As dawn breaks, you instinctively reach out and draw the curtains to soften the sun’s intensifying glow. “Just 5 more minutes”, you plead wordlessly but at the same time, your cellphone is already in your grasp and its comforting, pale glow drapes your senses in a blanket of innocuous interaction and stimulation, blocking out the reality of a new day for a little while longer. Before you enter the shower, you are already clued in to the latest happenings via Facebook, checked your emails and perhaps even offered your comments on the latest restaurants or global event on a public forum.
Data, information, statistics of all sorts flow in unseen torrents around us, zipping onto the information superhighway and fanning out into cyberspace. It is here that the important can sifted from the inconsequential and exploited to the detriment of the rightful owners. As many aspects of daily life are now also online, your privacy is at greater risk of violation now, more than ever. The methods themselves range in maliciousness and sophistication and run from pure trickery to complex schemes.
Getting conned on the internet
Image Source: Theconversation
Scams rank lowest on the scale and capitalise on naivety, carelessness, emotions or misplaced trust. Contrary to common belief, even the computer savvy are susceptible. In fact, according to a report by the Federal Trade Commission (FTC) in the USA, of those aged between 20-29 who have reported fraud, 40% lost money, as opposed to 18% of people in the age group 70 and above. However, the latter reported losing larger amounts on average. Scams commonly use a technique called phishing which involves obtaining sensitive data such as passwords or credit card details through online communications such as whatsapp or email. Most are easy to identify but others utilise harmless looking hyperlinks, attachments or even a false identity such as that of a trusted institution, friend or relative to achieve their ends.
Payment fraud or transaction fraud is another mode that is employed. Even users of trusted sites can fall victim. This is perpetrated by various means such as Pharming or Pagejacking which, occurs when traffic is directed from a legitimate retail website to a fraudulent one. Much more sinister is when online retailers or businesses are compromised by a hacker who then gets away with sensitive information and access to individuals’ bank accounts. Smaller, less cyber savvy companies are not the only targets, even large ones with established online security measures in place are at risk. This is especially so since 2011, when tools were developed to infiltrate the industry standard security feature known as secure sockets layer (SSL) which is identified on supposedly protected websites that begin with “https”. In 2017, Intercontinental Hotels Group reported that credit card data of its guests at 1,200 of its hotels in the U.S had been hacked from its systems. Just earlier this year, in February, an Indian bank, City Union Bank, reported almost US$2 million in unauthorised transfers by hackers. Add to this the growing adoption of cashless payment apps like e-wallets, hackers now have another avenue to gain access to your cash. All it takes is for an untrusted app or modified version of an otherwise legitimate app to be installed unwittingly and your complete dossier of personal information could be hijacked.
Image Source: Hootsuite
The all-pervasive social media platforms consume an average of 2 hours of a person’s time per day. This balloons to 9 hours a day for teenagers. It then, is no surprise that cyber crimes targeting sites like Facebook, Youtube and Instagram have surged in recent years. By some accounts, online offenses through this medium has grown by as much as 70% in the months leading up to 2017 and has shown no sign of abating. The objective of these breaches have also become more complex. Moving away from opportunistic parlour tricks to lighten wallets one person at a time, to social engineering and analytics with big data. This is where the big score is at. Data is the new currency and unfortunately, a lot easier to get away with pilfering.
Watch enough Hollywood blockbusters and you will know that the most sophisticated systems are only as secure as its weakest link. In most cases, this ignoble label would fall onto a single person. Drawing on historical references, even the most formidable piece of engineering designed to keep intruders away, the Great Wall of China, was compromised by a general who opened the gates for the invading hordes. This, is in essence the aim of social engineering. Instead of taking down a chief of security system or hacking through a slew of the latest cyber technologies to reach its objective, it exploits human psychology to gain access to places, systems and sensitive data. It may sound like science fiction but with the ubiquity of social media and the amount of data available on it, coupled with predictive algorithms from the most intuitive software, one could literally change the world.
With the use of psychometrics, answers and online reactions to seemingly harmless questions like which is your favourite music band or cosmetics brand, can accurately predict personal information like age, sex and ethnicity. The personality models were so precise that 70 “likes” were enough understand a person better than his own friends, 150 what their parents knew, and 300 “likes” what their partner knew. These “data thefts” are so inconspicuous and do not immediately result in any physical loss so the dangers have only recently come to light, especially in the case of Cambridge Analytica and how their work might have influenced global politics. Using data gleaned from an application on Facebook, profiles of millions of users analysed and targeted material was disseminated to them, with the intention of influencing their decisions and opinions. Unfortunately, the Cambridge Analytica saga is just the tip of the iceberg. Aside from data mining companies, there are dozens of ways that you are leaving behind personal data through cookies and other means that can find its way onto the dark web for illegal purposes.
Image Source: BusinessTimes
This is when minor, seemingly insignificant information leaks take on a sinister shade. The recent attacks on Singapore’s national healthcare group prove to be a poignant case in point, where the personal particulars of up to 1.5 million people was stolen by an unknown perpetrator. The stolen data included name, age, gender and even national identification number and home address. Prominent people including current prime minister, Mr. Lee Hsien Loong and former prime minister, Mr. Goh Chok Tong appeared to be specifically targeted. The sophistication of the attack has brought about suspicions that this was not the work of mischief or petty crime but one that could have involved nation states to facilitate blackmail or espionage activities.
Keeping your guard and firewall up
If you are not fond of being surreptitiously swayed in your thoughts, or having your actions discreetly manipulated in this manner, there are several things that you can do short of disengaging from social media or giving up fun internet surveys. The first thing to do is to review the security settings on the browser, email, social media platforms and applications that you use. Facebook for example, has settings that limit who is able to view your posts and your profile while, Apple’s Safari browser has options to block website tracking. Facebook also allows users to customise and select which apps have access to your data such as profile, friend list and by extension to the information that they post. If you so choose, it is possible to disable the app platform in Facebook completely.
Image Source: Kaspersky Lab
Accessing anything on the web these days involves downloading all sorts of files, including cookies, plug-ins and tracking URLs. Although these are mostly deployed to provide you with a more relevant user experience, you never know what else is being done with your information. You should periodically clear or review your cookies, browsing history and downloaded plugins, especially those not in use. The number of plugins you have increase your chances of an attack, so it pays to review which ones you have installed, that they are up to date, are from reputable sources and that any disused ones are deleted.
If you do not want to alter any of your online habits, you should consider using third-party tools to minimise any data leaks. For secure messaging, Off-the-record encryption blocks third-parties from listening into voice and video calls, in addition to text messaging. Using a Virtual Private Network (VPN) extends a secure and private network over a public one, making anonymous, untraceable use of the internet possible. Emails are notoriously easy to hijack but there are several programs that one could use to encrypt them. Some common ones are EnigMail and the CipherMail app for Android cellphones. For secure surfing, a popular choice is to install the Tor browser which, hides your history and location from prying eyes.
Last of all, vigilance adds an additional layer of security. You should watch what you click on or post online. All the smartest technology cannot work if your actions run contrary to it. You should also watch out for websites that start with only “http”, instead of “https” which implies that it does not even operate the standard security technology for linking a web server and browser. Maintaining multiple email addresses may seem like a drastic step, but it is an efficient way to organise personal and work related emails from correspondences that might attract spam and unsolicited marketing emails.
With so many ways to sneak a peek at your sensitive information online, it can hardly be called unfounded paranoia if the next time you log on to the internet alone in your room or office and you have a feeling that someone is looking over your shoulder. Chances are, you are not alone and someone is indeed watching you.