Online Security
The introduction of the Personal Computer in the early 1980s, the Internet – or more specifically, the World Wide Web – in the 1990s and the smartphone in 2007 has made our daily life quite different from what it used to be in the 20th Century. These technological marvels have provided us with the systems and means to access information at the press of a key, click of a mouse button or the swipe of a finger. In fact, we can conduct many of the activities that previously required us to physically visit banks, offices or shops directly from our home. Though we often take the advantages and convenience that technology provides us for granted, we need to be aware that this transformation has come at a price. It has left us exposed to a plethora of malafide activities by cybercriminals, who are doing their best to steal our personal information and our financial records for their own benefit. Some common activities are described below, along with the best practices that one needs to follow to avoid having our own identity, personal data and financial assets compromised.
Computer Virus
What is a computer virus?
A computer virus, much like a biological virus (such as the Covid-19 virus), is designed to spread from host to host and has the ability to replicate itself. Similarly, in the same way, that biological viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programming such as a file or document.
In more technical terms, a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.
Worms
Unlike viruses, worms don’t require human help in order to infect, self-replicate or propagate. As soon as they breach a system, they infect their entry point and spread through the device and across any network to which the device connects. By exploiting network vulnerabilities—such as missed operating system (OS) updates or application patches, weak email security or poor internet safety practices—worms can execute, self-replicate and propagate at an almost exponential rate as each new infection repeats the process. Originally, most worms simply “ate” system resources and reduced performance. Now, most worms contain malicious “payloads” designed to steal or delete files upon execution.
Trojan Horses
Commonly called “Trojans,” these programs hide in plain sight by masquerading as legitimate files or software. Once downloaded and installed, Trojans make changes to a computer and carry out malicious activities, without the knowledge or consent of the victim.
Ransomware
Ransomware infects your computer, encrypts your PII and other sensitive data such as personal or work documents and then demands a ransom for their release. If you refuse to pay, the data is deleted. Some ransomware variants lock out all access to your computer. Sometimes, they might claim to be the work of legitimate law enforcement agencies and suggest that you’ve been caught doing something illegal.
What are the signs of a computer virus?
A computer virus attack can produce a variety of symptoms, which can include:-
- Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or they might prod you to download antivirus or other software programs.
- Changes to your homepage. Your usual homepage may change to another website, for instance. Plus, you may be unable to reset it.
- Mass emails being sent from your email account. A criminal may take control of your account or send emails in your name from another infected computer.
- Frequent crashes. A virus can inflict major damage on your hard drive. This may cause your device to freeze or crash. It may also prevent your device from coming back on.
- Unusually slow computer performance. A sudden change in processing speed could signal that your computer has a virus.
- Unknown programs that startup when you turn on your computer. You may become aware of the unfamiliar program when you start your computer. Or you might notice it by checking your computer’s list of active applications.
- Unusual activities like password changes. This could prevent you from logging into your computer.
How do computer viruses spread?
Viruses can be spread through email and text message attachments, Internet file downloads, and social media scam links. Your mobile devices and smartphones can become infected with mobile viruses through app downloads. Viruses can hide disguised as attachments of socially shareable content such as funny images, greeting cards, or audio and video files. To avoid contact with a virus, it’s important to exercise caution when surfing the web, downloading files, and opening links or attachments. To help stay safe, never download text or email attachments that you’re not expecting, or files from websites you don’t trust.
Antivirus Software
Antivirus software is designed to find known viruses and oftentimes other malware such as ransomware, trojan horses, worms, spyware, adware, etc., that can have a detrimental impact on the user or device. Antivirus programs provide a way to protect against known threats. The effectiveness of an antivirus program is heavily dependent on how often it is updated. Therefore, it is important to have the antivirus program scheduled to update daily. Most antivirus programs rely on a library or database of known viruses that they use to compare with programs on a user’s device. If a match is found, the malicious program will either be deleted or placed into a quarantine area from which a user can decide to restore or delete the program manually. One limitation of traditional antivirus programs is that they only provide protection against known threats. Therefore, if someone cooks up new malicious code, an antivirus program may fail to detect it when a scan is done. Users should not consider an antivirus program to be universal protection against all viruses and malware. Instead, users should consider an antivirus program to be one part of a comprehensive online security hygiene regimen.
There are some antivirus manufacturers that are incorporating predictive analysis and artificial intelligence into their antivirus software to be able to detect new malicious programs. They focus on detecting malicious software based on what it does, as opposed to whether it exists in a library or dictionary. While we cannot recommend one antivirus program over another, we encourage users to do independent research to find which antivirus program will work best for them.
Kaspersky and BitDefender are generally recognised as the two best paid anti virus software, both of which have excellent virus libraries as well as heuristic detection capabilities(they also have limited free versions). Avast, AVG and Avira are the most popular free AV software, all of which also have excellent virus detection capabilities, though they may not have as comprehensive features for virus removal or quarantining.
Steps to Prevent a Malware Infection
- Have a good antivirus such as Kaspersky and BitDefender installed on your computer. It is also better to pay a small amount and have a quality premium AV, which can not only detect and remove viruses but also warn you when you navigate to a suspicious website and protect your banking transactions.
- Be wary when you receive an email – even one seemingly bonafide – that calls for action on your part, such as clicking on a link or button. Check the proper email domain address from where it originated and whether it matches the supposed sender. Do not open any attachment, even if it is from a friend, without calling him or her up and ascertaining whether it was sent by them.
- Update your operating system with the latest updates as soon as they are released.
- Avoid clicking on links to questionable websites.
- Avoid using pirated software, most of which has malware implanted normally in the ‘crack’ provided.
- Back up your important data frequently onto a separate hard disk and a reliable cloud storage provider.
Steps to take if Malware has Infected your Computer, despite taking all precautions
- Disconnect your machine from the Internet and any network that it may be connected to.
- If you have a ‘rescue disk’ (either a CD or USB drive) already of a reputed AV company such as Kaspersky and Bitdefender, you can reboot off the CD/USB (instead of the main HDD) and run the rescue software, which will search for and remove any malware it finds, including boot sector viruses.
- If there are still manifestations of malware appearing, try and restore the computer to an earlier state, where it was performing normally.
- If a simple restore also does not work, reset the machine to a clean state, where the operating system and other software are reinstalled.
- After the reinstallation, do a complete virus scan again, using the Rescue Disk.
- Only once you are convinced that all malware has been removed, should you restore the data from a backup HDD or cloud storage.
Phishing
Phishing is a type of online fraud, where an attacker sends a fraudulent (“spoofed”) message designed to trick a computer user into revealing sensitive information to the attacker or to deploy malicious software on the victim’s computer like ransomware. A target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure them into providing sensitive data such as personal records, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss. Generally, emails sent by cybercriminals are masked so they appear to be sent by a business whose services are used by the recipient. A bank will not ask for personal information via email or suspend your account if you do not update your personal details within a certain period of time. Most banks and financial institutions also usually provide an account number or other personal details within the email, which ensures it’s coming from a reliable source. The first thing to do when you receive an email, which requires an affirmative action from your side such as clicking a button or a link is to check the actual email address from where it originated. In GMail, this can be easily done by clicking on the down arrow next to the ‘To’ in the header. Common features of phishing emails are:-
- They generally seem too good to be true.
- They convey a sense of urgency and of catastrophic consequences if you fail to respond e.g. suspension of bank account
Hyperlinks may not be all they appear to be, which can be seen by hovering over a link. - Unexpected attachments – even from a known person – often contain payloads like ransomware or other viruses.
- Unusual Sender.
Vishing or Phone Scams
Just as phishing takes place through email, vishing is an attempt to collect sensitive information over the phone. Attackers often pretend to be with tech support, your bank or a government agency to steal account information or even gain remote access to your computer. Often, the scammer will put a Javascript popup on a site, which triggers when a user visits the site and typically has a message warning the user that there there is some problem on his computer, for which he needs to call a tech support number. Once the user calls the number, he is asked to download software such as TeamViewer and provide the security code to the ‘technician’ so that he can remotely check the ‘defective’ PC. Invariably, this results in the scammer gaining full access to the user’s PC, wherein he can also lock him out. One should follow these five best practices to avoid getting vished:-
- Be sceptical when answering calls from unknown numbers, even when the number appears to be local.
- Do not panic and immediately rush to contact a ‘tech support’ number, when an alarming popup appears when you visit a website.
- If they ask for personal information, don’t provide it over the phone.
- Do not download any software such as TeamViewer or GoToMyPC and provide the security code to an unknown person, as it will allow him to remotely access your computer and have total control over it
- Use a caller ID app, but don’t trust it completely.
- Search for the caller’s phone number online, even while on the call, to see if it’s a known scam.
- If the call is about a product or service you use, go to the vendor’s website or call the vendor directly to confirm the claim.
Pharming
Pharming is a type of social engineering cyberattack in which criminals redirect Internet users trying to reach a specific website to a different, fake site. These “spoofed” sites aim to capture a victim’s personally identifiable information (PII) and login credentials (such as passwords, Credit Card numbers, social security numbers, account numbers etc.) or attempt to install pharming malware on their computer. Pharmers often target websites in the financial sector, including Banks, online payment platforms, or e-commerce sites, usually with identity theft and financial misuse as their ultimate malicious objective.
There are several ways in which pharming can be carried out:-
- DNS Spoofing / Poisoning: DNS stands for “Domain Name System” and is responsible for translating human readable domain names into IP addresses that computers can understand. Pharmers modify the DNS table in a server for a legitimate website and replace it with their own IP address, causing multiple users to visit the fake website instead of the legitimate one.
- Malware: A hacker may send malicious code in an email which installs a virus or Trojan on a user’s computer. This malicious code changes the computer’s hosts file to direct traffic away from its intended website and redirected toward a fake website instead.
- Man-in-the-Middle (MITM) attacks: In an MITM attack, the attacker intercepts the victim’s traffic and redirects it to a fake site using various techniques such as Address Resolution Protocol (ARP) Spoofing and SSL stripping.
How to protect yourself from such attacks:-
- Always use a trusted and verified Internet Service Provider (ISP) & VPN service that has reputable DNS servers.
- Make sure that your web connections (web address should have https with lock icon) are secure.
- Enable two-factor authentication (2FA) on sites wherever available.
- Change default password on your routers & wireless access points.
- Be cautious of links and attachments in emails and other messages, especially from unknown senders.
- Use antivirus and anti-malware software on your device and keep them up to date.
Passwords
All of us do a considerable amount of personal transactions online such as banking, shopping, bill payment, management of utility services such as telephone, electricity and gas, etc. Each of these service providers requires us to open an account with them, whether it be a bank, e-commerce site, or public service. Consequently, over a period of time, individuals build up a large number of accounts to access these services, all of which require a login name and password.
While the login name can be relatively well-known information such as your email address, the password should be as secure as possible so that unauthorised persons cannot access your personal data and, worse still, make financial transactions.
It is, therefore, a best practice to choose passwords that as random and meaningless as possible. However, these are almost impossible to memorise and, consequently, most human beings for reasons of convenience select weak and easy to crack passwords based either on a simple alphanumeric combination (e.g. abcd1234), common words (e.g. password) or life events such as dates of birth and wedding anniversaries. Moreover, many of us use the same passwords for different sites.
These days, data breaches are being reported from various sites such as Zomato, BigBasket and most recently Air India wherein email addresses and passwords of millions of users have been compromised. If you wish to know whether any of your own personal data has been compromised, you can check it from this site. Hence, if one is using the same password for, say, banking then it may be possible for a hacker to access financial records too. It is recommended, firstly, to use a good password manager such as Bitwarden – which is both free and open-source – to generate individual and randomised passwords for each site one accesses; and secondly, also have a mechanism by which one’s spouse or dependents (or other beneficiaries of the Will) can access these sites after one’s death. It is recommended that all the user names and passwords or the master password (if one is using a password manager) be printed, sealed in an envelope and kept in a secure location, which should be known to the spouse/dependents with instructions to open only on death.