How often do you consider your online protection? It’s so easy to think that by having internet security and backup, you’re all set. I gotta say though, I don’t. In fact, it’s probably crazy that I worry so much about a hacker ‘breaking’ into my computer, uploading some awful virus to all my sacred files and stealing my passwords. But the more clients I get, the more paranoid I seem to become. Or perhaps it’s just age and cynicism. Either way I think my concerns are warranted.
What I mean is that as VAs we’re privy to lots of sensitive information, and our clients are the life-blood of our business, so if something happened … well, let’s just put it this way – we’d have a hard time explaining to, and then retaining those clients.
So what can we do about it?
Well after some investigation, I’ve found three of the most common and perhaps clever scams that we may encounter, and what we can do to protect ourselves:
1. Fake Wireless Access Points (WAP’s)
Basically, a hacker sets up a fake WAP that’s connected to a real WAP but with a different name. So when you or I sit down in a public place, perhaps a train station or airport or coffee shop, and decides to catch up on our emails … bamm, you connect to the ‘Free Wi-Fi’ service which is in fact, a fake WAP.
But that’s not all. Hackers are even more conniving. Rather than simply saying ‘Free Wi-Fi’ that may make you stop to think for just a second, they’ll include the location in the name so it looks genuine. For example, say you’re waiting for a train at St Pancras, a hacker will have created their fake WAP as ‘St Pancras Free Wi-Fi’. Understandably, many of us wouldn’t think it was a scam and so log on. The hacker is now able to steal any unprotected information from that computer or mobile device. Oh and by the way, you may think all your passwords are protected, but not necessarily so. Many passwords are in clear text format – so easily stolen.
How to combat it: Firstly, if you’re going to be using public Wi-Fi spots, the best thing to do is purchase a VPN. For as little as a £20 per year you can secure your own network before connecting to a public one. Secondly, don’t recycle passwords.
2. Bait & Switch
This is an industry term, if you want to find out more, but in layman’s terms – it’s when you think you’re downloading or running one thing, which in the beginning you are, and then it’s switched to a malicious item part-way through.
Unfortunately there are many instances where this can happen. Even popular websites get caught out – unwittingly. For example, a hacker will approach popular sites to advertise his download on. The link will go through an approval process and get accepted, because no malware has been detected. However once approved, the hacker switches the malware-free link with something malicious. And hey presto, you’ve got a piece of malware infecting machines left, right and centre.
This can have devastating consequences for any of us who manage our clients’ website’s. Free website apps and elements are often the cause. Perhaps you’ve come across an app or element where the user is asked to keep the original link, normally because the creator wants to get some free advertising since it’s often just a logo or emblem, but then once the file has been placed on numerous websites, the hacker will change the harmless content of that file into some malicious.
How to combat it: The only way to combat this is to make sure that you have full control over anything you download. If you don’t, then the content could be switched to something else without you even being aware.
3. Cookie theft.
Cookies are a way for websites to remember your recent activity, therefore helping them to sell more products or services. Very clever. And in fact this can come in handy for us, as they can be a great time-saver. But hackers know this and have come up with their own methods of ‘becoming us’.
There are programmes out there that with a click of a button can be used to steal cookies from our computers. These are often in the form of ‘Add-Ons’. Or of course there are the fake WAP’s as discussed earlier. So when the hacker has managed to ‘become us’, since we’ve already entered login details on some of the those websites, they can simply log in and do whatever they like without us being any the wiser.
How to combat it: Firstly, make sure your own website is fully secure by updating its encryption protection if needed. Secondly, make sure you only provide your login details on website that have secure encryption, such as https:// – although these aren’t faultless, but they are less likely to have been infected.