-The-Middle Attacks
A Man-In-The-Middle attack is the name for any cyber attack where a third party gets between you and whatever you’re doing online. It could be that they’re intercepting emails, sitting in on your online banking or spying on the box where you type in your payment details to buy something from your favourite store. As well as being able to see the data you’re sending and receiving, a MITM can actually edit that data as well. SSL stripping is a form of this technique, but it is just one of the dozens of possible tactics.
One of the most famous examples of a Man-In-The-Middle account is that of a couple who had emailed their bank details to a lawyer, to have almost $500,000 deposited in their account. Cyber attackers hijacked the email thread, and unbeknownst to the couple in question, re-emailed their lawyer again from the same email address – this time asking for the funds to be sent elsewhere.
MITM attacks rely on interception and decryption, and the best way to protect yourself against them is to use a VPN. If your Wi-Fi connection or email server is unsecured, a VPN will keep your activity secure regardless. If someone manages to access files you’re sending and receiving, they’ll be so heavily encrypted they become undecipherable nonsense.
Lists of cybersecurity threats can seem dramatic, with measures to take ranging between the sensible and the paranoid. As with many things, it’s better to play it safe than sorry, but that doesn’t have to be hard work. With a decent antivirus setup, a VPN and some common sense, you can avoid becoming a target.
About author
Tabby Farrar is a professional researcher and copywriter who works with a number of well-known cybersecurity organisations. Outside of spreading the news about staying safe online, Tabby also runs her own travel and lifestyle website.
2 comments
MIMT and phishing scams are so frequent these days I decided to look for a VPN myself and bought Surfshark this Monday. I don’t connect to public wireless that often, but when looking for VPN deals I found “BLACKSHARK” coupon that gave the software 83% discount. There’s 30 days money back guarantee so I thought why the hell not, but after using their app I found it very easy to use and it grants instant protection, will keep it on my Android.
The latest update of chrome now has a grey padlock, not green. The message chrome seems to be giving is secure connections should be the norm, hence the grey. Unsecure connections may show a red/grey unlocked padlock or a grey ‘i’ icon depending on your chrome version