Cyber security is about protecting your computer and online accounts against threats that may damage your computer or cause you to lose your personal information or suffer monetary loss. Cyber criminals target you in many different ways: through software threats which you can inadvertently download, or through spam and scams in which you must exercise discernment in order not to fall for them. Cyber thieves can also hack into your computer or account to steal your identity to commit crimes.

Software Threats

Malware

Malware is basically malicious software which you (typically) inadvertently download into your computer and mobile device. They are commonly known as viruses and depending on how they function or spread, they are also called worms, bots and Trojan horses. The Internet offers a large number of computer software, freeware, games, game cracks, music and video files for downloading. The most common ways of getting infected by viruses are through downloading these files, downloading infected email attachments and documents, as well as using infected storage devices such as USB drives. One can also be infected by clicking on adware or spyware that can innocuously monitor your internet surfing habits or even change your computer settings.

  • As most of us would not even know that the emails, files or thumb-drive we just borrowed is infected in the first place, it is important to install an anti-virus programme in our computer system to detect and block the virus.
  • An added protection would be to activate the firewall, which is an embedded security feature in most computers. The firewall can be located in your computer's control panel.

Cookies

Cookies are small text files which are saved onto your computers by a website to remember your preferences and personalization. This makes for a smoother surfing browsing experience. Cookies are commonly used in e-commerce websites to remember the items in your "shopping cart" and are usually deleted after you leave the site, or have not visited for a few days. However some cookies are malicious and even after being deleted, they can recreate themselves in some other location in the computer.

  • Most browsers (Internet Explorer, Chrome, Safari, Firefox) accept cookies by default. You can set your browser to disable cookies.
  • Logins and passwords are often saved using cookies, so you should periodically change your passwords on any site you visit.

Browser Hijacking

Browser hijacking is a malicious activity where hijackers change the browser setting of your computer, forcing your browser to keep linking to sites that you don't want to go, or adding toolbars and favourites that you are not interested in. It also slows down your computer and you can't seem to go anywhere else. Browser hijacking is less likely to happen if you stick to trusted and legitimate sites. If your browser has been hijacked, reset the browser stting, or reinstall your browser.

Spam & Scams

Spam is unsolicited bulk messages sent through email, sms, instant messaging, and fax. Spam can also occur in chatrooms and in blogs. Most of the time, it is harmless but annoying marketing messages. But spam can also be used to collect sensitive information or to spread viruses and other malware.

  • If you encounter spam, simply delete it
  • Don't reply as that will validate your email address, IM account or phone number, and you will definitely get more spam as a result
  • Set up separate email accounts for online transactions and casual purposes

Just like scams in the real world, online scams are largely out to trick you of your money or to divulge personal information such as your bank account and credit card details. Online scams come in many guises:

Email Phishing scams

Phishing is when someone attempts to lure you into revealing your personal information such as your login details, passwords or credit card information through emails (usually from a financial institution) or web pages that look legitimate but are actually fake. Some signs to look out for that may suggest it is a phishing email:

  • Spelling mistakes and bad grammar
  • The link provided for you to click on is usually long, with many letters and numbers
  • The email asks that you confirm your password or login details - banks will never ask you to "confirm" these

Scamware and Fraudware

Scamware is software that poses as legitimate but is actually fake, and may wreak havoc once installed. Most scamware is advertised through online pop-up alerts or banners that try to convince a user that there is something wrong with their computer and then sell them a fake solution. It's sometimes also known as "scareware" because it largely operates by terrifying users into buying a product they don't need, usually an anti-virus or some other "tune-up" software.

In a new report1 by Symantec, "ransomware" is on the rise. This is scamware that usually masquerades as messages from law enforcement agencies. Clicking on them will simply freeze your computer, after which the scammers will try to extort money from you in exchange for unlocking it.

  • The best defense against scamware and fraudware is to get, use and maintain genuine anti-virus software. In Singapore, you can subscribe to anti-virus software from your ISPs.
  • Turn on your browser's "safe browsing" function which will prevent you from mistakenly visiting sites which are known to be malicious.
  • Continue to use your common sense on the Internet - if you are interested in anything (software, merchandize or otherwise), do your research, check user reviews and recommendations. Legitimate businesses typically will have a physical address and phone number.
  • If you do get hit with a scamware, do a simple system restore to get your computer working, and then run your anti-virus (get one installed). Alternatively, get professional help.

Advance fee scam, chain letter scam, "Congratulations, you've won ..." scam

You probably have seen many of these scam mails and postings before. They typically ask you to send money first in order to receive more money or get one good deal or another. Most of these scams and fraud rely on the greed and gullibility of users.

  • Always exercise caution and discernment online. If something sounds too good to be true, it usually is - this applies to any sweepstake, or underpriced online merchandise.

Identity Theft

Cyber criminals find many ways on the internet to steal your personal information and identity to commit fraud. They can spread viruses to your computers to discover your passwords, usernames and credit card information. They can also hack into your accounts, or hack into online businesses that store customers' information on their websites to get at the customers' credit information. Social networking sites especially are a fertile place where would-be identity thieves hang around.

  • A good way to guard against identity theft is not to give away too much information in the first place
  • On social networking sites, do not accept friend's request from people you don't know, and be selective about the type of information you post and share
  • On ecommerce sites, read the site's terms and conditions to ensure that they have a comprehensive policy on how your personal information and privacy is protected
  • Create strong passwords for your online accounts and do not use the same password for different accounts. You can create a complex password by combining two words into a "nonsense" word, using a mix of letters, numbers and symbols, eg. fishface -> fI$hf4c

1http://news.cnet.com/8301-1009_3-57548314-83/ransomware-a-growing-menace-says-symantec/

 

Back to top

 

 

As the responsible adult in the family, here's what you need to do:

  • Always keep your computer's firewall turned on. It is usually found in your computer's Control Panel. This helps to protect against hackers.
  • Install an anti-virus programme and set it to update automatically. An up-to-date programme is essential as there are hundreds of new threats that are found daily. You can purchase the anti-virus from your ISP or online from security companies like Norton or McAfee.
  • Keep Your Operating System Up to Date. Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

And here's what you can do and also teach your kids to do, especially since they are the ones who are most likely to be downloading songs, movies and all sorts of files and freebies on the internet.

  • Avoid P2P sharing software. Unless you are technically savvy, you might end up downloading something that has a virus or keystroke logger attached.
  • Do not click on ads, especially those that promise big wins or scare you about something being wrong with your computer.
  • Delete unknown emails, especially those with attachments. Be wary of strange attachments from friends too, as they may be unwitting victims of viruses sending malicious code.
  • Be careful what you attach to your computer. It's easy these days to be sharing files using a USB stick, but you don't know what viruses are on your friends' computers and what got transferred to their stick. Many virus programmes will auto launch when the USB is put into the computer — you don't even need to download anything to be infected.
  • Avoid shady websites such as gambling or pornographic sites. You are likely to get infected with a virus or spyware when you visit these sites.
  • Create strong passwords for your online accounts and do not use the same password for different accounts. You can create a complex password by combining two words into a "nonsense" word, using a mix of letters, numbers and symbols, eg. fishface -> fI$hf4c3. Complex passwords make for better protection against hackers.
  • Be more cautious when using public internet hotspots. Do not log into online accounts or perform ecommerce transactions on public wifi networks.
  • Always log off from your online accounts before you close the browser tab.
  • Always turn off the computer. Not only does this save electricity/battery, it effectively severs an attacker's connection — be it spyware or botnet that employs your computer's resources to reach out to other unwitting users.

 

Back to top