Hacking and spamming have reached new levels in the online world and it’s become very easy to become a victim of a cyber attack that invades your system and ends up stealing all your data. Find out what you’d need to watch out for while you are surfing the web, either on your mobile phone, laptop or tablet.
What is hacking?
Hacking is a term which is used to describe activities that compromise digital devices such as computers, smartphones, tablets and more. A hacker is also capable of unexpectedly breaking into entire networks and systems to prevent access to users and steal their personal data. Hacking is punishable by law as it is unauthorised access to computer systems which could then lead to further illegal activities that can have privacy and monetary impact.
What motivates hackers to hack and commit cybercrimes?
The motives can be plentiful, but here are some of the reasons why a hacker can compromise users’ mobile phones/gadgets or businesses’ computer systems:
- Financial gain
- Misuse of third-party data for taking out a loan on someone else’s name.
- Creating fake passports
- Selling data on the Dark Web (illegal online marketplace)
- To enable other criminals to commit financial fraud.
- To create targeted advertising and manipulate consumers through spam emails.
- Blackmail
- Political espionage or for creating political agendas.
- Corporate espionage
- This can involve slowing down a competitor’s website through DDoS (Distributed Denial of Service) attacks with the aim of crashing the organisation’s web servers and making the website unavailable to its customers.
- Reputation dismantling through confidential data leaks in order to ruin an individual’s or a company’s trustworthiness, business profile and reputation.
- Personal enjoyment
- People who have a natural aptitude for using computers skillfully can often curiously experiment with hacking activities without a particular goal or intention.
Who are the ‘White Hats’?
Not all hacking activity is considered illegal. As hackers are highly skilled computer aficionados, they can also be professionally hired by different companies to protect their systems from any data breaches or cyber-attacks from their not so well intended counterparts. Hackers who hack ‘altruistically’ can work as security researchers, network admins or malware analysts. They are called ‘white hats’, as they are the good guys.
How do you protect your smartphone or laptop from getting hacked?
Smartphones are as open to cyber-attacks as much as computers. Hackers are waiting for people to behave carelessly on whatever gadget they are using, so that they can compromise them and their devices. Nevertheless, there are some security measures that you can take as a personal user, which would add extra layers of protection for both your mobile phone and your laptop:
- Create uncrackable passwords.
- Strong passwords are easy to remember but hard to guess. Try using long passwords that contain a mix of letters (small and capital), numbers and symbols in a random order.
- Avoid using public Wi-Fi to avoid getting spoofed.
- Public Wi-Fi is useful when you want to save some mobile data. However, hackers can often create fake access points that resemble the names of common public locations in the area. If you are asked to create an account for accessing public Wi-Fi, hackers can steal your login details and you will lose your personal data as a result.
- Avoid using public Wi- Fi to log into bank apps or other financial services such as PayPal as banking information is extremely vulnerable to being compromised by malicious actors.
- Don’t leave your Bluetooth or your Wi-Fi Hotspot on constantly.
- As Bluetooth allows devices to connect to each other, they also allow them to be scannable for other users to see and potentially access.
- Use multi factor authentication which is a layered defence against cyber threats. This would require two or more identity credentials which could be a combination of:
- Biometrics (Touch ID reader using your fingerprint to unlock your phone, face or voice recognition, digital signature). In the rare event that this authentication method gets compromised, it is extremely difficult to recover your account, that is why it should still be combined with other authentication methods.
- OTPs (One-time passwords) which will expire after a short time.
- A PIN or a strong password.
Here are some of mobile security threats to be aware of:
- Data Leakage through “riskware apps” which request a lot of app permissions. You can read our article on what you’d need to be careful of when granting an unreasonable amount of permissions to apps.
- Unsecured Wi-Fi
- Network Spoofing using fake access points that look like legit Wi-Fi connections.
- Phishing Attacks
- Spammers impersonating well-known companies or organisations to trick people into sharing their passwords or personal details.
- Mobile phone users are more conducive to becoming victims of phishing attacks as the sender’s email address in email apps is not fully displayed due to the smaller screen. Sometimes users do not click to expand the header information to check before clicking.
- Spyware
- This monitors your Internet browsing activity and steals your personal information.
- Broken Cryptography
- When app developers use weak encryption algorithms, they risk leaving app users vulnerable to cyber-attacks including having their passwords cracked and their data illegally accessed.
- Improper Session Handling
- Secure apps generate tokens which, just like passwords, identify and validate devices during each login attempt. New confidential tokens are created every time you sign in an app. Once you close the app, the session should automatically end so that a new one is created next time you log in.
- Unsecure apps can leave sessions open and share its tokens with cybercriminals who can then intrude the network to manipulate or steal your personal data.
- Whether you are using a mobile phone, a laptop or a tablet, you should always log out of each app/program/website to ensure that the sessions are closed.
You can read more about the different hacking/spam terms in our glossary page.
What is spam?
Spam refers to unwanted, irrelevant or unsolicited content that is sent to a large number of users mainly for commercial purposes. Spammers’ goal is to create a sense of urgency and pressure which would eventually lead the receiver to believe that they are legit and eventually respond. Spam is a slightly milder form of cyber intrusion as it aims to manipulate the user by inviting him/her to click on ‘contaminated’ links within emails, text messages and websites to enable spammers to invade their computer systems with viruses.
Unlike hackers whose main purpose is to compromise and steal data, spammers are more attention seeking and they depend on people’s response in order to attack. They achieve this through the following manipulative tools:
- Advertising
- Text messaging
- Calls from unknown numbers
- Using fake profiles to comment on public platforms like Facebook and Youtube with dangerous links for audiences to click on.
- Emails that contain spam content.
The most common spam threats that we see are those sent via email. Despite spammers’ best efforts to trick audiences, email companies have integrated some efficient spam filtering technologies into their servers which can keep your inbox clean and as free of junk mail as possible.
Most of us can probably recognise fake vouchers with persuasive headlines pressuring us to click and win, or download files attached with documents which are supposedly relevant to the user. Another common spam is notifying users that their accounts have been compromised and asking them to click to change the password.
What to look out for in spam emails:
- Odd looking logos, fonts, typos and use of strange language or grammar.
- Email addresses that resemble well known retailers or businesses such as Amazon or PayPal. Double click the ‘friendly’ name to see what the email address is behind it – if it’s something different to what you expect, it’s spam.
- Links which direct you to unknown sites (especially ones which are asking you to pay or transfer money). You can hover over the link and see its destination at the bottom of your screen (on desktop), or hold down the link on your mobile to see a preview.
- Words or phrases which overexaggerate a specific event, cause, make promises or offer services which are too good to be true by offering too much in return for replying/clicking.
In the tech world, we always advise not to reply or click anywhere inside those emails. If you are unsure about their legitimacy, the best practice would be to ignore them. If the email or text message keeps landing in your inbox, you can add the sender to your block list. Whenever you are faced with a choice between clicking and skipping, the wise choice would be to skip it altogether, even if the unknown sender is using familiar or personally related content to convince you otherwise.