Online Protection

During the COVID-19 pandemic, you’ve probably seen your fair share of fake Facebook or Instagram accounts created for the purpose of defrauding individuals out of money or other strange requests. Cybercrime has increased substantially during the pandemic – working from home, online banking, and socializing online have increased over the pandemic which has created significantly more opportunities for cybercriminals to ransom millions of dollars from businesses. In this article, I want to share some insights with you about what cybercriminals are doing to target you, and a few things you can do to protect yourself.

Phishing and ransomware have significantly increased during the pandemic. Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick you into revealing sensitive information to the attacker or to deploy some type of malicious software onto your computer, or device, such as ransomware. Phishing attacks have increased their level of sophistication drastically to the point that many people don’t realize there is anything mischievous going on. As of 2020, phishing is by far the most common method cyber attackers are using. An example of phishing would be an email sent to you designed to look like an official communication from your financial institution with a link to change your password or verify your identity due to a security breach, etc.

Ransomware is malicious software that threatens to publish your data unless a fee is paid. This method has been so successful that it’s been ‘commercialized’. Prior to the pandemic, criminals were required to invest their own time and resources into investigating and searching out targets. Now, cybercriminals can simply hire a ransomware service or buy software to use for their own attack automating the entire process.

There are dozens of different types of attacks, strategies, and methods used today. Companies do their best to keep everyone protected in the organization, but the bottom line is that there is no simple solution to cybercrime. There are a few things you can do to maintain your safety online and help reduce the risk of a data breach.

Password Manager

Step one to protecting yourself online is to avoid re-using passwords, instead, use a password manager to store long and unique passwords for each site. There are several different password management systems out there and they all work similarly. Password managers allow users to store online login credentials and payment cards into an encrypted ‘vault’. Memorizing multiple unique passwords can be a pain, but it’s downright dangerous to use the same password for everything, and with cybersecurity being so important right now, it’s important to make sure your online presence is as secure and safe as possible.

Many of these password managers can automatically generate unique passwords for each individual account that belongs to you – from online shopping accounts to social media. This ensures you aren’t using the same password in multiple places. You don’t have to remember passwords or addresses either, as the software can automatically fill in login information, addresses, and payment cards as you need them.

Some of the most popular password managers out there are Keeper, 1Password, Dashlane, LastPass. If you would like to implement a password manager, my recommendation is to do some research, and see which one looks the best to you – their functionality is all quite similar. The cost is relatively inexpensive, ranging from $20-$60 per year.

Multi-factor Authentication

Multi-factor authentication is an extra layer of authentication in which a user is granted access to an account after presenting two or more “factors” when logging in; commonly your username, password, and an authentication mechanism. Sometimes this mechanism is knowledge-based, like a personal question only you would know the answer to, a text message with a code, or a third-party authenticator app which usually shows a randomly generated and frequently changing code to use for authentication – (think TRREB). Some password managers have an authenticator app built-in, or there are third parties like Google Authenticator.

Many accounts like your email, banking, social media, and other accounts with sensitive data allow you to enable multi-factor authentication. Once enabled, you can pair an authenticator app to the account. The reason this is such a great tool to employ is that it immediately stops the risks associated with compromised passwords. If a password is hacked, guessed, or obtained through phishing, it’s no longer enough to give an intruder access to your account without the approval of the second factor – a password alone isn’t enough. While this extra step can feel cumbersome or annoying, this is a great method to protect your accounts online – especially those that house important personal data and information.

Virtual Private Network (VPN)

A Virtual Private Network is the easiest and most effective way for you to protect your internet traffic while keeping your identity hidden. Your computer has what’s called an IP Address – a series of numbers that identifies your device on a network. Computers use IP addresses to communicate with each other over the internet as well as on other networks. Each device on your network is assigned its own unique IP address, which makes it easy to see which devices on the internet are sending, requesting, and receiving information. Think of your IP address like a telephone number – when you phone someone, your number displays on their phone so they can see who you are. IP addresses do the same thing when you’re online which is why every single device that’s connected to the internet is assigned an IP address.

A VPN or Virtual Private Network hides your IP address by routing your internet traffic through an encrypted tunnel that nobody can see – including hackers, governments, and your internet provider. The VPN changes your IP address and changes your location for you – most VPN services allow you to select a location of your choosing based on the servers they have available in a particular country, for example, Canada, Germany, UK, Japan, etc. The purpose of changing your IP address with a VPN is to conceal your identity from websites, apps, and services that want to capture and track you.

Using a VPN is not a complete solution to your online security, think of it as another layer of protection in your protection tool kit.

Along with those 3 items above, the Ontario Provincial Police published a list of hints on how to protect yourself from being a victim of cybercrime and fraud.

  • Do not accept requests from people you do not know. You don’t know if they have malicious intent.
  • Be wary of profiles that seem ‘perfect’ in their photos.
  • Ask specific questions and look for inconsistencies in their response.
  • Be wary of individuals who always have an excuse as to why you cannot meet in person.
  • Never send money to someone you have never met.
  • Beware of profiles that do not have many friends connected to them.
  • If someone is harassing or threatening you, remove, block, and report their account.
  • Tips to recognize fake accounts: They have a high follower count but low engagement, the engagement rate is too fast, they have a large following but very few posts, they have maxed out their following count, or they only share spam content.
  • Keep an eye out for wording or messages that seem unnatural.
  • Do not click on suspicious links.
  • Adjust your social account privacy settings from ‘public’ to a more restricted option.
  • Do not overshare sensitive information (personal, financial, etc.)
  • Recognize that what you share online will ALWAYS be online.
  • Do not provide your login details to anyone.
  • Use a strong password or passphrase to protect your account.
  • Remember to log out or sign out when you’re finished.
  • Protect your account and your device by updating your software applications regularly.