Protecting yourself on the internet

Using computers and similar devices to go online has made everyday activities such as shopping, banking, paying bills and keeping in touch fast and easy … anytime, anywhere. There are, however, a number of risks associated with going online –some general and some specific to the respective activities that you carry out. There are a number of sensible and simple measures which you need to take in order to protect yourself against these risks, which include identity theft, criminals stealing your personal and financial data to defraud you or empty your bank account. The precautions are as simple as choosing safe passwords and ensuring you have adequate antivirus/antispyware installed, to learning how to distinguish between genuine and fraudulent websites and emails.

In this thread you will find valuable advice on how to protect yourself, and what to do if you are affected.

Avoid ratting. Remote acess trojans

You use your computer or mobile device for many everyday private or confidential tasks, which is why it is essential to take precautions to protect it from viruses and spyware. One type of spyware becoming increasingly common is known as a RAT (Remote Access Trojan), which criminals can use to access your computer or mobile device to take control of it to obtain your private information or spy on you. This is known as ratting.

How to Avoid Ratting

Ensure you have effective and updated antivirus/antispyware software and firewall running whenever your computer or mobile device is switched on.
Do not be tempted to download programs or apps that are not from a trusted source, as they could contain RATs and other malware.
Download updates to your programs and apps when prompted to do so … they often include security fixes.

Take great care about which links you click on in emails – they may be phishing.
Take great care about opening attachments in emails, even if they seem to be from people you know.
Avoid suspicious website and torrent downloading. Many such downloads are not only against the law but also a major gateway for this type of cyber-attack.
Cover your webcam when not in use, whether it is a built-in or clip-on device.

Avoid copycat websites.

Copycat websites are those which offer services from government departments or local government, but are not the official site and charge an often substantial premium for those services, often with no tangible benefit to the customer. They achieve this by using website tools to achieve high positions in search engines such as Google, often ranking them higher than the official site and making it appear as though they are ‘official’ or ‘authorised’. They also have website addresses designed to confuse with the official site, and often feature a similar look and feel and brand design.

How to Search and Buy Official Services Safely.

Do not automatically opt to use the first website(s) you find in a search engine, even if the address seems authentic and you are in a hurry. Instead, take time to look for the official website.
For Nigerians you can normally tell that site is official if it ends in ‘.gov.ng’, it has the department, agency or council’s authentic logo and contact details and the prices are cheaper.
If you do opt to use an unofficial site to purchase official services, make sure that the payment page is secure by checking that the address begins with ‘https://’ (the ‘s’ is short for ‘secure’) and there is a locked padlock in the browser window.

If you think you have been misled into overpaying by using an unofficial site:

Contact the site to insist on a refund, saying you think you were misled.
Contact the relevant government department or agency or local government organisation and report the copycat site..

Mobile banking.

Mobile banking – using banking apps or mobile websites on smartphones and tablets – is growing rapidly in popularity as people realise the benefits of the convenience of checking accounts, transferring money and making payments from the comfort of their armchair or whilst out and about. The major banks invest heavily in security to make your mobile banking experience safe and secure. However, it is your responsibility to ensure that you are using mobile banking responsibly to protect yourself and your finances.

Safe mobile banking

Make sure your smartphone or tablet is always protected with a PIN which is difficult to guess.
Do not reveal your PIN to anybody, nor write it or store it where it can be found. Like online banking from a computer, choose, use and protect passwords and memorable words with great care.
Take care not to leave your device unattended, or left or stored in an insecure place. Download a tracking app which allows you to erase your data remotely, or enable this feature if already on your device.
Keep the banking and other apps on your device regularly updated. Always log out of your banking app or mobile website when you have finished using it.
Closing the app or web page or turning off your device may not be sufficient.
Do not use unsecured Wi-Fi networks for banking, purchases or checking your emails. In public places, it is very difficult to tell if a hotspot is secure or not, so it is always best not so use it. It is better to use a 3G or 4G internet connection, even if it is slower to do so.
Take care when downloading apps: make sure that they are from an authorised store and check reviews and recommendations.
There are thousands of malicious banking apps circulating, especially for Android devices, even downloadable from official app stores.
Download, use and keep updated one of the many reputable internet security apps for your device.
Check your device’s security settings to ensure maximum protection.
Check that your bank's mobile app has been validated for its security.
Look on their website for their own published statement on how they have done this. Alternatively, check other app users’ views by searching online.
Read your bank's terms and conditions for mobile banking. Be sure you know what your responsibilities are, and those of your bank.
On the app, find and use the option for a text message to be sent every time a transaction occurs on your account.
This will notify you of fraudulent transactions as soon as they happen.
Beware of emails, texts or phone calls claiming to be from your bank or the police claiming there is a problem with your account and requesting your login or other confidential details. Your bank or other authentic organisation would never request these details.

If you are the victim of an actual or attempted fraud

Contact your bank immediately

Social engineering.

When talking about online safety and security, ‘social engineering’ means the act of manipulating or tricking people into certain actions including divulging personal or financial information … a kind of confidence trick. Social engineering exploits human nature and often plays on victims’ willingness to be helpful, or please others. It is a factor in many types of fraud.

How to Avoid Social Engineering Attacks

Never reveal personal or financial data including usernames, passwords, PINs, or ID numbers.
Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via email or phone call.
If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number.
If you are asked by a caller to cut off the call and phone your bank or card provider, call the number on your bank statement or other document from your bank or on the back of your card but be sure to use another phone from the one you received the call on.
If you cannot access another phone, be sure to hang up for at least five " before you dial out, or call a friend (whose voice you recognise) before making another call. Do not open email attachments from unknown sources.
Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen.
Beware if this is different from what is displayed in the text of the link from the email. Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents.

More to come from my cyber security series.