Smishing, Tinderbots and Tapjacking – Cyber Risks Explained by Blackstone Consultancy ( http://blackstoneconsultancy.com/2017/08/05/smishing-tinderbots-and-tapjacking-how-to-protect-yourself-from-the-cyber-unknown/ )
Over the past decade there have been numerous advancements in digital communications which have vastly improved the efficiency of our everyday lives. Unfortunately, as more of our personal and professional devices become connected to the Internet, cybercrime becomes a clear and present danger. According to Norton Security reports, cybercrime has surpassed illegal drug trafficking as a criminal money-maker and an identity is stolen every 3 seconds. There are nearly 400 million victims of cybercrime each year with costs reaching approximately $113 billion per year.
Fortunately, learning how to identify the various types of cybercrimes enables you to deploy preventive measures to reduce the chances of you and your company being targeted by hackers. Listed below are the most common types of cybercrime and how to mitigate damage from them;
Smishing: When a hacker attempts to acquire personal information through SMS (text messages). Hackers often send smishing messages with a link or phone number, masquerading as authoritative bodies (e.g. your bank). Never respond to these suspicious messages and always contact your bank to verify whether the text is fraudulent.
Phishing: The use of fraudulent websites and false emails to manipulate users into divulging personal information. Phishing is one of the fastest rising methods of cybercrime so you should never divulge confidential information via email, always remain cautious of impersonal information requests and never use links within emails to connect to external websites. Instead, open new browser windows and enter these websites through your usual login channels.
Spearing: An email that appears to originate from an individual or company when it is actually from a hacker. As with phishing, you should never divulge confidential information via email. If you doubt the validity of an email, contact the organisation in question via phone to confirm that the email originated from them.
Sextortion: When predators obtain explicit media of their victims and use it to demand a ransom. Sextortion often occurs when hackers install spyware on a victim’s computer, remotely activate the device’s camera and record footage. Alternatively, hackers can steal any content already stored in a file on your computer. Consequently, your sensitive data should always be password protected or securely stored on an external hard-drive.
Malware: This ‘malicious software’ infiltrates a computer and records, steals or damages confidential data. Malware can easily spread across devices so it is strongly recommended that you invest in anti-virus software and carry out regular scans. Never open emails from unknown parties, click on pop-ups and online advertisements, or insert unknown USB drives into work devices.
Tinderbots: A general term for an attacker who socially engineers their victims through dating apps (i.e. Tinder). Tinderbots use fake profiles to target potential victims and then socially engineer your conversations to obtain your personal information, send you malicious links, or to attempt to communicate with you via external channels. As such, you should never click on links sent by strangers; no matter how pretty they may be!
Password Attacks: Did you know that 8.5% of all logins are ‘password’ or ‘123456’? People often use generic or identical passwords for their business and personal accounts. Despite their convenience, these passwords can leave you exposed so you should always change the initial passwords on new Wi-Fi boxes, company accounts and personal devices as well as utilising password generators to create secure log-in codes.
AceKard Trojan: An aggressive phishing method which directly targets banking apps. To prevent virus infection from AceKard Trojans you should use a virus scanner app, only download apps from Google Play or the Apple Store, and update your phone as often as possible.
Denial of Service (DoS): Often used to target large companies and corporations, a ‘DoS’ attack is when a hacker prevents legitimate users from accessing their personal or professional systems, networks and data – such as the NHS attacks this year. We advise deploying a comprehensive antivirus program across all your systems as well as scrutinising your network and server configurations to prevent DoS attacks.
Man in the Middle (MITM): When a hacker tricks two parties into believing that they are talking to one another when in fact the entire conversation is being engineered by the hacker. You can prevent MITM attacks by never directly connecting to open Wi-Fi networks. Instead, use a browser plug-in service (e.g. HTTPS Everywhere or Force TLS) to establish a secure connection.
Social Media Attacks: A 2013 Norton Security report revealed that 39% of social media users do not log out after each session, 25% share their passwords and 31% connect with complete strangers. These unprotected social networking channels are profitable targets for cybercriminals so you should use different passwords for each of your accounts, log-out rather than simply minimising apps, strengthen your security settings and only add contacts you know.
Tapjacking: Much like AceKard Trojans, tapjacking operates by socially engineering unsuspecting users. A major threat to Android users, tapjackers create apps that trick users into ‘tapping’ pop-up windows thus granting them access to your personal data. To prevent tapjacking, enter your ‘Android Settings’ section and activate the ‘Draw Over Other Apps’ feature.
Online Account Attacks: When was the last time you cleared your Recent History? Do you store your credit card information or email log-ins on various e-commerce sites? Cyber criminals prey upon these acts of convenience so you should regularly clear your Recent History, Download History, Cookies and Cache and advise your employees to do likewise.
Keylogger: A hardware device or software program that records the real-time activity of users (e.g. the exact keys you press) to capture passwords, URLs, bank details, emails, etc. You can mitigate keylogging by downloading anti-virus software, only downloading software and apps from trusted sources and using the on-screen keyboard (if you have one) to avoid detection.
According to a 2014 GSIC survey, 32% of cyber attacks are executed by hackers, 14% by industry competitors and 12% by organised crime factions. Consequently, it is imperative that you remain vigilant with regards to backing up your confidential data and updating your passwords, antivirus software and firewall policies.
Ultimately, by adopting these pre-emptive cyber security measures and educating your employees on these practices, you can significantly improve you and your company’s cyber security protocols. If you have any further questions concerning cyber security and preventive safety measures then please do not hesitate to contact a member of our highly skilled Blackstone Consultancy team online today.
By Murray Perrett – Blackstone Consultancy Ltd – 5 Aug 2017
Murray is a former Metropolitan Police Service Special Branch officer who served for just over twenty-six years. During his police service Murray was deployed as a protective security specialist. Within the personal protection sphere, Murray protected British Prime Ministers and Cabinet Ministers as well as overseas dignitaries including American Ambassadors and serving and former Presidents. He deployed into a number of hostile environments including Afghanistan and Iraq to protect British government officials. During his last tour on personal protection, Murray undertook threat and risk assessments for both individuals and high profile events.