[2019] What Dangers Lurk in Cyberspace?
In predicting what online security threats will loom largest in 2019, we can start with one assumption. Online crooks will continue following the paths of least resistance to the greatest rewards. Some of the threats can be countered by conscientious consumers. Other threats are beyond the control of ordinary people, who can only make preparations to mitigate damages that may occur. Read on to learn what computer security threats should be on your radar in the coming year… |
Security Threat Awareness for 2019
Phishing is still a big threat because it works, and phishers are getting better at it. Emails that look almost identical to emails from large banks, utility companies, and other familiar institutions are not uncommon now. A phish may even address you by name if you have ever been part of a large data breach; customers’ names and email addresses are traded all over the dark web. There are fewer and fewer obvious telltales.
Back in August, I wrote about a phishing scam that incorporates information obtained from data breaches to extort money from people with a guilty conscience. (See [ALERT] The Video Blackmail Scam) I received one example of this scam email that contained an actual password that I had used. I expect more sophisticated scams to appear in 2019, using personal info from data breaches to build a facade of credibility.
Malware that covertly steals computer resources to “mine” or create cryptocurrency is on the rise. This type of malware is a constant drain on your computer which may slow down or halt legitimate activities. “Cryptojacking,” the burglary of cryptocurrency wallets and online exchanges, is increasing as more businesses and individuals participate in the crypto economy. Cryptocurrency is also the preferred medium of ransomware. A recent evil trick combines ransomware and phishing by offering the option to pay the ransom via Paypal – and offering a link that goes to a bogus Paypal site where your login credentials are stolen.
The Internet of Things (IoT) is expanding exponentially as everything from cars to toothbrushes gets an IP address. But in the rush to make everything “smart,” some designers have neglected security. IoT devices are increasingly targets of hackers. Vulnerable devices serve as beachheads on the home network from which attacks on more valuable targets can be launched. So how can you protect yourself? My best advice is to minimize the number of connected gadgets. If you want a smart door lock, a smart thermostat, smart lightbulbs, and a smart refrigerator, make sure it's well-established product from a manufacturer that has a good track record.
Mobile devices have their own fast-growing security problems. Apps that collect more data than they need to deliver what they promise are widespread; the data they collect ends up in the hands of marketers or criminals. Unsecured public WiFi networks abound, mainly because open access is easier than giving guests a password. But if you can use a network at will, so can a hacker. Spoofed WiFi networks fool visitors with names like “Free airport network” and require them to create new accounts; too often, visitors use the same credentials they use on other accounts. Phishing messages are harder to detect on the small screens of mobile devices, and users are often not paying full attention. Phishing via text message is on the rise, too.
Beyond the control of consumers, hackers target corporations that know more about customers than the latter may remember about themselves. Every trove of stolen data finds its way into the black market, and from there into detailed dossiers on millions of potential phishing victims. The number of reported data breaches increased by 32% in Q1 2018 and 47% in Q2, the latest period for which numbers are available. A record 4.5 billion customer accounts were compromised in the first half of 2018; it is estimated that 34% of Americans have now suffered at least one data breach. A common theme in these breaches is that many were not discovered and closed for months or even years.
Protecting oneself in this ever more dangerous and complex threat landscape isn’t easy, nor can safety be guaranteed. The standard precautions still apply. Keep your operating system(s) and application software up to date with the latest security patches. View every unexpected email, text, or social media message skeptically. Never click on a link if you don’t know where it leads, or open an unsolicited file attachment.
Enable all of the real-time defenses in both your security software and your web browser. Use a password manager to generate unique, strong passwords for all sites that require passwords. Use 2-factor authentication if available. Get rid of unused software to minimize your attack service.
Kind of takes the fun out of life online, doesn’t it? What's your strategy for staying safe in a dangerous digital world? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 21 Jan 2019
For Fun: Buy Bob a Snickers. |
Prev Article: [IRONY] US Postal Service Fosters ID Theft |
The Top Twenty |
Next Article: What Is Microsoft Up To? |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- [2019] What Dangers Lurk in Cyberspace? (Posted: 21 Jan 2019)
Source: https://askbobrankin.com/2019_what_dangers_lurk_in_cyberspace.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "[2019] What Dangers Lurk in Cyberspace?"
Posted by:
Lucy
21 Jan 2019
If your ISP provides "throwaway" email addresses they can be used to make a unique address for up to 500 different entities.
Then if you get an email supposedly from, say, your bank, but it is not addressed to you at the email address you use for them you'll know it is not from that bank and is likely a pshishing attempt.
Never click on a link to sign in to any website, always use your bookmarks or type in the address yourself, even when in a hurry or in a panic because of whatever the email is telling you.
Posted by:
Cold City
21 Jan 2019
If the manufacturers of programs and devices that have a flaw should be held financially accountable Same as a mechanical flaw in a device.
Posted by:
Ken Mitchell
21 Jan 2019
Just remember; the "S" in "IoT" stands for "Security".
"If you want a smart door lock, a smart thermostat, smart lightbulbs, and a smart refrigerator, make sure it's well-established product from a manufacturer that has a good track record."
And where might we find one of THOSE unicorns?
Posted by:
Isaac
21 Jan 2019
I have always started with “trust no one” and worked back from there. :-(
Posted by:
Henry
21 Jan 2019
I have begun the migration from Windows to Linux, and will soon be replacing my iPhone with a non-app flip phone. Hopefully this will substantially shrink my "hackable" profile. Notice I said "hopefully"!
Posted by:
RICHARD A DENGROVE
21 Jan 2019
Two things. One, some phishing is sophisticated and you need to dig deep for a clue. However, a lot of phishing emails still have an email address that doesn't gibe with whom they claim to be. An easy giveaway. Two, I received a text, ostensibly from a niece of mine; but it was advertising. Possibly a legitimate company but not a legitimate message. She said she had nothing to do with it.
Posted by:
johnnieberesolute
21 Jan 2019
Richard, all websites, etc., say they won't share or sell your name and email address, but most of them do. The ones that don't, have been hacked anyway.
My very first email with Microsoft has been sold or
shared multiple times and became totally useless to
the point I had to cancel it. In addition, MS has the poorest spam filters. They let thru emails with
subject lines that are anything from a series of question marks to vulgarities. Then MS wants to know why I would want to cancel.Your niece probably had her email sold or shared by some "trusted" website.
Posted by:
johnnieberesolute
21 Jan 2019
Bob, I like your title of this article, "What Dangers Lurk in Cyberspace?" Could you be a bit more specific and name all 1,000,000+?
Posted by:
benyfreshfeet
21 Jan 2019
Well that sure kind of knocks crypto-currency from being an alternative to the current financial system with the crypto-currency accounts being hacked. Again that really compromises financial security with cryto-currency.
Posted by:
Stephe
21 Jan 2019
You say data "...ends up in the hands of marketers or criminals." There's a difference?
Posted by:
Hugh Gautier
21 Jan 2019
Desktop-Mobile Cyberspace usage, are you nuts or what?
I'll tackle the Mobile part first:
1. Never put any of your personal information [banking, credit/debit] on your "Smartphone".
2. Your "smartphone" is only as "SMART" as the person inputting into it.
3. Those Apps you like, your "smartphone" is scanned when you entered the store. Now they have your information without your filling out any form giving them that right to the information.
4. Anyone with a portable scanner can scan your "smartphone" without your knowledge. Now who gave your info away? You did by having it on your "Smartphone". You are it's protection, as Verizon told me "It's only as smart as the person putting their information into it."
Your desktop/laptop is just as vulnerable as your Mobile "Smartphone" because you are opening it to hackers and scammers because of emails or those little popup ads. Also you'll get one that says Microsoft has found a problem on your computer/laptop. DO NOT hit the "X" in the upper right-hand corner to exit, pull the power, and battery on that laptop. For the desktop, pull the power to the system.
If you have hit the "X", the scammer is loading your system with their crap and they will get you to call them so they can remove that piece of PIRACY from your system. Only it doesn't work and your system is fried. Never call their number, write it down and call your local Police Dept. FBI office and report the cybercrime, because that is what it is. Think smart, if you didn't ask for it, then do not reply to it. That Microsoft scam is more insidious, you have to remove any power source laptop running on external power has a battery as well and both need to be removed. The desktop pull power plug, the program can't load with no power and you have defeated this one. Think "SMART" on all systems phones, desk, or laptop systems. Cyberspace is the "unknown" in that someone else is taking care of it, but you are not in TOTAL CONTROL of what you put out there. What are their motivations, will they cave in to others who want to look into private individuals personal data. As a prior business owner, I would not allow QuickBooks to store my company backups in Cyberspace. It's not as safe as my external hard drive that gets put into the safe. I know who is in charge of that data here on earth, but in "Cyberspace" it's unknown as to who has access. Is it the Federal Govt. going into the space and browsing because they can and you don't know? I knew where my stuff is at all times and where it is kept. They can't see what isn't out in space.
Posted by:
Jonathan Skrine
21 Jan 2019
I refuse to admit that I have a cell phone and don't buy from companies that demand a cell phone number.
I never deal with follow up telephone calls about internet orders however much they know about my order. (I did once with ASDA and £6500 was taken from my account).
Telephone marketers are answered using four letter expletives or asked to 'hold the line as I have milk on the stove' - it really is amazing how long I can make them waste their time..... after ten minutes or so I end the call with 'Thank you for calling dial a psychiatrist, all our psychiatrists are busy at the moment, please try later.
Very oddly I was contacted by my bank (confirmed by their security later) when they expected me to answer security questions without any proof of who they were. The security person's comment was 'I suppose we're going to have to tell them about that again. He was very apologetic.
Above all remember - Just because I'm paranoid it doesn't mean that they're not out to get you....
Posted by:
SamG
22 Jan 2019
The U.S. Gov't's site to report scam phone calls is down because of the Gov't shutdown. We keep getting phone messages on the land line from an "Apple customer service center" that our equipment is faulty. Or something. Press 1 for--, press 2 to unsubscribe, (sure, that'll happen) press 3 to connect to a company tech person for assistance. We don't own an Apple device.
Yesterday when checking my Yahoo! email inbox there was a message from CE credit or an organization with a similar name. Claimed it would check my credit score and retrieve it for free. Which set off an alarm. But it referred to my car loan so seemed possibly legit. As soon as I clicked on a link to check them out- "RING, RING!", Avast AV sent off an alarm that "this is a flagged website! You can't visit it!"
Well the email was sitting in the Yahoo! inbox for 2 days so I changed the passwords to the 2 financial websites I'd visited. And flagged the email as spam. Then trashed it totally. Raspberries!
Posted by:
Fonsey R.
22 Jan 2019
With all the computer geniuses floating in cyberspace, why can't one of them find a way to track down scammers and find their physical location, be it in Denmark or Kenya, etc.? Maybe Gurgle or Microsquish could offer, say, $50MM or $100MM prize to the first one.
Then the death penalty could be imposed for anyone scamming more than, say, $US75.00. That would stop this $hlt immediately.
Posted by:
Brian B
22 Jan 2019
@Fonsey
The death penalty would not stop thing. Have you considered that these people often work from overseas, and as such are not subject to US law enforcement. In addition, most countries will not extradite an offender to the US if they may possibly face the death penalty.
I agree with the first part of your post completely. Maybe we could change to a 64 digit IP, which would record an exact address, and then link it to an email address. Then we could require all servers to cross check the two addresses before forwarding this crap.
I find it difficult to believe that Micro$oft, Apple et al cannot come up with a front door key in the 21st Century.
Posted by:
SharonH
22 Jan 2019
We must face facts--the bad guys will always be at least one step ahead. The hacking of large corporations in the last few years shows that even when the best protection is put in place, it is not enough. Greed is the biggest motivator of all. I never believe any entity that states it is "hack proof". We do the best we can, and hope.
Posted by:
Lester B Noyes
22 Jan 2019
I keep a little Windows XP computer for old programs I'm used to and don't want to upgrade ($$$). It's NOT on my network or online so that's where I put all my finances, password database and other Important Stuff. (Have a pswd manager on my main computer.) And, of course, backup both to external drives, etc.
Posted by:
Pete in NC
23 Jan 2019
Lester, I have a 3.1 machine that aside from no sound still works great, and my financial is on that. Network? We don't need no stinkin' Network!
Posted by:
SandyJankowski
24 Jan 2019
You mention the dark web. I for one would appreciate a Dark Web For Dummies article.
Posted by:
Oliver Fleming
03 Feb 2019
I have been reading about passwords and passport "wallets" However what is the use of them if the company website is hacked and all the passwords stolen?
These "wallets" it seems to me only protected if your own personal computer is hacked?