Electronic crime on the increase
Here are some precautions users should take to safeguard their personal information from possible hijackers
YOUR computer should have antivirus software that you update frequently, keeping you safe on the internet. But which precautions do you take with your smartphone or tablet? Those gadgets are not immune. Let’s consider the extent of your online exposure.
Electronic crime is an everyday reality, usually taking the form of exploitation of security vulnerabilities for the theft of access codes or personal identity information, which is then used to perpetrate other crimes.
Jennifer Waters reported in the Wall Street Journal on December 29 last year about the biggest hacking and malware (malicious software) threats for the coming year. At the top of the list were smartphones and tablets, especially Android devices. Kaspersky Antivirus said they identified more than 35,000 malicious Android programmes in 2012, six times more than they uncovered in 2011.
Even Apple devices, although designed to limit the ability of applications to proliferate or do damage, are not immune.
According to comScore, in America in January this year Google Android ranked as the top smartphone platform with 52.3% market share, Apple’s bite was 37.8%. BlackBerry ranked third (5.9%), followed by Microsoft (3.1%) and Symbian (0.5% ).
The FBI’s internet-crime complaint centre (IC3) posted these safety tips to help to protect your mobile device:
Know your device’s features, including the default settings. Turn off unneeded features to minimise the attack surface;
If the device’s operating system has encryption available, use it to protect personal data;
Before buying an app read the reviews on the developer who published it;
Review and understand the permissions you are giving to apps;
Passcode-protect your mobile device and enable the screen lock feature after a few minutes of inactivity;
Obtain malware protection — look for antivirus or file integrity applications to help to protect your device;
Be aware of applications that enable geo-location. They will track the user’s location anywhere and can be used for marketing, but also by criminals;
Jailbreaking or rooting is used to remove certain restrictions on the device. This allows the user almost unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device, possibly allowing any compromise to take full control;
Never connect to unknown wireless networks. They could be rogue access points that capture information passing through them;
Wipe your device (reset it to factory default) before selling or trading it in to avoid leaving personal data on it;
Smartphones require regular updates — neglecting updates increases your risk; and
Avoid clicking on, or downloading, software or links from unknown sources.
Be aware of SIM swap fraud, whereby criminals obtain a clone or replacement of your SIM card, enabling them to receive your one-time passwords for online banking. They could add their own beneficiaries and empty your account.
According to ITWeb, up to 50 cases a month were reported to SA’s largest mobile service provider.
Last year the “eurograbber” banking Trojan duped about 30,000 European online banking customers out of about €36m by infecting the links between the users’ computers and mobile devices (which received onetime passwords), Ellen Messmer reported on December 5 2012 on the Network World website. Beware, this scam could go global.
Your identity information is retained on various databases, from
An estimated $68.3bn was lost due to cybercrime in the US during 2010
Facebook to your bank, telephone company, medical scheme, etc. The security of that information is in both their hands and yours, but in moderation of their exposure to liability they tend to take determined efforts to protect that data. Your identity is arguably at greatest risk from yourself.
Other prime examples occur when fraudsters post false web pages “over” legitimate ones, posing as legitimate pages on which you would enter account data, known as “pharming”. Or when they send e-mails posing as a trusted service provider and requesting you confirm personal details via a hyperlink — known as “phishing” or “spoofing” — and the link sends your details to their database. Always verify that the domain name in your browser’s address bar is where you should be before validating your details.
Check hyperlinks, delete unsolicited e-mails and never click on unknown attachments no matter how cute they seem to be. Remember, banks will never request you to connect to them via an e-mail message. Malicious code in attachments could expose you to the nightmare of stolen identity, false claims and an emptied bank account.
Several antivirus software providers agree that the following will likely be the main focus of hackers in the coming months:
Medical identity theft from medicalscheme databases — stolen identities would be used to submit false claims.
Targeted attacks — random individuals will always be targets of cyber criminals, and this year is expected to see a rise in cyber espionage, with attacks aimed directly at a particular organisation or executive.
Ransom malware — criminals hijack your data, encrypt it and demand payment for the password. Sophos Antivirus reported this is carried out by Trojan viruses delivered via e-mail.
Intercepting text messages, like the eurograbber Trojan.
Hacktivism — the group Anonymous and other political activists use digital tools to make political or social points.
Cloud attacks — if a hacker gains access to a cloud-based computer server that holds data managed by a third party, he/she may have access to enormous amounts of private information. This is known as hyperjacking.
The cost of cybercrime is staggering. In his article of July 2012 posted on the ACFE website, Peter Goldmann calculated that an estimated $68.3bn was lost due to cybercrime in the US during 2010 and it was estimated that more than $10bn was spent worldwide on cybercrime prevention measures that year.
The British National Fraud Authority’s annual fraud indicator report of 2012 put the total loss to the UK economy due to fraud at £73bn, £6.1bn suffered by individuals, £1.2bn due to identity fraud and £3.5bn from online mass-marketing fraud.
Although local statistics on cybercrime are currently not readily available, South Africans are certainly the target of constant and varied cyber attacks.
Think before you click. Cybercrime is a real threat that can hurt you and your business. In the 1960s the hippy mantra was, “Turn on, tune in, drop out!”, but times have changed and the mantra for the 2010s should be, “Turn on(line), log in, watch out!”
Be wise and use precautions on your mobile device. Protect your tablet and hopefully you will avoid getting a dose of the bitterest pill.
THINK BEFORE YOU CLICK