There are so many proverbs warning people to err on the side of caution, so why is it that the number of victims of cybercrime is growing?
From ‘All that glitters is not gold’, to the Maltese expression warning people to only believe half of what they see and none of what they hear, the wisdom of the past is – if anything – more relevant today.
Cybercriminals have become ultra-sophisticated, using artificial intelligence, machine learning, automation and other technologies to launch their attacks. Forget the idea of a loner in a darkened room peering at four or five screens. Cyberhacking is a multibillion-euro enterprise, according to a recent McKinsey report: think elaborate corporate hierarchies with research and development budgets…
Indeed, banks – including APS Bank – were until a decade or so ago concerned with the physical perimeter of the premises. They are now concerned not with the number of cyberattacks, but with their complexity. Until a few years ago, the main concern was emails which were fairly obvious scams, claiming to have millions in an inheritance which needed to be transferred to a bank in Europe. Alas, we now look back on these days with an element of nostalgia! The way in which criminals attack victims has changed: ‘phishing’ has now entered our vocabularies, but to that has to be added ‘spear-phishing’, ‘whaling’, ‘smishing’ and ‘vishing’. And if that is not enough, cybercriminals are now not only impersonating entities like financial institutions but also entities like postal services and even the police, all carefully based on a victim’s location and personal data.
To give an example, someone who had placed an online order received a scam text saying that the ‘parcel’ had arrived and that a small fee had to be paid. However, some of the scams are far more insidious, with entire websites resembling those of a financial institution.
Cybercriminals are also playing the long game: it is not unusual for them to plant malware that lies dormant for up to several months, gathering information which it can then leverage to target the attack in a way which will not set off any alarm bells.
If an e-mail or text or message urges you to take action fast, ask yourself why. It is very often a way to panic you into doing something before you have time to reflect
It does not help that we as social media users have put so much more of our lives online. The concerns we had in the past about private information being given away through social media posts pales in comparison with the data now being shared over multiple social media sites building a digital footprint mimicking, if not exceeding, their physical one.
Hackers also try to get around the robust firewalls of financial institutions. They use social engineering to do this – using personal information gleaned about the customer which lulls them into a sense of security, then gently coercing them to instruct the bank to take various actions, which ultimately drives money into their pockets. And they specifically look out for people who may be vulnerable, either due to a personal factor or to a national one, as well as for current topics – such as donations for the victims of the Turkish earthquake.
What can you do to protect yourself? Understanding the tricks that cybercriminals use can help you to guard against them.
They use a sense of urgency to prey on the fact that we are all so busy: if an email or text or message urges you to take action fast, ask yourself why. It is very often a way to panic you into doing something before you have time to reflect.
Even though an email or text may seem to come from your bank (or a third party), ask yourself whether it is asking you to do something unusual with regards to payments or the confirmation of personal information.
And check before clicking on any links they may contain! It is wise to first reach out to the originator of the message through established channels to check whether it really came from them.
Hover your mouse over the address that was used to send an email: sometimes it reveals a very different email address, and you will realise that it is not at all from the entity it purports.
Use complex passwords, which include a variety of upper and lower cases, digits, and special characters. And consider having an email address that you only use for online registrations as this may avoid contaminating your normal one, if hacked.
Use two-factor authentication: this means that when you log in to a site, you type in a password as well as an authentication code sent to your mobile. This is based on the principle of combining something that only you know (the password) coupled with something that only you own (the mobile).
Enable authentication history on sites where available (this means you get a mobile message notifying you that someone has tried to access to your social media account, for example), including when this is from a location that is not part of your normal routine.
Beware of downloading apps or games that have not come through official ‘stores’ like Google or Apple as they may not have been vetted for malware.
They can eavesdrop on your phone and log your transactions!
Keep your devices and applications up to date as both operating systems and apps constantly upgrade to fight new forms of attack – besides introducing new features.
It is also wise to have a prepaid card used only for online transactions – and check your account balances frequently, to check for any unauthorised activity.
Try to avoid using public Wi-Fi networks for sensitive transactions: use your data plan, if possible, as that is more secure.
Most of these tips can be found on various sites, from the European Union Agency for Cybersecurity (ENISA) to private entities. However, the main message is always the same: do not sacrifice security for convenience.
Approved and issued by APS Bank plc, APS Centre, Tower Street, Birkirkara BKR 4012. APS Bank plc is regulated by the Malta Financial Services Authority as a Credit Institution under the Banking Act 1994 and to carry out Investment Services activities under the Investment Services Act 1994. Terms and conditions apply and are available on request.
The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of APS Bank plc.