Common online threats you need to know about

Phishing

Phishing is, and remains, top of the list, because phishing is often how other online threats make their way onto your hard drive. Avoid being phished by never opening unsolicited attachments or clicking on links in email, especially email ostensibly sent by a financial institution. Always open the link manually in your browser.

If you get an odd email from a friend, check the headers, as they may have been spoofed. Check with them to make sure they actually sent a link or attachment.

Facebook has also become more of a vehicle for phishing. Infected Facebook accounts may send people malware links through Facebook messaging, so be careful of those links too. If somebody is sending you weird stuff through Facebook messenger, let them know (by a means other than Facebook) so they can secure their account.

How to defend yourself?

In addition to the above suggestions, avoid sites which do not offer HTTPS-secured browsing, easier now than ever with major browsers like Google's Chrome providing a warning to users whenever they click on a non-HTTPS encrypted site. And be sure to add an SSL certificate to your own site to establish secure HTTPS connections which will help protect your users from phishing.

If you've been hit?

Change all of your passwords and if you think your financial accounts are compromised, talk to your bank. You can also consider putting a lock on your credit so nobody can open new accounts in your name without the lock being lifted first.

Ransomware

The growth of cloud computing may have made some people more vulnerable to ransomware than ever before. In 2017, the WannaCry attack made headlines and crippled the NHS, part of a record level of ransomware threats. These include "wiper" malware, where even paying the ransom will not get your files back.

How to defend yourself?

Ransomware is generally spread through email or through compromised websites. Never open unsolicited attachments (if necessary, check to see if the person really sent the file) or click on links in the email.

If you've been hit?

Check online to see if there is already a decryptor tool released by cybersecurity firms. Don't pay the ransom, no matter what. Also, keep good, separate backups. Some ransomware will also go after your backups.

Cryptojacking

Here's one too many people have not even heard of. It's a new online threat, that really came on the scene last year, and is becoming more and more common. When your computer is "cryptojacked," malware steals some of your processing power in order to mine cryptocurrency. Generally, this happens when you visit a site, by means of a JavaScript exploit (that may or may not have been put there by the site's owner). Cryptojacking has also happened through public wi-fi and phishing attacks.

How to defend yourself?

Don't click on links in email, as already mentioned. Using an adblocker can help because a lot of cryptojacking scripts run through advertising networks. There are also specific extensions designed to block cryptomining scripts. Run an updated antivirus. If you find a site is running these scripts, avoid visiting it.

If you've been hit?

Thankfully, cryptojacking does no actual damage to your files, it just wastes CPU time, slows your computer down and may cause hardware wear. Run anti-virus software to make sure you aren't running something outside the web browser.

Spear phishing

We already talked about phishing in general, but most phishing attacks work through volume. The scammers will send out thousands, even millions of messages in the hope that a percentage of people will fall for them. Spear phishing is targeting specific individuals, often with the aim of getting into a specific corporate network. The email generally spoofs a friend or a colleague, although it may have been written by a bot, in order to get through somebody's guard.

How to defend yourself?

It's always worth checking that a link or attachment actually came from the person sending it.

If you've been hit?

If you think you have been spear-phished, warn your coworkers and IT - it may be the lead-in to a worse attack.

Man in the middle attacks

Man in the middle attacks are when you think you are sending data to one site, but it is being hijacked and redirected to another. Often this is because of dormant malware that may have been sitting on your system for a while. It looks just like you're entering all of your data on the proper network. Well-designed man in the middle malware can even get past two-factor authentication.

How to defend yourself?

Prevent it by avoiding being phished in the first place and by running up-to-date anti-virus on all devices, including phones.

IoT problems

The Internet of Things promises to increase convenience for everyone, quite dramatically. Unfortunately, when everything in your home is a computer, then everything can be hacked, creating serious cybersecurity risks. Somebody breaking into Alexa to hear everything you say might be creepy, but it is even creepier if you realise they will then know exactly when you are not at home, making you more vulnerable to burglary and physical crime. A networked home is also vulnerable to pranksters who might, for example, mess with your thermostat. In the past, IoT devices have been used to make a botnet to launch a DDoS. Medical devices are a particular issue.

How to defend yourself?

If possible, update the Linux kernel on all of your IoT devices including routers and DVRs as much as you can. Always use a strong password for devices and connected accounts. Adjust device settings so that smart home devices are not randomly listening. Some devices will store recordings until you manually delete them - if this is the case, then make sure to delete them regularly. Change the default name and password for your wireless network, and avoid using your address or name for either. If possible, then change the wake word on your devices to something only you and your family know, making sure to choose a word you are less likely to use in casual conversation.

If you've been hit?

Change all of your passwords and consider changing the device wake word to something else.

Mobile malware

It used to be that you didn't have to worry about viruses on your phone, but this has not been true for a while. Mobile phones should run anti-virus software at all times, and you should only download apps from the actual app store, rather than "sideloading" apps. Although Google and Apple can't catch every instance of malware in an app, they do reduce a fair amount of it. Trojans are the most common way malware gets onto a phone.

How to defend yourself?

Always make sure that your phone is backed up.

If you've been hit?

With phones, it's often easiest just to wipe the device and reload from backups, but bear in mind that you may reload the malware too. Consider reloading only data and reinstalling apps from the app store. Delete and uninstall apps that give you problems or which you no longer use. Keyloggers are a very common form of mobile malware, used to steal your information.

Malicious or fraudulent ads

Adblockers used to be considered rude (and still are in some quarters), but the landscape of the web is such that most people need to run one for their own safety. Poorly-coded ads may not actually be malware, but they may act as such in that they take over your CPU and cause your system to run poorly. "Malvertising" is a growing online threat, and even highly reputable websites may fall victim to advertising networks which introduce malware to their visitors. Some of these ads are programmed to target only people using certain devices (for example, an ad redirecting all MacOS users to a site recommending they download fake anti-malware software) or in certain geographic areas, so the website owner may not know they are there.

How to defend yourself?

Prevent it by running an adblocker. You can always choose to whitelist sites you want to support and trust not to run bad ads.

Stop online threats from compromising your cybersecurity!

In addition to the above prevention strategies, as a domain name registrant you should also use: (1) DNSSEC-validating DNS services, which checks that connections are being made with genuine servers, eliminating hack attacks and redirection to spurious sites; and (2) domain privacy services, which hides your WHOIS domain contact information from identity thieves and other cybercriminals

And don't forget: one of the best ways to prevent all of these online attacks is to get online via VPN. Using a VPN can protect all of your devices from man in the middle attacks, cryptojacking, and a variety of other malicious software and cyber attacks. A VPN will also hide your IP address, which makes it much harder for people to know who and where you are and how to get into your home network.

So, consider adding a VPN - whilst also practicing good cybersecurity practices and making sure not to click on links in that email, even if it looks like it came from PayPal. Or perhaps especially if it looks like it came from PayPal.

Author bio

Howard Dawson is a technology writer for Strictly Digital, specialising in privacy and security online. As an IT graduate and a writer, he enjoys exploring new topics that are relevant in today’s tech world.

photo credit