Your Guide to Secure Online Browsing
You see an email from your bank. It’s a reminder to pay your credit card. You’re thinking, “What the heck? I have my credit card setup on autopay!” You’re annoyed and you want to deal with this right now. The email has the bank’s logo. The return email address is the name of the bank. You click on the link and it takes you to the login page. You enter your username and password. Click. You’ve been phished. ( https://vpnpro.com/vpn-basics/what-is-a-phishing-email/) Phishing is just one way to lure you into dangerous waters online. Our guide to secure online browsing gives you tips on how to protect yourself from three kinds of online attacks.
Attack #1: Phishing
Phishing is when a hacker sends you a legitimate-looking email with a message meant to motivate you to click on a link within it. It could be downloading a file or taking you to a page where you will you enter your login credentials, credit card information, or other personal information. Phishing emails used to be kind of obvious. Remember receiving notices that you had one some big prize, but needed to send more information (and sometimes money) to claim it? They were rife with poor spelling and grammar. Today’s phishers are more sophisticated. But, there are tell-tale signs.
Today’s phishing expeditions try to play on emotions other than greed. They try to make you angry or nervous about something financially-related. Why? Because we don’t think as clearly when we’re upset. Before you click on a link in an email related to an online financial account, stop, take a deep breath, and check the return email address. It may say, for example, “Citibank.” Hover your cursor over the name to reveal the actual email address. It may consist of a string of letters and numbers or otherwise look odd. That means it’s not likely to come from your bank. It’s always best to not click on links in an email from a financial organization, even if you think it’s legitimate. Better to go directly to the site from your browser. When in doubt, call the financial institution.
Phishing happens offline, too. Have you ever received a call from the Internal Revenue Service (IRS)? That’s your first clue. The IRS doesn’t call you. They send written notices. They definitely don’t threaten to send you to jail right then and there if you don’t pay your taxes by wiring money immediately.
Attack #2: Malware and Ransomware
Malware is a virus on your computer meant specifically to steal confidential information. (Unlike the type that just does it to be mean.) Ransomware is a type of malware. Hackers digitally kidnap your computer and hold your files hostage until you pay. Ransomware affects businesses more than individuals.
There are three ways to avoid infecting your computer with malware. Enable your computer’s firewall. Don’t click on links that in any way seem suspicious to you. Lastly, a good virus protection package for all your devices is the best defense. Consider adding software created just for ransomware attacks. (https://www.pcmag.com/roundup/353231/the-best-ransomware-protection.)
Attack #3: Man-In-The-Middle (MITM)
An MITM attack is where a hacker gains access between two systems. Once there, the hacker has many ways to steal information. Or just hang out and watch you with your own camera. Creepy.
You can find websites that tell you how to launch this kind of attack. We don’t want to aid and abet a crime, so we won’t share the link to any how-to-hack article. One article, however, provides important insight. The author specifically says the tutorial will show a wanna-be hacker a simple way to gain access to “unencrypted” traffic. This can be traffic over a wired or wireless connection. He explains that, when done correctly, the two systems (say a bank customer and their bank) will believe that they are communicating directly with each other.
The hacker waits and watches for an opportunity to steal confidential information when the user accesses the other system. For example, your utility company sends a reminder to pay your bill. When you click on the link in the email, the hacker grabs the webpage the utility company would serve up to you. They then present the web pages to you with an important change: the login credential and payment information you provide is routed to their server instead.
The best way to avert an MITM attack is to use a Virtual Private Network (VPN). A VPN provides a way to secure unencrypted networks, like public WiFi. Also, just in case, cover your camera. You can buy a cover or just use a piece of black construction paper and a piece of tape.
Spend a bit of time and money to protect yourself. The right software and a level head can ward off pesky hackers.