In this insightful article, Naveen Bharadwaj, an expert in cybersecurity, shares his expertise on the seven common cyber risks that the public often faces. As a trusted authority in the field, Naveen has generously provided his valuable insights to help individuals cultivate safe digital habits and protect themselves in an increasingly connected world.
With widespread digitization efforts, rise in devices that can connect to the internet (IoT), growing number of internets + social media users and our ever-growing dependency on technology, cyber criminals are brimming with joy as the Pandora box of cyber risks has grown bigger and is wide open for them to play with.
In most cases, these risks (threats/attacks) are motivated by financial gain, access to unprecedented data, reputational damage, sadistic pleasure and or revenge. Regardless of the motive, it’s crucial for the public to be aware of common risks and cultivate safe cyber habits.
October was cyber security awareness month and there was a lot of emphasis on creating awareness on how to keep cyber criminals at bay.
The focus or emphasis on creating frequent awareness among wider general public such as digital natives (younger generation), digital enthusiasts (middle aged) and digital entrants (older generation) is still at a bare minimum level.
While technological innovations undoubtedly continue to bring a great deal of benefit to our lives, cyber risks associated with them can have negligible to catastrophic impacts on ourselves and those around us (family and friends).
Here are 7 common cyber risks/threats/habits that the general public have been encountering lately:
- Phishing emails: You have won a huge lottery although you never bought a ticket. Some random person, sometimes claiming to be a Royal or person of high government authority, is very keen to offer you access to huge consignments of gold etc. God sent gift to make your dreams of becoming rich overnight? Of course NOT! Do not pay heed to these emails (or SMS and calls) no matter how legitimate they appear. Definitely do not divulge information or transfer any money. Let common sense prevail, nobody will give you a dime for free. Let alone such huge sums of money.
- Easy passwords and shared access: Raise your hand if any of these are/were your passwords – QWERTY123, LETMEIN, asdf1234, password, abcd123, firstnamelastname etc. Raise your hand again if you have the habit of writing down your passwords in places easily accessible to others or worse you share it with others. There’s a reason why passwords were introduced – to give YOU and only YOU access to something. Make sure you set strong passwords, change them periodically, store it in safest places (if you really have to) and do not share it with anyone, no matter how close they are to you.
- Shared USB / USB cables: Did you know that the latest growing trend is to inject malicious software into your devices (phone, tablet, laptop etc) through USB cables and not just through USB sticks = pen drives? Before you reach out to that random unknown person to borrow a cable in the airport, mall or wherever, just to give a boost of charge to your device(s), think twice and act wise. You are better off with a temporarily dead device than an unfortunately hacked one which might transfer full control into bad hands. Try your best to rely only on your own USB cables and or that of those you trust.
- Malicious sites and apps: Fancy playing online games, quizzes, puzzles, photo editing and what not? There are plenty of really cool sites and apps that give you unlimited entertainment, for FREE. But did you ever think where do they make their money from? While not all are bad, there are plenty of examples where the site/app is secretly collecting your sensitive data to sell to marketing companies. Or worse, gaining unauthorized (or unknowingly authorized) access to your device or accounts. Before getting carried away, try doing some background check. Read some reviews. Resist if you can until you know for sure that this site/app is safe to interact or transact with.
- Free wifi: Cafes, hotels, buses, airport, malls and salons. What’s that one thing common in these places these days? They all seem to either be offering free wifi or you find one or the other open wifi network with strange names. Your temptation to access your Whatsapp, InstaGram or any other app/site/tool using these wifi networks can end up being a costly mistake as the network could be a trap set by cyber criminals to collect your data and or access your device without your knowledge. Ensure that you are connecting only to legitimate and verifiable wifi networks (access points). Double check with the concerned staff if the network is indeed legitimately theirs and if its safe to connect to it.
- Social engineering: Another common and rapidly growing threat, similar to the phishing email concept. You get a call from someone claiming to be from your bank, telecom operator or internet service provider. They sound very genuine and also seem to have some of your confidential information, perhaps gathered using some of the above techniques. Using that, they ask you questions or make you take actions that can put you at the risk of losing tons of money, sensitive information and your reputation. DO NOT ever share sensitive information or perform critical actions because of a mere inbound phone call or SMS. Check, double check and choose to contact them back using officially recognized channels to verify if they are who they claim to be.
- E-commerce frauds: Remember that ad or sponsored post/video on Facebook, YouTube, Google search etc offering electronic gadgets, luxury clothing or a staycation at less than throw away prices? It sure sounds cool and takes you to a website that is even cooler. Sufficient to convince you that the deal is legitimate and make you pay. But don’t be surprised if you never get what you ordered as there are plenty of scams out there with spoofed sites and minor character variations that the naked eye may not catch. For ex. www.Iamgenius.com and www.1amgenius.com seem stunningly similar but they aren’t. Notice how the first character of the first domain is the uppercase alphabet ‘I’ while that of the second domain is the number ‘1″. That’s how easy it can be to trick you. So always check if you are using the correct website and the URL isn’t spoofed. Use only recognized sites for your online shopping needs.
Have you or someone you know been a victim of any of the above? What are the other common cyber risks that you have come across or hear of?