How to Protect Ourselves and Our Families Online (Pt. 3): Protection from Programs
Hello once again from your friendly neighborhood IT technician! Last time, we spoke about protecting your homes from active intrusion by the nefarious people on the internet and learning to recognize the methods they might use to coerce their way into the lives of your family members. While these threats are present in our day-to-day use of social media, the vast majority of intrusions will be attempted by automated processes, set up to repeatedly bombard recipients with alerts and emails until that fateful day our common sense fails, and we give away our personal information. This can occur in several ways, and it will be my goal today to share with you the most common occurrences and tools at your disposal to protect against them.
What is it that hackers hope to gain by stealing your information? This is a question I receive whenever we encounter an intrusion at the school. At first glance, it doesn’t make much sense. Chances are that most people aren’t going to click on an email that they don’t recognize. Even if they do, what can a hacker do with access to a single email account’s login data? Well, it may be surprising to hear that there is a calculated price for your personal data. A 2020 study estimated the cost of an individual’s personal data based on age, income, and ethnicity. For example, the average cost of information for an individual 18-24 is $.36.1 This information is sold to advertisers, companies for predictive market analytics, or to individuals for malicious purposes. Now, 36 cents doesn’t sound like much for the effort. However, assuming a hacker has decent hardware and can afford the upfront cost, there are programs for sale that automate the whole process. Thousands of emails sent out to public company directories or compromised website contact lists, each netting a miniscule amount of successful thefts, can then compound themselves as they gain access to the target’s personal address book. A one percent success rate of 100 attempts is only 36 cents, but one percent of 1,000,000 starts looking a bit more profitable, especially considering the ability to occasionally score financial information. And after initial setup, the amount of active work required is very minimal.
It’s important to understand that these attempts are not limited to the professional sphere. While many phishing scams (the term for an attempt to steal personal information masked as a legitimate request) focus on company directories or departments that handle financial information, there is real value in targeting children. Younger demographic data tends to be more valuable to buyers and their relative inexperience may lead to increased susceptibility to schemes. What’s more, the advent of online gaming and social media have led to new avenues for automated scamming. “Bots” are programmed accounts set to perform pre-scripted tasks that involve account manipulation, advertisement spamming, and monetary theft. Add this to phishing attacks targeted at school accounts and you have middle schoolers who are targeted by systems daily.
So, what can be done about this onslaught of automated theft? The sheer number of attempts made and avenues available is enough to overwhelm even the most seasoned internet user. The good news is the bulk of attempts are stopped at the door. If you take nothing else away from today, I want it to be two factor authentication. Many systems have begun utilizing this tool to help better protect accounts from scams and brute force efforts. Essentially, you set up an application on your phone that creates a new code every 30 seconds or so. This must be entered before the time expires when you sign into your account in addition to your normal password. While this can certainly be annoying every time you want to open your email, it is an almost surefire method for protecting an account. Any efforts to steal information can be counteracted by implementing this one feature.
If you ever receive an email that looks suspicious, be sure to mark it as spam rather than simply deleting it, as it will help inform the system to look out for similar attempts in the future. Additionally, most email services, especially those paid for by a school or work, provide a built-in spam blocker meant to filter out malicious attempts. These are constantly evolving and utilize user feedback to become more effective. If you ever receive an email that looks suspicious, be sure to mark it as spam rather than simply deleting it, as it will help inform the system to look out for similar attempts in the future. Beyond this, there are a variety of third-party spam filters available on the market. Most major anti-virus brands offer a spam filter solution and this can be used to augment your email’s defense structure. Most major anti-virus brands offer a spam filter solution and this can be used to augment your email’s defense structure. These have the benefit of allowing you control over family email accounts as well, granting you the ability to tighten or loosen filter restrictions on a user basis. No system is absolute, so there will still be emails that fall through the cracks. Most of these will be sent from people in your address book who have been hacked already, and the trusted nature of their email address makes it tricky for any spam filter to intercept. Therefore, it is important to think critically about any email sent that seems oddly phrased or requests you to log in to a separate website. If you ever receive such an email, replying to the sender to alert him or her that his or her account has been hacked will not usually work as there are ways to obfuscate incoming emails to a compromised account. It is best practice to contact the account holder by an alternate means.
When browsing the web, you may come across an alert that states your computer has been infected and you need to “run a scan” or “connect with a Microsoft support agent now.” This is meant to simulate a real threat to your machine and trick you into buying a dummy program or log in to a fake site to talk with “Microsoft.” Rest assured that in most instances, nothing has been downloaded. Web browsers now prevent automatic downloading, so the days of accidentally downloading a virus are, while not entirely gone, well behind us. Simply closing the window or restarting your web browser will remove the alert and you may go about your business. To prevent these from occurring at all, ad blockers are an excellent tool. Most are free add-ons to your browser, and they eliminate the risk of a wayward pop-up tricking someone into giving away data or seeing something inappropriate.
If you or your family members are active on social media or gaming, there must be a heavier reliance on critical thinking when avoiding scammers. If you or your family members are active on social media or gaming, there must be a heavier reliance on critical thinking when avoiding scammers. Simply put; if someone requests any personal data online in any form, do not give it to them. They may attempt to pose as site admins or offer in-game currency as recompense but know that in either case, there is nothing they can do if you simply refuse to give them anything. Teaching this to younger family members will go a long way to neutralizing a lot of threats they will encounter on the web.
If you find yourself having fallen for one of these schemes, speed is of the essence in responding. If you are quick, it may be that the system you logged into has not yet attempted to seize your account. All you must do is change the password on the compromised site and the hacker will no longer be able to access it. In addition, it is recommended that you change the password to any site or program that uses the same email/password combination, as many attacks will use the acquired login info to brute force the most used systems for matches, taking over those as well if able.
There we have it! The most common means by which an automated process will attempt to harm you or your family. While they are certainly more numerous than personal attacks, systems exist that help to counteract them, and the rest can be handled with education and a critical eye. Next time, we will be talking about Protection from Self and exploring tools that can help keep our families safe from our own temptations!
1 Steele, Chandra. “How Much Is Your Personal Data Worth?” PCMAG, PCMag, 25 Nov. 2020, https://www.pcmag.com/news/know-your-datas-worth.
About the Author
Ian Campbell is a tier three IT Technician at TCS and has been in the business for over ten years. He is a Wheaton graduate who enjoys games, hiking, and going to the movies. He lives with his wife and twin daughters in Burke where they visit farmer’s markets and traverse wooded trails.