Mark
This month, October, it is Mental Health Awareness Week it is quite a few other weeks as well, but you are saying in America it’s Cyber Security Awareness Month.
Seamus
Yeah
Mark
And I think it’s something that we’re all aware of at the moment with security with our computers and everything else like that because hackers are around everywhere you sort of turn around and you don’t know if they’re behind you or not. So what is it all about I mean privacy security awareness, yes I think most of us can understand but hackers, how and why can they get your information.
Seamus
Yeah, and it’s a big problem – roughly 594 million people are affected by cybercrime every year, globally, that’s a lot of people. So I thought I’d just go into that if you be aware and use some correct tools you can protect yourself against hackers stealing your data, and just knowing these things, it does help you a lot. So the first one, that one of the easiest ones that they use it as in easiest for the hacker is that they “credential stuff” so what they do is, every time there’s a data breach the hackers get access to usernames and passwords of literally millions of people. And they’ll use those with special tools that will allow them to sort of flip through them, millions of times in a few minutes, and just try all sorts of random sites and random hacking details will not random sites your sites but using your details. And that the best one against that is to have strong passwords or use a password manager, but there is a site called Have I been p w n ed. And I’ll put that link in on the Boldacious website this afternoon, that will tell you if your passwords have ever been compromised, so you type in your email, and it’ll tell you how many times your passwords been compromised. So it’s quite a scary thing to put yourself in there but at least then you can know to change those passwords.
Mark
What was that website again?
Seamus
It’s called, I don’t quite know how you pronounce it but “have I been pwned. But I’ll put the link in. (https://haveibeenpwned.com/) Yeah, even if it’s just that “have I been” in your browser it’ll usually come up because it’s a large site but it’s worth checking every few months or so just to see if your email has, which will be the email and password combination, have been hacked. Sometimes guys no matter but sometimes it does depends on on the website.
Mark
Okay, so we’ve got that so we can look at security data breaches which of course mainly big businesses and government but you hear about those things happening. What about for the person who has their own home on the computer what security breaches are we looking at.
Seamus
Well, one of the ones that can probably not a lot, talk about another one quickly, which is if you’re in a public place so it either a workspace or internet cafe or something like that. There’s a thing that they call shoulder surfing, which is where someone’s actually physically looking over your shoulder and checking what password you use, and that’s the one they use in “hole in the wall” banking too, so someone will look at what you’re typing into the keypad. And then they’ll have an accomplice and as you walk away, they’ll sort of bump into you and steal your card and then they’ve got your card and your password and they can get into account. But one of the other ways is where the hackers just will attack, a lot of sites with just a whole lot of different combinations they’ve got so many, so much data now and the different combinations that they can just randomly attack sites with these tools that allow them to flip through millions of combinations of words and passwords, and a lot of WordPress sites are attacked that way. So again, if you’ve got good strong passwords, then, you’re relatively safe.
Seamus
You shouldn’t be using reusing passwords and you shouldn’t have weak passwords. Probably one that is more likely to happen in the home and the work is what they call phishing email so p h is h i n g. And that’s where an email will say it’s come from say PayPal or a big bank or something like that, and I’ll ask you to update your details, and that it will take you to another site that looks like the site you’re supposed to be going to. And it says I will you need to update your password so you update your password but basically then they’ve got your old password, and your details to get into their area. And those ones it’s just a matter of being careful when you see one that’s even slightly suspicious if it’s got a link to go and do something in the email if you roll your mouse over it you can see down the bottom left of your browser, the actual link that it’s going to. So, the link in the email says, paypal.com, and down the bottom on the bottom left of the browser will say, Iamstealingyourpassword.com, you know not to go there.
Mark
I never realised that one.
Seamus
Yeah, really, really handy if you are the slightest bit suspicious, you can do that. But some of them, there was one, a while ago where someone registered the domain, PayPal but instead of the last I, they put the number 1, so it looked almost the same as PayPal, and then they spoof the PayPal website so that looked exactly the same as the real PayPal website and conned a lot of people that way. So, you still got to be careful, but that’s a really good check.
Mark
But you also have to remember that banks will not send you an email asking you to update your details.
Seamus
Never ever will banks or any big institutions will never do that. So, if someone’s asking for that, you know it’s fraud immediately. And it’s actually a really good idea to ring the bank or the institution or email them because they also want to know that as well so they can warn their customers. So yeah, if someone asks you for your password it’s not real.
Mark
When you see those sites, you see photos of Dick Smith or Chris Hemsworth but you’ll see D Smith C Hemsworth, and that’s a big scam and people are encouraged to enter those things as well.
Seamus
And it’s just that basically, they’re cons, people trying to steal your details so the same sort of things you just, just be careful and be aware
Mark
Just quickly, I’ve heard that you see an email, and you just click on the email to open up in your browser, and it automatically puts a worm in your computer so it’s in there and then it’s following all your keystrokes.
Seamus
That’s a very nasty one, I don’t think they’re as common. And there are other ones we if you click on an image that will import stuff to computer as well. But they’re often sort of more targeted because they are more complex to set up I think it said, there’s not. As far as I know, that doesn’t happen very often. I think, yeah, all the big email providers are pretty aware and they’ll usually send those to your spam folder.
Mark
But I think we have run out of time here today, to ensure that you got good security I know with my security provider that I’ve got subscribed to it. Each year, if I end up on a site that it doesn’t think is correct it comes up with a warning.
Seamus
Yeah.
Mark
I can come out, but basically, the thing is to make sure that your security is up-to-date. The one that I like a lot, that one I’m actually putting your mouse over a link and then it comes up on the lower part of the screen that I never knew that before something I’ll keep an eye on. I’ll remember that one.
Seamus
Yeah, that’s a really handy one and really, really quite simple, you know, especially the phishing emails, most of them will have, you’ll see it’s a different link down the bottom left of your screen.
Mark
Okay, sounds good. Okay, well, we’ll have to catch you at another time.
Transcribed by https://otter.ai
Links
Have I been pwned?
https://haveibeenpwned.com/
Password Managers
Dashlane: https://www.dashlane.com/
Last Pass: https://www.lastpass.com/
Keeper: https://www.keepersecurity.com/
Leave a Reply