Considering the rate of identity theft and compromised email accounts as well as stolen account funds, it might be time to take the threats to online data security more seriously.
There are times when we just want a little more cash or extra income to invest, but with the little salary plans in South Africa and stiff budget, that might just remain a dream. A lot of people like myself, try to search for ways to make an extra income apart from our 8 to 5 job earnings. So recently, I received an email about a bonus of 23,000 for being a loyal standard bank banker, I was somewhat skeptical but the whole address and detail of the email got me by the tail and made me fall for the bait.
So I clicked the link and input my email and password, later that day I received a call and a promise of my account being credited with money the previous day. Then I received an email of a transaction the second day as well as other details of where I must invest the cash. The email contained a sale of a diamond that I can buy for a ridiculous price and make huge profits. I decided it was worth it as the cash was not directly my cash, so I obliged. I was updated regularly and this made me so comfortable, I checked my interest daily and even started shopping for a car and house.
Then sometimes mid-July, I received a mail of a deposit of 56,000 as the broker’s duty to transfer all my fee of R34,000,000.00 to my South African bank. I had followed the growth process and did all my calculations, so I decided to go to my bank and transfer the cash, but my financial banker decided to investigate and after a few weeks confirmed it was fraud. They even got access to my gmail, tapped into my google wallet and used my details for a few transactions, got my friends contact on Gmail contacts, went through my images on google image backup, and also checked my points and address through my google maps.
I was terrified and really sad that I was vulnerable to the point that I was unaware of the threat and dangers of giving a simple email and password out on an open platform at this time and age. So let me run these down and share a few facts I learned from some IT techies.
Reports of attacks and breaches made headlines across the world as many companies and individuals learned firsthand the damage a mail or database breach can inflict on a brand or Individual. Of the several lessons learned, the biggest may be that security needs to be top-of-mind for anyone, regardless of size.
A recent study found that not only do the number of bots (automated applications that crawl and scan websites) on the Internet outnumber human visitors, but smaller websites actually receive a disproportionately higher percentage of automated bot visitors — up to 80 percent of all traffic on sites with fewer than 1,000 visitors a day. Malicious bots probe sites for vulnerabilities, effectively automating web hacking.
The rise of automation has broadened the scope of attacks, making small businesses and individuals just as vulnerable as Home Depot or Target. Today, everything online is at risk. You don’t have to be a big check earner or a mega account holding company to protect your friends, business and customers from malfeasance. The following are simple measures any business owner can take to thwart attacks and prevent breaches.
1. Password Change / Update
In line with the cross reference testing done on about 234,000 people nationwide about 89% of us use personal details or events in the composition of our password. This is ranked higher in Africa, as it is believed we did not understand the seriousness of the web and its link to our daily lifestyle.
Let’s say I register an email on google, and Gmail promises me a free backup service that allows me to save my pictures, files, contacts, location, credit card details, web history, and keep a record of my phone history seamlessly. It sounds lovely at first but also dangerous, considering how much information would be accessible by a hacker who manages to hack email or database. It has led to situations of invasion of private space and loss of hard earned income.
In limiting the damage that one can possibly face from hacking, it would be wiser to consider precautionary measures than post hack methods. Regular password change is one of the ultimate keys to avoiding hack issues, it may be monthly or weekly can save anyone or company from harm.
2. Test and confirm the authenticity of all freebies
Stolen or compromised user credentials are a common cause of the breaches. eBay reported that cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network. Criminals use social engineering, phishing, malware and other means to guess or capture usernames and passwords. In other cases, attackers target administrators, whom they discover on social networks, using spear phishing attacks to obtain sensitive data.
One other protective measure is to avoid the bait, this is in the form of understanding the ” no free cheese concept” and screening every offer and promotional emails. Emails, especially highly systematized ones like Google,designed to spam emails and stop dangerous or highly sensitive emails with unknown or compromised sources to be stored in a grouping called spams or junk folder.
Today, there are a number of Freebies companies and promotion agencies that are also using email grabber software and hack duplicate systems to scan emails in order to access detailed data they can use for promotional purposes. Once we release our emails and data or sign agreements, some of these features are allowed. In order to avoid these issues, it would be wise to treat your email and password like your ID book.
3. Avoid Unnecessary Invites
Web bullies are everywhere, gone are the days when a specific social platform was better or safer. We all receive invitations and promotions on all social platforms, not to speak of the annoying request and notifications of promotional contents. Some of these are not filtered or verified and can be as problematic as our email sharing. Recently, Woza online was shut down due to a lot of illegal activities in the form of fraud or misrepresentation, the same is on most platforms today and a single acceptance of invites on social media gives access to a lot of information.
If I accept a friend request from an unknown sources and I have 2,300 friends, I have also compromised my 2,300 friends as they are visible to my new unknown contact, who can now scan and scam all the link that are associated with all my friends and their friends.
4. Verify the Professional Status of everyone
There is no harm in being a personal detective yourself. I was offered a web hosting service of R10/month from my 200/Month plan. It just was too good to be true, so I went to the location of the company on google maps and I ended up On a farm On Benoni. So I googled the company and I found several faults on HelloPeter site as well as on numerous links. So there is no harm in verifying company and personal details, it is allowed.
When using or exchanging your details with anyone, make sure they’re compliant with security best practices like the Payment Card Industry’s Data Security Standard (PCI-DSS) and Clear of any infringement case. Don’t be intimidated to ask any vendors or promoter of how they’re managing security and what certifications they have. If they have none, you should think twice about dealing with them.
Don’t overlook this. No matter how good the product or offer is, it’s not worth the risk.
Today the risk of data breach is greater than ever, by implementing these safeguard methods, online risks can be kept to a minimal and out of the headlines.