Outsmart the online scammers with up-to-date security tips

It can happen to the best of us. You use your email to buy or book something, and the next thing you know, you’ve opened yourself up to all kinds of trouble.

That’s because, while we’re all got smarter about heading off online scams, cybercriminals have also got smarter about how they try to scam us.

MailGuard CEO Craig McDonald says online scammers employ tactics like phishing and impersonating big brand names to lure even normally cautious people into their web.

“Phishing is the practice of sending email to users with the purpose of tricking them into clicking on a link or revealing personal information; spear phishing and whaling are targeted phishing attacks,” McDonald explains. “Cybercriminals change their methods quickly in the hope of stealing victims’ money, passwords or other potentially lucrative personal details such as financial information.”

One of the more sophisticated ways a cybercriminal can worm their way into your personal information is by impersonating a popular brand. McDonald says people have relationships of a sort with companies or brands, which means using a familiar name is “an instant foot in the door” for scammers

“More than 25 per cent of all recipients open phishing emails and a well-executed phishing landing page can yield a success rate as high as 45 per cent according to a study by Google and the University of California.”

While most of us know to never give out any personal information like banking or credit card details to anyone who makes contact, McDonald said something as simple as revealing your email online can leave you open to an attack. 

“If you do publish your email address on the web, make it unscannable so that it can’t be harvested by bots,” he advises. “There are alternative ways to display an email address which in turn makes it hard for spambots and cybercriminals to harvest it.”

In November, a fake email claiming to be the Australian Tax Office lured recipients into clicking in what was a spam email that enabled scammers to install malicious files such as Trojans or keyloggers on their PCs. 

“A keylogger is a type of spyware that can watch and record your keystrokes,” McDonald explains. “It can see what you write in an email, what passwords you enter on a banking website, or any other information you provide online. Trojans sit quietly in the background, taking actions not authorised by the user, such as modifying, stealing, copying or even deleting data.”

He says this type of malware is particularly dangerous as people may not notice they’re running in the background on their computer, recording their actions. 

“It might not be discovered until months later, when you realise somebody has been accessing your bank account,” he warns.

There are ways you can protect yourself, though, other than using a good virus protector. McDonald recommends that you:

• Never open an attachment that is a .zip file or .exe file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus.
• Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, but that they can also come from legitimate email addresses can be easily forged
• Never respond to an unsolicited email. If unsure, report the message as ‘spam’ to your service provider, and delete it. Then delete the email from your trash to save you from accidentally opening it in the future.
• Only click on links from trusted senders. If an email has a link you don’t recognise, take a closer look by hovering your mouse over it and checking the destination in your browser. If the destination address doesn’t match the name on the link, it’s not legitimate.
• Check for spelling, grammar and syntax. Most malware, phishing scams and spam originate from foreign countries so may contain some very obvious errors.
• A reputable company or organisation will never use an email to request personal information. If you think there is a possibility it may be legitimate, type the real URL into your browser or contact the company directly.
• Reading an email in plain text rather than html can help to avoid phishing attempts, although this is not 100 percent foolproof.
• Report any suspicious or scam emails to the company that is being imitated, your email security provider, or to the government’s SCAMwatch.
• If your computer runs slowly, keeps crashing or stops responding often, this could be a sign that the computer is infected. Get an IT professional to take a look for you.
• Back up your data every single day to the cloud or on to a portable hard drive. That way, if you’re hacked, you have a separate copy of your files kept safely away from your PC.
• Utilise multi-layered defences. This includes installing anti-virus, anti-malware and anti-spyware, and using cloud-based email filtering and web filtering services. 
• Make sure you allow updates by your software provider to take effect, so that any security holes identified by the provider since you purchased the software are closed.
• Use strong passwords and keep them secret. It is also a good idea to change them on a regular basis. Don’t use the same password for multiple accounts.

Do you feel secure in your cybersecurity measures?