Protect yourselves
Online scams and hackers
IN the year 300 BC, a Greek merchant named Hegestratos took out a large insurance policy known as Bottomry, agreeing to pay it back once he sold his merchandise.
However, Hegestratos had no intention of repaying the loan and instead planned to sink his empty boat, keep the loan, and sell his merchandise for maximum profit.
Since the beginning of time, human beings have been willing to try their luck whenever a system is open for exploitation.
Online scams and hackers are currently serving as huge buzzwords in Fiji, with far too many people falling victim and losing their life savings to unscrupulous online swindlers.
While the eBay Shop scam was the biggest online scam in Fiji’s history, it most certainly wasn’t the first, nor will it be the last scam of such magnitude.
I am hearing about new and ongoing scams daily, centred around social media and payment systems like MPAiSA.
The first and foremost thing to understand is that a vast majority of online scams and hacks are propagated through social engineering, rather than your account being “hacked”.
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.
These “human hacking” scams tend to lure unsuspecting users into exposing their data, spreading malware infections, giving access to restricted systems, or giving away their hard-earned money to scams that disappear with the goodies.
The eBay Shop scam was a classic example of social engineering.
The perpetrators posed as a seemingly legitimate business with the promise of income for those who “worked” for them.
As soon as the scam began to get exposed on social media and by authorities, the creators of the scam dipped, with a lot of money.
Three hundred and eight (308) complaints worth $709,000 were received by Fijian authorities with regards to the EbayShop scam where on average each complainant had lost between $2000 to $2800.
Catching the criminals behind this is nearly impossible because of jurisdictional challenges in bringing them to justice and, of course, the use of technology by those behind it to hide their IP.
They always use fake identities and essentially are ghosts.
Recently, I have been receiving calls on WhatsApp from foreign numbers claiming to be the CEO of Vodafone International and that I have won $10,000.
Of course, to receive this money, I must deposit some money into their accounts so they can send it over.
This is a very common scam, derived from the famous Nigerian Prince scam, a phishing attack in which swindlers reach out to potential victims and promise a large sum of money in return for some help.
Victims are usually asked to make an advance payment or share their details to get their reward.
The scammers then disappear and will NOT send you any money.
This is generally how most scams and “hacking” work. Playing the man rather than getting into highly secure systems.
So when Vodafone says MPAiSA is secure, they’re not lying (no system is truly 100 per cent secure).
The real danger is people being tricked into giving their money or information away, rather than the system being hacked.
However, it must be said that the eBay shop scam gained a lot of traction and media attention far before the perpetrators pulled out.
In another jurisdiction, perhaps an inquiry would be held where Vodafone would be asked to explain why they didn’t step in once the scam became obvious to shut it down, similar to the senate hearings that tech giants like Facebook and Twitter are subject to in the US.
We must all live with online threats, considering how much of our population is online and our dependency on technology.
Attacks will only get more sophisticated in the coming years and we must be smart and protect ourselves.
Here are some very basic tips to protect yourself from online criminals.
Number one, and I can’t emphasise this enough, is to use two-factor authentication everywhere that you can. Most apps and websites that offer account access also provide the option for two-factor authentication.
This additional layer of security typically involves receiving a unique code on your cell phone whenever someone attempts to log in to your account.
Number two, do not use the same password everywhere. I know this is easier said than done, but using the same password for every single account is the easiest way to give hackers full access to your entire online presence and financial information.
Number three, always update your software.
You know when your laptop or phone asks you to download and install an update?
Do it. Updates to your operating system often include critical patches and protections against security threats.
Number four, be careful of how much information you post online.
As discussed above, most scams and hacks are based on social engineering, and scammers often cyberstalk their victims to understand them before creating their scams.
Hackers can determine where you’ve been when you’re out of the country, your lifestyle, and your spending habits, and then create authentic attacks.
For instance, suppose you’re anticipating a delivery from an online retailer like Shein.
In such cases, scammers may craft a fraudulent website resembling
Shein’s interface and send you a message claiming that urgent action is required to secure your package.
Clicking on this link could redirect you to a malicious website designed to infect your device with malware or prompt you to divulge sensitive information like your credit card details.
Don’t take pictures of personal information like your ID or credit card number.
Some apps require access to your gallery, and your information can be stolen this way.
Educate yourselves, your employees, and your children about the dangers of online.
All it takes is one employee to expose your entire system.
Remember, if it’s too good to be true, it probably is.
Don’t be played. That’s all from me today.
Until next week, take care and be safe!