Tips on how to protect yourself online
Jeff Lagerquist, CTVNews.ca Staff
Published Monday, January 15, 2018 8:29PM EST
Last Updated Monday, January 15, 2018 9:56PM EST
The case of an Ontario man who allegedly earned hundreds of thousands of dollars by peddling massive troves of personal information obtained on the so-called dark web is a sobering reminder of the scale of online threats Canadians face every day.
The RCMP arrested a suspect, Jordan Evan Bloom of Thornhill, Ont., on Monday. The 27-year-old is charged with offences including trafficking in identity information, unauthorized use of a computer, mischief with data and possession of property obtained by crime.
None of the charges against him have been proven in court.
“We tend to assume that cybercrime is exclusively global, that it comes from some exotic locale. When in fact, the perpetrators could be someone whose path we’ve crossed this morning,” technology analyst Carmi Levi told CTVNews.ca. “Thornhill is as Canadian suburb as it gets. Sadly, it looks like cybercrime has come home.”
Levi offered some simple tips that anyone can use to make your information a more difficult target for hackers.
Look for a lock icon and “https”
Scanning your browser’s address bar takes about two seconds. It’s a momentary chore that could save you from falling victim to a scam.
There are two important things to look for, especially if you are entering sensitive information like a credit card number. You want the web address to begin with “https,” not “http.” The “s” stands for “secure.” Never mind what the rest means.
The second thing to look for is a lock icon.
“If that lock icon is not there, or if it shows the lock is unlocked, then you should not share any information because it is not encrypted and is not secured,” Levi said.
Look before you link
Hold your mouse over a link before you click to make sure it will take you where you expect to go.
“It may look like you are clicking a link to the Hudson’s Bay site, for example, but if you look at the link when you hover over it, it might say ‘thebay.ru.’ That’s when alarm bells should go off,” Levi said.
Rogue links, he explains, can lead to a “drive-by attack.” It’s an unexpected trip to a site infected with malware, malicious software that infects your computer.
“What happens after that is anybody’s guess,” Levi said. “It could be a key logger. It could be a virus. It could reach into your database and spam all your friends. It could even install bitcoin mining software, which will sap all of your device’s energy.”
Rogue links may even appear to have been sent by a friend on social media platforms like Facebook. Don’t fall for cleverly worded lures like, “OMG, I found this video of you.”
Update your software
The arms race between software manufacturers and cybercriminals never ends. Having the latest version of your operating system, apps and other software is the simplest way to ensure you have the latest countermeasures to defeat the newest threats.
Levi said he can’t overstate the importance of installing new versions as soon as they came out.
“It’s like driving a car without a seatbelt on,” he said. “Identity thieves target non-updated devices because they are an easy mark.”
Strengthen passwords and use enhanced security features
You don’t have to be a cybersecurity expert to know that more complex passwords are tougher to guess, but beyond avoiding “password123,” for example, it is also important to change them regularly and avoid using the same one for multiple accounts.
If remembering obscure phrases peppered with all kinds of symbols for each account is too challenging, password management services like LastPass and Dashlane can help. They keep track of your super-strong passwords so you don’t have to.
Change your email password if it’s been a while. But a website called “have i been pwned?” can also give you an idea on whether it’s time for a new one. Enter your email address to find out if it has been swept up in any reported breaches.
Levi also recommends using extra security add-ons when they are available. Two-factor authentication, for example, works by delivering a text message to your mobile device, or email, with an additional code after you enter your password. It’s a bit of a hassle, but Levi said it’s well worth it.
“That way, if thieves manage to guess your password, they have to go through another virtual lock to get to your account,” he said. “You’ve essentially slammed the door in their face.”
Be careful when logging onto public Wi-Fi
Nobody likes burning up data when a free connection is available, but criminals have been known to set up their own free networks in busy hubs that appear trustworthy at first glance.
“They are easily able to capture things like usernames and passwords when you use a rogue network to sign into your accounts,” Levi said.
Look for signs posted inside businesses that describe how to log onto their Wi-Fi or ask staff for help.
Levi recommends staying on your data plan if you’re doing something especially sensitive.
Be careful who you trust with personal details
Yes, it sounds painfully obvious. But people have become far too accustomed to filling out online forms that ask for your name, phone number and address. Always ask yourself why a website needs this information, and what they might do with it.
“If you don’t have valid answers, don’t share it in the first place,” Levi said. “We assume that just because a page looks like something we have filled out before, that it shouldn’t raise our alarm bells. It really should.”