Hacking has gone from an edgy Hollywood plot device to real life concern for Australians. More robocalls, more suspicious emails, and decreased cyber security – it seems that in 2019 we are constantly ducking the slings and arrows of malicious attempts to defraud or trick us into giving out information we shouldn’t.
It’s not just celebrities such as Bella Thorne, who pushed back against a blackmail attempt by hackers over the weekend, releasing sensitive material on her own volition. It happens to your friends, family and colleagues.
The internet is dark, and full of terrors these days; it’s more important now than ever to understand what we, as digital citizens, are up against.
Reports of cybercrime have been steadily growing in Australia. The Australian Cybercrime Reporting Network release quarterly reports, indicating that in 2015, they received 9,600 reports of cyber offences. As per their latest report from the final quarter of 2018, that number has climbed to more than 13,000.
The reports also reveal a surprising trend. While you may believe victims are largely Baby Boomers, seniors, or non-digital natives, the 2018 report shows that the highest victim age bracket, at 43% of all cybercrime reports, was 20-49 year olds.
To inject some fact-driven pointers into this space, we spoke with CEO of Sydney-based leading cyber security firm Skylight Cyber Security, and former member of the Israeli intelligence community, Adi Ashkenazy.
A good place to start your Cyber safety sojourn is with the Have I Been Pwned website, a safe and trustworthy service that allows you to see if your email has been hacked in the past. From there, the Australian Centre for Cyber Security as compiled a simple six-day checklist, released in April, to achieve a thorough culture of security around your online activity.
Still, you may have some questions. Even questions you might be embarrassed to ask at this point so we took one for the team and asked Adi for you. Here’s what we learnt.
You really do need to have a different password for every log in
While it’s easy to get lazy, there’s a very legit reason to not be.
“One of the most common techniques is called “credential stuffing,” explains Adi, “The idea is to reuse user/password pairs that have been leaked and are available online and attempt to gain access to other accounts used by the same person.
“For example, if you signed up to a website/app with your e-mail and ‘favourite’ password and that website/app gets hacked, hackers will try to re-use the same e-mail and password on popular services like Instagram, Gmail and Facebook.”
Never automatically trust links in emails
Even if they’re from friends or familiar organisations like Google.
“This social engineering technique involves sending a message to a target that is designed to make them click an unsafe link, download malware or somehow give an attacker important information by pretending to be someone legitimate.
“For example, a message that appears to be from an acquaintance, a large firm like Google or a service you may be using. Once the target provides enough information or downloads a malicious program, the hacker can harvest the required information from the computer or mobile device.”
Some hackers will randomly try and type in your password
With so much emphasis on ‘credential stuffing’ and phishing, people may think the days of hackers ‘guessing’ passwords are done. They aren’t.
“Weak passwords/password guessing are another common technique. A surprisingly large amount of people still use simple numeric passwords like 12345678, their birthday, pet names or other information that can rather easily be guessed or found online.”
You won’t know you’ve being hacked until you’ve been hacked
Movies and TV have gone a long way to make many people think they’ll be signs, or obvious and irregular activity that they’re being hacked, but often you won’t know until it’s too late.
“Unfortunately, there is no one full proof detection technology or solution, and it really depends on the platform. Most modern platforms today like Gmail try to abstract the detection techniques from the user and instead alert him/her when suspicious activity is identified.
“For example, when someone has logged into your account for the first time from a new device or geographic location.
“Most people discover they have been hacked when the damage has been done. For example, your entire contacts are suddenly receiving messages from you, claiming you need their urgent monetary assistance.”
Don’t assume you aren’t “interesting enough” to be hacked
You absolutely are.
“An additional awareness issue is the belief people have that they are not interesting enough for hackers. The reality of low-end hacking in 2019 is that it’s automated and non-targeted.
“Therefore, while you may not be a high rolling billionaire, if your email and password were leaked somewhere, there’s a good chance an automated campaign will pick that up and try to hack you.”
Be cautious of unsolicited incoming International calls
The ones that ring once and don’t leave a message
As per the Australia Centre for Cyber Security, Overseas calls can be hazardous. The intention behind these calls is for you to call them back. These are known as “Wangiri” calls, a Japanese term roughly translating to “One and cut.”
Upon calling back, you’ll be put on hold, or speak with the scammer directly. Either way, they’ll attempt to keep you on the line as long as possible as these numbers will charge you a premium rate to “use” the service. Like how 1900 numbers, or premium mobile numbers work – a percentage of the revenue raised by the call will go to the scammer by the service provider.
Don’t wait for proof
Even if you just suspect you’ve been hacked, seek help.
“Speed and expertise are of the essence in these cases and I strongly suggest consulting with an individual who is at least somewhat tech savvy.
In any case, you should change/update all your passwords as quickly as possible. If you are not already using multi factor authentication, enable it (it is available in all the leading social media services). If you believe a device (mobile or computer) has been potentially compromised and infected with malicious software, consult an expert.”