Cybercrime cost Malaysia as much as RM49 billion in an economic loss back in 2018. This number doesn’t only include attacks that stopped companies from doing business, but also from individual victims like you and me.
Most of these attacks were not due to elite hackers employing sophisticated technology to break into servers. Instead, cybercriminals have found that it is easier to just trick people into giving up their passwords. Usually through misleading links and fake login pages.
Knowing this, it is perhaps important that we learn ways to protect ourselves – and our money – from the average cybercriminal.
Passwords do’s and don’t’s
There are two pieces of advice that people generally give about passwords. One, create a secure password. Two, don’t tell anyone what it is.
Creating a secure password isn’t difficult, although remembering it usually is. Fortunately, there are services that will help in that regard. Most web browsers now offer to save your passwords for you; skipping that horrible moment when you’ve forgotten which letters were supposed to be capitalised.
You’ll be safe as long as you don’t use something blindingly obvious, like PASSWORD123 or 1234567890. When in doubt, the best solution would be to create a short phrase instead of a string of random numbers and symbols.
Not telling anyone your password is a little more difficult. People have a habit of writing things down to avoid forgetting them. You could easily steal a huge number of passwords just by walking around your office and reading Post-It notes.
If anything, it’s safe to follow the rule of thumb that you should never write your password down and never, ever tell anyone what it is. Companies will never call to ask you what your password is, seeing that they have other ways to access your records without it.
Most banks and financial institutions have now also implemented an SMS-based Temporary Activation Code system. This only serves as an additional layer of protection, so do not rely on it as your main line of defence.
Always read the URL
Cybercriminals often use what is known as a phishing attack. Their goal is to get you to try to login to a fake website and steal the information.
This is generally done by creating a website that looks almost exactly like the one you’re trying to get into. It could be Facebook, Gmail, or even Maybank.
Creating an exact copy of a website is not difficult for someone who really wants to steal information. So it’s important to always pay attention to the website address, or URL before you start entering any sort of personal information.
As a rule of thumb, an address of phishing sites always looks similar to the real thing with one or two minor changes. For example, Maybank.com may appear as MaybankMalaysia.com or Maybank.info.
Don’t click on suspicious links
Phishing attempts also come in the form of trying to get people to click on a particular link. These could be targeted ads offering special deals on things you may have been looking to buy.
What happens instead is that the link takes you to one of those fake websites, or worse. The worst is that it ends up downloading a computer virus (now called malware) that allows cybercriminals to do just about anything to your computer.
The most popular money-making computer virus at the moment is something known as ransomware.
Here, the cybercriminals encrypt and lock you out of your own computer. Holding your files, pictures, home videos, and notes hostage until you contact them and pay the ransom.
Just about anyone can fall victim to ransomware. Corporations, individuals, and even several hospitals have all been recorded as having to pay the ransom to keep their precious data.
There is also malware that is capable of recording everything you do on your computer, including the passwords to your online banking or credit card number. All this information is then transmitted back to the cybercriminals for them to use.
Be vigilant
It’s tempting to think of cybercriminals as expert hackers who use their skills to break into computer databases to steal information. The truth is that many of these criminals have figured out that the easiest way to do this is by manipulating people instead.
Breaking an encrypted banking password could take years and more computing power than is available to the average person. Fooling someone into giving up the password is so much easier.
Which is why it is up to you to be vigilant against these sorts of attacks. Technology is only as good as the person using it, so don’t make yourself an easy target.
