IdentityForce Logo IdentityForce Logo
Protect What Matters Most.
Posted on October 27, 2016 by in Identity & Privacy, Personal

Yep, the cybercriminals are after YOU, too: the little guy, the tiny fish in the big sea.

Perhaps the most common (and easiest) way these criminal hackers succeed in pulling off their crimes is by tricking the victim into clicking a link inside an e-mail or opening the e-mail’s attachment. These simple acts can lead to all kinds of viruses and security issues such as cyber extortion and holding your data for ransom. In some cases the hacker will steal risqué photos from the victim’s device or take unclothed pictures with their webcam. The fact is none of us are prepared to deal with this kind of invasion.

The crime of cyber extortion involves infecting the computer with ransomware, which blocks the victim from accessing their files, as they are now encrypted with the malicious software from the infection—triggered by clicking on that trick link or downloading that attachment.

The user must then pay the extortionist in bitcoins for the “cyber key” to unlock the files.

Many of these phishing e-mails request sensitive data. Such e-mails should set off alarm bells in the recipient, but in many cases, the recipient blindly, without question, follows the e-mail’s instructions (e.g., a password reset for their PayPal account—but the message was actually sent by a hacker impersonating PayPal).

Avoid Becoming The Next Cyber Extortion Victim

  • Exclude the following from your passwords: names or words that can be found in a dictionary; keyboard sequences; shortness (under eight characters). If this means resetting 25 passwords, then do so. Now.
  • Every account should have a unique password.
  • Enable two-factor verification for all accounts that offer it. Every time you (or someone else) tries to log in, a one-time code will be sent to your phone. Scam-alert bells should sound inside your head if someone like your bank asks you to send them the code in what’s called a “man in the middle attack.”
  • The ideal password is an incoherent mix of upper and lower case letters, numbers and symbols—like what a two-year-old would produce if poking around on your keyboard.
  • Never click links inside e-mails. Not only might a single click download a virus, but in other scams, the click takes you to an authentic looking site that lures you into typing in your password, username and other personal information—such as an e-mail whose subject line is “Your Account Might Be Suspended.”
    • These e-mails are designed to look like they came from your employer, bank, PayPal, UPS, IRS, heath plan carrier or even a relative in need.
    • They have a sense of urgency about them: “Act now,” or “within 24 hours” or “You must…”
  • Never open attachments. This includes attachments from a company or individual claiming they want to hire you for work.
  • Don’t post personal information on social media. Hackers can use this information to figure out login information, e.g., Princess1972 (a combination of the victim’s cat’s name + birth year).
  • Have one e-mail account for business and one for personal.
  • Never use public Wi-Fi for sensitive transactions or shopping. If you must, use a virtual private network!

Some of this might sound extreme and even inconvenient. And I’m sure at some point you’ll have to click on a link in an email or download an attachment. But take it from me; you are being targeted right now. I’ll guarantee there are malicious files and links in your inbox or spam folder waiting for you to take the bait. Be careful out there.