Don't be a victim of cyber attacks

The Government announced in Parliament that a new cyber security Bill will be introduced in 2017 to strengthen measures against online crime.
The Government announced in Parliament that a new cyber security Bill will be introduced in 2017 to strengthen measures against online crime. PHOTO: THE NEW PAPER FILE
ST ILLUSTRATION ADAM LEE

With cybercrime cases on the rise, security firms offer some tips to help online users avoid being scammed

It all started with my business card. It was all the hacker needed to start a chain of events that ended with me clicking on a dubious link on a website.

Earlier this month, I had approached security firm Trend Micro to conduct an experiment: they would attempt to hack me and my colleague, Lisabel Ting.

Unfortunately, one of us fell for the scam (see related stories: Beware, online 'friends' may be strangers and I fell for spear-phishing hook, line & sinker).

 
 

Cybercrime is on the rise; the number of such incidents almost doubled in 2015 from the previous year, according to crime statistics released by the Singapore Police Force in February.

Earlier this month, the Government announced in Parliament that a new cyber security Bill will be introduced in 2017 to strengthen measures against online crime.

The purpose of the Trend Micro experiment was to find out how easy - or difficult - it is for cyber attacks to succeed.

Trend Micro's senior research manager Ryan Flores crafted a spear-phishing e-mail that impersonated my former boss, someone I know and trust.

For Lisabel, Mr Flores had created a fake Facebook profile of her friend in order to get close to her.

Spear-phishing starts with the cyber criminal researching the target to create e-mails that appear to come from trusted sources. They could be a colleague or business partner. These e-mails may include content relevant to the target's interests or industry. Because these e-mails appear authentic, the target is more likely to download an attachment or open a link in them, which are openings for malware to be installed on your device.

For instance, cyber criminals could install a keylogger that records your key strokes to find out your passwords.

Ransomware is another form of malware used in cyber scams. "The hacker would lock the user out of his device and demand a ransom to unlock it. Personal information could also be used to blackmail the user," explained Mr Flores.

Spear-phishing is not new, but it is increasingly easy to use because of the vast amount of personal information available on social media such as Facebook and LinkedIn. These days, anything from a person's movie preferences to the home address can be found in an online search. Photos can reveal a person's social circles and travel information will show a person's location, said Intel Security's vice-president David Freer.

In fact, Singapore was ranked third globally in terms of spear-phishing attacks, according to Symantec's annual Internet Security Threats 2015 report.

The high number of spear-phishing attempts in Singapore could be because of its status as a regional financial hub, with many potential targets for cyber criminals, said Symantec's senior director Peter Sparkes.

In other words, these cyber hits could be targeted at employees in order to compromise their organisations. A high-profile example is a 2011 incident that occurred at RSA, the American security firm known for its two-factor authentication product. An RSA employee fell victim to a spear-phishing e-mail that contained malware giving the criminals remote access to his computer and company network. As a result, sensitive company data was stolen.

PROTECTING OURSELVES

To prevent yourself from becoming a victim of cyber attacks, here are five tips compiled from security experts at Symantec, Intel Security and Trend Micro:

• Keep your browser, operating system and security software updated to prevent malware from affecting your computer, in the event that you open a malicious attachment or link. But note that there are often new vulnerabilities that may not have been patched in time.

• Be cautious about sharing the details of your life on social media. Personal information, such as the name of your primary school or pet nickname may be used in security questions asked by online accounts to verify users during password recovery.

• If an online deal sounds too good to be true, it probably is. Avoid clicking on such links. Hover the mouse over the link to check if it leads to a reputable website.

• Vary the names of your e-mail accounts - do not use the same alias for multiple accounts. Each account should have its own unique and strong password (mix of alpha-numeric characters).

• Use the incognito or private browsing modes offered by browsers, especially when accessing the Internet at a public location.

A version of this article appeared in the print edition of The Straits Times on April 27, 2016, with the headline 'Don't be a victim of cyber attacks'. Print Edition | Subscribe