Top 10 Daily Threats to Your Personal Security
October 21, 2013
Whether you are working on a laptop, smartphone or tablet, you are essentially exposing yourself and, more importantly, your personally identifiable information (PII) to a number of cyber threats each and every time you log in. Hackers, often with the help of malicious software, do their best to steal information from personal devices for the benefit of themselves or a third party. Most people would be shocked at the number of daily threats their devices receive from cyber space; malware alone refers to over ten different types of malicious programs, including:
- Computer Viruses
- Trojan Horses
- Rogue Security Software
However, these are not the only threats individuals face online. Below are the top ten daily cyber threats affecting personal security and these are threats all individuals should concern themselves with.
1. Spam Mail
Junk mail is a common issue many email account holders are already familiar with. However, not all spam is just plain junk, often times spam is infected with malware and hackers will send out millions of these emails a day to accounts around the world trying to get a few hits from it.
These infected messages could affect an account in a number of different ways. One way is if a user opens the spam mail, this allows the hacker to identify the email address as a valid account and also grants him/her access to the account’s password. In turn this information can be sold to a third party such as a marketing/advertising agency or, even worse, to another hacker wanting to do more damage.
Some suspicious emails may also be a part of a larger phishing scam, meaning they look like legitimate emails from vendors, such as the individual’s bank, when in fact they are really spam mail. This type of scam can threaten one’s security in a number of ways. The spam mail could ask for confidential login information such as for the user’s bank accounts or elicit other PII from unsuspecting individuals. Additionally, malware infested emails can unleash a virus that will spread more spam through to the email’s contacts or it could put the email account on an active list, meaning the user will be bombarded with more spam mail. In more extreme cases, the spam mail will open a direct malware program or a viral attack that will spread throughout and compromise the user’s device and all the information it contains.
2. Rogue Security
Many cyber threats will come to an individual masked by a false intent to help them maintain their security; this is often referred to as rogue security software. These types can be uncovered on malicious websites or through spam emails and the malware will expose itself as a pop-up anti-viral program that the user can download to “protect” their computer, when in fact it will only infect the computer with its own malicious software.
Other times, an anti-viral program will automatically appear on one’s computer, saying its “scanning” the computer for threats. These dangerous programs are known as rogue security programs and they capitalize on the user’s fear that he/she might have a computer virus by asking the computer user to pay for an anti-viral program to help clean their computer. This is a scam, usually the work of a Trojan horse or other malware from a website or email. The money one could pay goes directly to a hacker or third party trying to make a quick buck.
3. DNS Redirection
Most people when they misspell a link in their search bar will get an error message page. However, depending on how the user misspelled a popular website address, the ISP might accidentally send the user to a spam site. These spam sites are deliberately created in domain name databases to be similar to popular website names, with a few letters spelled off. Say the user wanted AmericanBank.com, but instead accidentally spelled AnericanBank.com, a crafty spammer might have developed that misspelled domain name so the user is sent to a page that bombards them with ads, pop-ups, and possible malware programs that capitalize on the user’s computer vulnerabilities.
4. Wi-Fi Vulnerabilities
Wi-Fi helps users browse the internet wirelessly or in public places. However, unsecured Wi-Fi connections or compromised Wi-Fi networks can allow a third party to browse or monitor another person’s computer.
For this reason, users should never access their bank accounts or any websites containing their PII over open Wi-Fi networks. Scammers will scan through the networks and pick up the log-in credentials users submit for online banking so that they can access the same accounts later for malicious reasons.
5. Social Media Security
The ever expanding world of social media has opened up an entirely new outlet for malicious hackers. Throughout the social networking scene, users are prompted to create detailed and public profiles of their lives. Unsurprisingly, any security compromises to a social media account can allow a third party to piece together a profile of the user mirroring their real-world existence. For example, if someone hacks a Facebook account and can see one’s hometown or work, the hacker can utilize this information into a search that could potentially allow for the user’s Social Security number or other vital information to be pieced together.
6. Weak Passwords
For any account, from social media to online banking, a user needs exceptionally strong passwords that vary significantly per site; you can learn how easy passwords can be compromised on our Basics of Password Cracking blog post. Many hackers will utilize the methods addressed on that blog to hack into a user’s accounts, including those of their online banks, emails and social media accounts. Gaining access to any of these online pages opens up even more hacking possibilities to the person who penetrated the accounts in the first place or to the other malicious hackers they sold the information to. By not taking the time to create a strong key to all of your accounts or by not changing the codes every three months, your risk of attack grows tremendously.
Ransomware is as direct as it comes. A hacker, usually capitalizing on a vulnerability found on a web browser or machine, will simply post a message that pops-up demanding money or else. The ransomware typically affects businesses, but recently more individuals are now being targeted.
Ransomware works by using the tool of fear to make users pay the criminals behind these attacks. Other times the ransomware might pretend to be an authority to scare people into doing something. For example, some hackers have pretended they are from the FBI and will post threats or incriminating statements about the individual in order to make them do what they want.
Apps are small programs that are added onto web browsers and mobile phones to help increase efficiency or add a fun program onto the system. The app market has become huge in recent years thanks to mini-computers such as smartphones and tablets and with the release of the app-friendly Windows 8 OS. However, because the market for applications has grown so rapidly, developers witnessed a push to get new user-friendly apps out as fast as possible, which led to an increased focus on design and usability while neglecting security. As a result, many of today’s apps can be easily compromised. Similarly, due to the fact the market for them is so big many malicious hackers are creating their own legitimate-looking apps which will download malware onto the device once the app has been run. Downloading some of these malicious apps can completely compromise one’s mobile device and a good deal of thought should be placed on which applications to run and which would just be safer to avoid.
9. Outside External Devices
These kinds of threats are becoming more frequent with the advent of bring-your-own-device (BYOD). BYOD is a workplace concept where workers bring their own computers and mobile devices to work. The result can be that important workplace information gets placed on unsecured devices or workers need to connect their devices on the same network as others. Like a person with a cold going into a crowded room, this can spread viral programs between computers quite quickly. Even if the devices are not connected, sharing devices like USBs in the workplace or in school can also threaten the security of a device. The USBs could harbor viral programs and students or workers could spread the programs around via the device.
Another threat that is common among BYOD organizations is that these devices will be taken outside of the secured network location and unknowing workers could easily connect to public Wi-Fi networks. As was addressed above, the dangers of connecting to unsecured locations are huge, especially when significant amounts of corporate data are at stake. One other thing to note is that hackers will commonly employ the social engineering tactic of baiting in order to spread malware to the machines of unsuspecting individuals. They do this simply by infecting a device, commonly a USB, and leaving it on the floor or somewhere in clear view with the hope that someone will pick it up and plug it into their device thus infecting it with malicious software.
10. Zero Day Threats
Nothing poses a more daily or significant threat than zero day threats. Zero day threats are viral or malicious programs that only exist for a single day. Hackers use these programs to target existing issues within an OS and applications before they have been repaired, because of this, anti-viral programs cannot record or prepare themselves for such viral assaults. These threats to personal security remain an elusive problem for programmers to solve but there are some ways you can increase your protection against them.
One way to protect against a zero-day threat is to ensure the maximum protection is configured for your firewall. Also be mindful of your usage and only launch applications that are essential; this will limit the number of vulnerabilities that you are exposed to. Also keep up with patches in order to ensure that the holes in your essential OS and applications are promptly fixed. Finally, choose an anti-virus protection with a good Host Intrusion Protection System (HIPS) that can detect a threat before it can run malicious code on your system.