Reports show traditional malware attacks like virus attacks are declining, but that doesn’t mean the internet is becoming safer. In fact, new malware threats such as crypto-ransomware and phishing scams are rising exponentially.
The latter are largely misunderstood in that they don’t just comprise email attacks but can take many forms, including SMS messages. These complex scams are designed to trick users into revealing banking details, account passwords, or other personal information, from which the attackers steal money or in the most severe cases, the user’s identity.
The pandemic: a perfect environment for cyber-criminals
According to the Australian Cyber Security Centre Annual Cyber Threat Report 2020-21, there were over 67,500 cyber-crime reports in Australia in the 12 months to 2021, an increase of 13 percent from the previous financial year. 1,500 of these reports related to the Coronavirus pandemic, as cyber-criminals honed in on the topic to exploit vulnerable individuals.
The tactic worked. According to the report, more than 75 percent of pandemic-related cyber-crime reports involved Australians losing money or personal information. The statistics show a big impact on the hip pockets of Australians, with self-reported losses from cyber-crime amounting to more than AU$33 billion, with fraud, online shopping scams and banking scams the top reported cyber-crime types.
How phishing attacks are changing
Phishing attacks in the form of lookalike websites and deactivation scams are some of the most commonly used scams by cyber-criminals in 2021. It’s worthwhile knowing what these are: Lookalike scams dupe internet users to enter their credentials and credit card information into phony websites that look like mirror replicas of the originals.
Additionally, in deactivation scams cyber-criminals prey on fears that a membership, account or service will be either shut off or incur penalties if users don’t provide important details or take other action. In these cases, a user will receive what they believe to be an official notice outlining threatening consequences if they don’t act now.
According to Mark Gorrie, senior director APAC at NortonLifeLock, these attacks which were once the domain of criminals with sophisticated digital skills, have become so easy to execute that anyone can do it.
“The cyber-crime market has really developed, such that even non-technical people can go and buy phishing kits that give them all the tools they need to perform phishing attacks. Unbelievably, some even provide help-desk services to perform these really well.”
“During the Pandemic there’s been a flood of cyber-attacks as people work and study more from home online. Because phishing scams are becoming so prevalent, user awareness is just as important as having the right software to prevent them,” Gorrie says.
Here we give you some tips for staying safe and secure from these malicious attacks.
Tip 1: Never click on links or open attachments in emails or SMS messages
Most companies would never require you to send personal details or information over email. If you’re unsure of a request for information, don’t click any links or attachments or answer any unknown SMS messages. There’s no sure way to tell exactly what’s legitimate and what’s not but there are some blatant giveaways: Phishing emails often contain poor grammar, unusual phrases or strange website addresses, so avoid these at all costs.
Tip 2. Make sure you’re visiting legitimate websites
Following browser search results can occasionally lead you to fraudulent lookalike sites. For the untrained eye they can appear exactly the same as the legitimate ones, but slight differences can usually be seen.
To prevent landing on one of these websites, type webpages directly into your search engine. Also look for the S after the http in the web address and a lock or padlock in the address bar, which usually denotes a secure shopping or banking website.
Tip 3. Be suspicious of unknown communications
Attackers want you to click on their emails, links, or attachments that either direct you to their fraudulent websites or infect your PC with malware. Gorrie’s advice? “Ask yourself if the communication you’ve received is expected or possibly malicious. If it raises suspicion, is from an unknown or unexpected source, be wary and avoid replying,” he says.
Tip 4. Check privacy policies on the websites you visit
Wherever possible, find and read website privacy policies that outline what personal information will be captured and used by them. Many illegitimate websites don’t bother including privacy policies, so if they’re absent, this should ring alarm bells to stay away.
Tip 5. Update your system frequently
Keeping your operating system updated can go a long way to preventing phishing attacks. Windows updates and patches your operating system regularly to keep your system protected from the latest malware threats, so be sure you have your permissions set to allow it to. Also make sure your Windows firewall is turned on.
Most antivirus or anti-malware software such as Norton 360 will update automatically when you log onto the Internet, which takes the guess work out of knowing if you’re getting the latest protection.
Tip 6. Employ careful password management
Corrie says not managing passwords can allow attackers to do maximum harm if you are compromised. “It’s important to have unique passwords for accounts instead of the same password on multiple accounts because if you do get hit with a scam and have a password stolen, you could be hacked in your other accounts too.”
Passwords should be complex and difficult to remember to prevent hackers easily. "If available always use multi-factor authentication for your logins," advises Gorrie.
Password managers like the one in Norton 360 can be enormously useful in keeping passwords secure and helping you remember them, explains Gorrie. “So many services require passwords these days, so it makes sense to have them managed,” he says.
“The other useful thing about Norton 360’s password manager is that if you click on a link to a fraudulent banking site, like one that looks like your bank’s website, it will detect that it’s not the correct web page and won’t auto-fill your password details,” says Gorrie.
Tip 7. Review your credit card statements
Check your bank account records regularly to see if you’ve been compromised by cyber-criminals. If you notice any unauthorised transactions, be sure to report any unsolicited transactions to your bank immediately.
Tip 8. Install security software
Having security software in place that has a reputation for protecting people against malware and phishing threats, is your front line defense against cyber-crime says Gorrie.
“Your security software will most likely be filtering out attacks in your email or SMS messages. Software like Norton 360 that has an Intrusion Prevention System (IPS) will even track outbound links. So, if you do get a phishing email and happen to click on a link to a fraudulent website, the IPS engine will activate and block the link,” he says.
Gorrie says modern security software is multi-faceted, and designed to counteract the many ways cyber-criminals can launch attacks. “It’s a very layered approach to security these days, with the software doing a range of things like filtering spam, monitoring links, managing passwords or blocking links to dangerous websites. Each layer performs a different function, but overall helps to provide an overall protection capability.”