The 12 Threats of Christmas

For most of us, Christmas is an enjoyable time of the year, with some time to relax and spend with families and friends. With spirits and internet usage at an all-time high there’s no better time for cyber-criminals to lure victims online. But fear not, Reliable Networks gift to you this Christmas is the gift of knowledge, and our 12 Threats of Christmas will stop the Grinch ruining your festivities.

Ransomware

With the high price of gifts for the family, the last thing you want to happen is a Ransomware attack.
It’s a type of malware where cyber-criminals encrypt a device/information, demanding that the victims pay to unlock the encryption. There is a lot of debate if its even worth paying for this, as there is no guarantee that your devices/information will even be unlocked. With a proper back-up strategy, including keeping these back-ups offline, there should be no need to worry.

Phishing

It may be the season of goodwill but that isn’t the case in regards to cybercriminals
Phishing attacks usually occur through emails and see users receiving authentic-looking emails from a bank or organisation, they may be asking for personal information or for you to click on links which can download malicious files to your computer. Look at the picture below, this is a perfect example of a phishing attack, and i will show you some basic steps on how to spot it as fake.

 

 

As you can see, this looks like a
genuine email from Royal Mail,
but if you look at the email
address the email came from
you can see that it is just
nonsense, this is a tell-tale sign
that the email is fake.

Another thing is if you have a
email account with one of the
big email companies (Gmail,
Microsoft, Yahoo etc) then they
should automatically pick up on
these emails and then put them
in a spam folder.

This email wants you to click on
a button to ‘Book a redelivery’ but
this button may then download
bad files which could infect your
computer.

 

 

 

 

Mobile Malware

One of the most use devices at Christmas is Mobile Phones. Unfortunately they are just as susceptible as Laptops/PC’s due to them being able to do a variety of things, the downsides of having a mobile PC in your pocket is that Malware and Viruses can take over.

With an abundance of personal information as well as other peoples information, your phone is a cyber-criminals Christmas present. You will have peoples phone numbers, emails, Facebook and other social media account information, photos and lots of other data. This malware can infect your phone through emails and also through SMS (Text Messages) It can then send all of your texts to the attacker along all contact info, and even bank details.

To reduce the chance of this happening only install things on your phone that have been verified by the app store for the OS you are using. Also be wary when opening emails and SMS messages as they may also leave your device open to being infected.

Identity theft

When you are posting on your social media accounts over the holidays you should be careful what you actually post, It goes without saying that you should say when you are going on holiday as people will know your house is empty, but there is also a digital threat to posting all the details of your life.

Simple details about your life can allow a cyber-criminal to gather personal information about you and even trick you into giving out more. Social media websites like Facebook and Twitter are a gold mine for ID thiefs. Here are some simple steps you should take in order to stay more secure.

  • Choose a secure password – we suggest 10 characters long with at least 1 capital letter, a number and a symbol     [!£* etc]
  • Setup login alerts – on Facebook you can switch on login alerts and you will be notified every time someone logs into your account from a new device.
  • Change your privacy settings to post to friends only – if you wish to share something publicly you can do so on a post-by-post basis
  • Check who can see your personal information – you can set about section of online profiles to only allow you to see your physical address, email and phone number
  • Never agree to connect to anyone you don’t know – if you agree to connect to someone you don’t know they will have access to your profile and your information.

Adware

You may have noticed that once you have searched for something online it starts to pop up on most pages you visit. This is due to cookies and if you want to disable this you can turn cookies off in your browser settings. Although the majority of these are harmless, attackers have found another way to try and get your information. We advise not to click on this ads and if you want to view the item being advertised, search for it on a credible search engine (Google, Bing, Yahoo)

Spyware

He sees you when you’re sleeping, he knows when your online…

This isn’t Santa we are talking about, its the cyber-criminals behind spyware – secretly installed malware often installed after a file is downloaded or a pop-up clicked.
Spyware can monitor your keystrokes, read your files, access your applications, even turn your webcam on! The information is then sent back to the attacker.
If you keep your firewall/anti-virus software switched on and updated then you should have no worries, and always be wary on what you click online, or what files you download.

Smishing

Smishing is very similar to Phishing attacks which usually come in over email, but a smishing attack comes through SMS.
Typically you will receive a text message looking like it has come from a genuine source, advising you to click on a link or enter some personal details. However this SMS is forged and not to be trusted. If anyone is asking for your personal information through a text message it is usually never genuine, as legitimate companies, banks especially will always phone you for important requests.

Spam

If you have been ordering a lot of gifts online, you may find yourself getting even more unwanted emails than normal. Most people receive spam at some point, and most of the time it will get quarantined by your email provider. But sometimes they slip through the cracks and can bring malware with them. Again, if you just be aware of what you are clicking on, some signs to look out for are; strange email addresses that don’t look genuine, If there are spelling errors or mistakes, and another sign to look out for if there is buttons to click, is if you hover over the button the link the button takes you too appears at the bottom of the page, if this looks like the one below, then it should not be clicked as it is most likely a tainted webpage.

Wi-Fi eavesdropping

Doing some Christmas shopping a your local shopping outlet? Remember that not all internet connections are secured – which is to say encrypted – and that someone may be listening in and collecting your information.
The biggest concern with this is when you are transmitting payment details across unsecured networks, they can end up in the wrong hands and could ruin Christmas in an instant.
When joining networks be sure to check if they need a password for getting online, and if they are secure, which can be found in the Internet connection settings on your device.

DDoS Attacks

A Distributed Denial of Service (DDoS) attack can take the fun out of things like internet shopping or tracking Santa’s sleigh online.
It make a service unreachable after flooding it with traffic from multiple sources.
In 2014 there was a serious DDoS attack on PlayStation and Xbox’s online networks which meant that users couldn’t use the network features of their new consoles!

Pharming

Like phishing, pharming is a type of online fraud but doesn’t require you to click on a bogus link sent via email. Instead a user is redirected to a malicious site – despite having typed the correct web address.
In 2016, up to 40,000 Tesco Bank users became victim to pharming attacks and 20,000 of them had their money stolen. This happened as people thought they were purchasing from the Tesco website, but once they had put in their personal information and bank details it was too late, and the site looked very genuine.
Something to look out for is the SSL status of the website, in the URL bar (shown below) should be a green HTTPS prefix, all websites dealing in transactions should have a valid SSL certificate as this encrypts the domain. Always check before paying!

Password security

The importance of a secure password has never been greater, with cyber-criminals cracking passwords for all manner of reasons – whether to gather personal information about you or to commit fraud. If you receive a new device this Christmas, make sure to replace the default password with one that’s more complex, we recommend over 10 characters with at least 1 upper case letter, 1 number and 1 symbol of some kind (an explanation mark “!” is a good way to end a password)
Whilst we have covered a multitude of threats to be aware of, having a strong complex password is the best first step to take to mitigate any threats. Sensible online behavior and a cautious attitude will help ensure your Christmas and your New Year run as planned.

 

Reliable Networks Wishes you a Merry Christmas and a Happy New Year!

 

Gregory Olczyk

Gregory Olczyk