Things that might put you at greater risk for cybercrime, and ways to protect yourself
Impulsive online shopping, downloading music and compulsive email use — if this is you, read on
Incidents of cybercrime in Canada are on the rise. In 2017, 13,426 cases of online fraud were reported to authorities according to Statistics Canada — nearly double the number reported in 2014.
The Better Business Bureau's 2017 annual Scam Tracker report, which covers cybercrime incidents across Canada and the U.S., also cited "a dramatic increase in scams being perpetrated online, thanks to a digital landscape that has become more and more complex with the introduction of new tools and platforms."
Even if this sounds grim, it shouldn't come as much of a surprise. As we grow accustomed to sharing more and more of our personal information (and trust) with online sources, the risk of that information being used against us increases in tandem.
Who's most at risk?
A recent study out of Michigan State University showed that impulsive online shopping, downloading music and compulsive email use could be putting you at a higher risk for malware (malicious software) attacks.
According to Thomas Holt, the lead author of the research and a professor of criminal justice, these habits indicate low self-control, a trait hackers and scammers know how to abuse online.
"The internet has omnipresent risks," Holt said in a statement. "In an online space, there is constant opportunity for people with low self-control to get what they want, whether that is pirated movies or deals on consumer goods."
This jives with the Better Business Bureau's report, which showed that, across North America, the riskiest scams involve online purchases, when unwitting shoppers give their payment information over to bogus retailers.
Online purchase scams often follow the same pattern, the report says. Dubious stores will trick individuals into giving up their credit card information in return for fake merchandise, most commonly pets, clothing, cosmetics, electronics and cars, with "free trial" offers being a common sales tactic.
While we think of younger adults as being more social media–savvy, the Better Business Bureau found that young adults aged 18–24 were more likely than any other age group to fall for scams that used online means of contact. This highlights the need for better cybersecurity awareness across all age groups.
What can be done?
According to a 2015 Google study analyzing the personal security habits of cybersecurity experts versus non-experts, the most common security techniques used by experts are accessible to non-expert users, but skepticism and poor usability have stalled widespread adoption.
With that trepidation in mind, what are some simple and effective ways to beef up your digital security? Here are five straight-forward things you can do right now, including some recommendations from the Google study, minus the jargon and technical savvy:
1. Search the Have I Been Pwned database
You'll be searching for your email address to see if your login information has ever been leaked to hackers.
Between 2012 to 2016, a series of massive data breaches hit (most notably) LinkedIn, Myspace, Adobe and Yahoo, with over a billion email and password combinations going up for sale on the dark web. The Have I Been Pwned database tracks the publication of these credentials as they go online.
If your email appears on the database, it will tell you which data breach is to blame. You should immediately change your password on the breached website, and on any other website where you use the same email and password combination.
2. Get a password manager
According to Norton's 2017 Global Cyber Insights Security Report, one in five people use the same passwords across all of their online accounts.
Reusing the same password on multiple platforms puts you at risk. If a single platform you use suffers a data breach, many of your other accounts will be vulnerable.
Password managers are programs that store your passwords and generate randomized new ones as needed. Once you download the manager of your choice — 1Password, LastPass and KeePass are all popular — you'll choose one "master password" that grants you access to every account to which it's linked. The password manager will only record login information and generate a new password if you opt in while accessing a website.
3. Double check URLs and email addresses when you're asked to log in or download content
Fake websites and email addresses may ask you to provide your login or credit card information under the guise of an official source, like your bank or Facebook. In 2018, CIBC emails were some of the most commonly duplicated by phishing scammers across North America. According to France-based email security firm Vade Secure, an average of 5.3 new CIBC phishing links per day were sent out during the third quarter. Scammers use this tactic, called "phishing," to gather your data and log in using your credentials on the real website (stealing funds and private information), or to install malware onto your computer, smartphone or other device.
Whenever you're asked to log in to an account or provide credit information, it's good practice to double-check for the small lock symbol and the letters "https" ("s" for secure) to the left of the URL. These indicate that your connection is encrypted and that the website you're visiting is certified. But these two aren't completely foolproof, and the ultimate defense is always to check the URL itself. Don't log into "Fakebook" by accident!
4. Get antivirus and ad-blocker software for your computer and browser
Keep your antivirus software up to date on your computer, phone and internet browser (Avast is a good free option with protection for all three. Bitdefender Plus and Norton Antivirus are also popular).
Antivirus software doesn't offer total protection against all malware — it's only as good as the list of malware it checks for. Even as far back as 2013, analysts found that 82 per cent of malware would disappear after an hour, making it difficult for antivirus software to keep updated lists.
But that doesn't mean it isn't worth it. "Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats," wrote Brian Krebs, a cybersecurity expert and investigative journalist.
"Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication," he added.
5. Change your router password from the factory defaults
The average consumer doesn't interact much with their home router; the blinking, password-protected box in charge of distributing Wi-Fi around the house.
But it's a point of vulnerability, as the FBI and Talos found in 2018, when at least 500,000 routers in 54 countries were targeted by malware. An infected router could be used to send further malware, siphon off a user's personal information or attack critical infrastructure.
In an earlier report on router vulnerabilities, the U.S. Department of Homeland Security warned that "network devices are often easy targets," and that few residential-class routers "run antivirus, integrity-maintenance, and other security tools that help protect general purpose hosts."
What does this mean for regular users? While experts note that there isn't any simple, consumer-friendly solution to completely protect your router, changing your router password from the factory default setting is a good place to start.
Chloe Rose Stuart-Ulin is a freelance writer based in Montreal. Her most recent works on tech, gender, and finance have appeared in CBC, Quartz, and Lift.