Safeguarding your online accounts against cyber criminals: Part 2

To read part one click Here.     

     It is very likely that you or someone you know has had one or multiple of their online accounts hacked into. It happens to everybody: individuals, small and big companies alike, can have disastrous consequences and makes you feel extremely vulnerable. In this three part post we will talk about some tips to give cyber-criminals a hard(er) time in their inevitable quest for easy money or their five minutes of glory.

     While no security solution will ever be perfect and cyber-crime will always exist, each individual plays an important part in helping or hindering the act of cyber-theft. We will take a look at the most common and efficient ways to safeguard your information and identity. If you want to share some of your own tips, please feel free to leave a comment.

Authenticate by following best practices

Password

     The traditional password remains the most used method to prove our identity. It is simple and quick for most of our needs. However there are many factors that make the password a security problem:

• we choose weak passwords
• we reuse the same passwords
• we never change our passwords
• we store or share our passwords in clear text

Two-factor authentication – a feature not currently available for many sites – provides an extra layer of security by requiring an extra piece of information to validate your identity. Typically, it consists of an text message containing a temporary access code. Since it still requires the user to type in a code or PIN within their browser, it is susceptible to man-in-the-middle attacks. Put it simply, active malware will be able to intercept both the password and the code either through keyboard input or directly from the browser.

     Another method called Out of Band Authentication requires two different channels to login the user. For example that text code must be sent back using the phone (second channel) rather than the computer. At the end of the day, it is still irrelevant to keyloggers and phishing pages which are simply waiting for the user to enter their information. We already addressed the malware issue earlier, let’s now look at phishing threats.

Recognize a phishing attempt

     Criminals love to social engineer their victims because as humans we tend to believe what we hear or see and we most often follow what we are told. The other advantage is that social engineering goes above all traditional security measures which usually require more work to break through.

     Phishing is one type of social engineering where the victim is tricked into giving out personal information on a fraudulent webpage. It doesn’t matter how strong our password is if we are going to spell it out to the bad guys. Phishing scams can be targeted to a particular individual or company, in which case they are called spear phishing scams, or simply spammed out to millions of people with the hope that a small percentage of them will be tricked.

There are usually two components to a phishing attack:

• an email that acts as the social engineering piece
• a webpage that collects the information and sends it out to the bad guys

Both are usually very well crafted and look like the real thing. Various techniques are used to confuse people (legitimate looking links, replicas of the actual websites, etc.)

     Tips like looking at the address bar are a good starter but not enough, especially when more and more people use mobile phones where the address bar is too small to fit an entire URL. One technique that works well is to think for one second before entering any type of data online and ask yourself: “Did someone or something asked me to log into my bank/email/Twitter/Facebook?” If the answer is yes, you really need to think twice before going ahead.

     That's it for today! Part three will be coming soon. Part three will go over setting up a strong email account and doing damage control. If you have not taken a look at part one of our three part series check it out Here.

If you have any questions leave us a comment, shoot us an email, or give us a call.

If you enjoy or content consider supporting us on Patreon(every dollar helps, even something as small as a few cent would be fantastic). If you cant make a donation please share this site with your friends!

Like always, don't forget to follow us on Facebook!

-Zach