In the cult classic movie, The Usual Suspects, a character explains that the greatest trick the devil ever pulled was convincing us he doesn’t exist. There is a parallel in cybersecurity: the greatest myth is believing you are not a target. But would you apply such logic walking down a dark street late at night? Would a mugger ignore you or take the opportunity? I think we all know that answer.
Cybercrime is ruthlessly opportunistic. Its criminals will target just about anyone and anything, from large companies to tiny businesses, from wealthy tycoons to penny-pinching pensioners. They use techniques that target broad swathes of people. Just as fraudsters send ‘Nigerian Prince’ scam emails to numerous people, hoping a few will bite, no one is “too small” to become the victim of a cybercrime hack.
How would you know if you’ve been hacked? There are several signs that criminals have broken into one of your devices or accounts. The most glaring is when people receive messages that they didn’t send. For example, they get messages on social media from your account, ushering them to a dubious sale or opportunity. Such messages often contain links designed to hack their accounts.
Browser hijacking is another sign of a hack. In this event, your browser routinely reroutes to sites you never stipulated — a plugin or secret configuration has likely captured your browser. Particularly common is when your browser searches load a search engine you don’t use. Alternatively, you might experience large numbers of pop-up ads, regardless of what sites you visit.
The third big sign is the easiest to spot because it announces itself. Ransomware is an attack technique that encrypts information on your device and then blackmails you for a fee to unlock the data. Ransomware attacks are particularly indiscriminate — they will happily bring a small business to its knees. Paying the expensive ransom is no guarantee you’ll get your data back.
Finally, watch out for banking hacks. Criminals hack your finances in several ways. They can clone your bank card or create unsanctioned debit orders that syphon small amounts from your account. Most often, they will con you into giving your banking login (using a fake correspondence technique called “phishing”). The bad guys may attempt a SIM
SIM swop. This method moves your number to a phone they control, enabling them to authorise sensitive banking transactions and move large amounts. If your phone stops connecting to your network, get in touch with your operator. Scrutinise your account statements for odd transactions.
There are more signs of a hack, but these four examples are the most common. So what do you do — and can you prevent hacks? If you suspect you’ve been hacked, immediately change the password of the affected service. Inform your contacts of the hack, telling them to ignore correspondence from the affected account. Contact your financial services provider if you suspect your bank account or card is compromised.
The following steps will depend on the type of attack. You can look for online information on removing browser hijacks (using a clean device, not the infected device). In the event of ransomware, you’ll want to enlist the help of security professionals. If in doubt, consult an IT provider you trust.
A successful breach is like a car accident — you can only hope the damage isn’t that bad and you can recover. Prevention is always better than cure. Create strong passwords, don’t share them between services and use a reputable password manager application to control them. Enable multi-factor/one-time pin features on accounts and use banking apps for additional security. Be critical about emails and social media: watch out for messages that seem strange, demand urgent attention and expect you to hand over sensitive information.
Don’t fall for the greatest cybersecurity myth. You are a target, so keep your devices updated, run antivirus software and be vigilant. Cybercriminals prey on our emotions and distracting lifestyles. A cool and calm head is the greatest protection against a hack that could ruin your life.
The views expressed are those of the author and do not necessarily reflect the official policy or position of the Mail & Guardian.