Placeholder Content Image

How to protect yourself from cyber-scammers over the festive period

<p><em><a href="https://theconversation.com/profiles/rachael-medhurst-1408437">Rachael Medhurst</a>, <a href="https://theconversation.com/institutions/university-of-south-wales-1586">University of South Wales</a></em></p> <p>The festive season is a time for joy, family and festive cheer. However, it’s also a prime target for cybercriminals. As online shopping ramps up, so does the risk of falling prey to cyber-attacks. That’s why it’s crucial to be extra vigilant about your <a href="https://blog.tctg.co.uk/12-cyber-security-tips-of-christmas">cybersecurity</a> during this time.</p> <p>Here are some essential tips to safeguard yourself and your data during the festive period:</p> <h2>Phishing</h2> <p>Phishing is when criminals use scam emails, text messages or phone calls to trick their victims. Their <a href="https://www.ncsc.gov.uk/collection/phishing-scams">goal</a> is often to make you visit a certain website, which may download a virus on to your computer, or steal bank details or other personal data.</p> <p>This type of scam tends to <a href="https://www.egress.com/blog/phishing/holiday-phishing-scam-guide">increase</a> at this time due to the amount of people having bought or received new gadgets and technology.</p> <p>Look out for there being no direct reference to your name in any communications, with wording such as “Dear Sir/Madam” or other terms such as “valued customer” being used instead. Grammar and spelling mistakes are also often present.</p> <p>Be wary of any suspicious links or attachments within emails too, and don’t click them. It’s better to contact the company directly to check if the message is genuine. You can also <a href="https://www.ncsc.gov.uk/collection/phishing-scams">report</a> suspicious messages and phishing scams to the government’s National Cyber Security Centre.</p> <h2>Shopping safely online</h2> <p>The convenience of online shopping is undeniable, especially during the festive season. However, it’s crucial to prioritise your security when buying online.</p> <p>Before entering your personal and financial information on any website, ensure it’s legitimate and secure. Look for the “https” in the address bar and a <a href="https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-the-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581">padlock</a> icon, which indicates a secure and encrypted connection.</p> <p>When creating passwords for online shopping accounts, use strong, unique combinations of letters, numbers and symbols. Avoid using the same password for multiple accounts, as a breach on one site could compromise all your others.</p> <p>As with shopping in the real world, be cautious when encountering offers that are significantly below usual prices or which make extravagant promises. Always conduct thorough research on the seller and product before making a purchase. If a deal seems too good to be true, it probably is.</p> <p>And if you are out shopping in towns or city centres, there will often be a large number of public wifi options available to you. However, criminals can intercept the data that is transferred across such open and unsecured wifi. So, avoid using public wifi where possible, especially when conducting any financial transactions.</p> <h2>Social media</h2> <p>While social media platforms provide people with a means to keep in touch with family and friends over the festive period, they are often a goldmine for <a href="https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-social-media-scam-aMtwF3u1XKGt">scams</a> and malware (software designed to disrupt, damage or gain unauthorised access to a computer). In the spirit of the festive season, people often share an abundance of personal information on social media, often without considering the potential consequences.</p> <p>This trove of data can make people vulnerable to cyber-attacks. Scammers can exploit this information to gain unauthorised access to social media accounts, steal personal information, or even commit identity theft. To protect yourself, be mindful of what you share.</p> <p>Be wary when interacting with posts and direct messages, especially if they contain suspicious links or attachments. Before clicking on anything, hover over the link to verify its destination. If it shows a website you don’t recognise or seems unrelated to the message, do not click on it. If you receive a message from someone you know but the content seems strange or out of character, contact them directly through a trusted channel to verify its authenticity.</p> <p>Likewise, be wary of messages containing urgent requests for money or personal information from businesses. Genuine organisations will never solicit sensitive details through social media.</p> <p>There are many buy and sell platforms available on social media. But while such platforms can be a great place to find a unique gift, it is also important to remember that not all sellers may be legitimate. So, it’s vital that you don’t share your bank details. If the seller sends a link to purchase the item, do not use it. When meeting to collect an item, it’s generally safer to use cash rather than transferring funds electronically.</p> <figure><iframe src="https://www.youtube.com/embed/aO858HyFbKI?wmode=transparent&amp;start=0" width="440" height="260" frameborder="0" allowfullscreen="allowfullscreen"></iframe><figcaption><span class="caption">Advice for staying safe online.</span></figcaption></figure> <h2>Package delivery scams</h2> <p>As well as being a time for giving and receiving gifts, the festive season is also ripe for cybercriminals to exploit the excitement surrounding <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/scams-linked-to-parcel-deliveries-come-top-in-2023/">package deliveries</a>.</p> <p>Scammers often pose as legitimate delivery companies, sending emails or text messages claiming that a delivery attempt was unsuccessful or requiring additional fees for processing, or even customs clearance. Typically, these messages contain links or phone numbers that, when clicked or called, lead to fake websites or automated phone systems designed to collect personal information or payments.</p> <p>To protect yourself, always verify the legitimacy of any delivery notifications you receive. Check the sender’s email address or phone number against the official contact information for the delivery company. If the information doesn’t match or seems suspicious, don’t click any links or provide personal details.</p> <p>Legitimate delivery companies will never ask for upfront payment or sensitive information through unsolicited messages or calls.</p> <p>Remember, cybercriminals are skilled at manipulating the festive spirit to their advantage. Stay vigilant, exercise caution, and don’t let your excitement for gifts and deliveries compromise your cybersecurity.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/218294/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><a href="https://theconversation.com/profiles/rachael-medhurst-1408437"><em>Rachael Medhurst</em></a><em>, Course Leader and Senior Lecturer in Cyber Security NCSA, <a href="https://theconversation.com/institutions/university-of-south-wales-1586">University of South Wales</a></em></p> <p><em>Image credits: Getty Images </em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/how-to-protect-yourself-from-cyber-scammers-over-the-festive-period-218294">original article</a>.</em></p>

Money & Banking

Placeholder Content Image

Just 25% of businesses are insured against cyber attacks. Here’s why

<p>In the past financial year, the Australian Cyber Security Centre received <a href="https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022" target="_blank" rel="noopener">76,000 cyber-crime reports</a> – on average, one every seven minutes. The year before, it was a report every eight minutes. The year before that, every ten minutes.</p> <p>The growth of cyber crime means it is now arguably the <a href="https://www.aon.com/2021-global-risk-management-survey/index.html" target="_blank" rel="noopener">top risk facing any business</a> with an online presence. One successful cyber attack is all it takes to ruin an organisation’s reputation and bottom line. The estimated cost to the Australian economy in <a href="https://www.unsw.adfa.edu.au/newsroom/news/cybercrime-estimated-42-billion-cost-australian-economy" target="_blank" rel="noopener">2021 was $42 billion</a>.</p> <p>To protect itself (and its customers), a business has three main options. It can limit the amount of sensitive data it stores. It can take greater care to protect the data it does store. And it can insure itself against the consequences of a cyber attack.</p> <p>Cyber-insurance is a broad term for insurance policies that address losses as a result of a computer-based attack or malfunction of a firm’s information technology systems. This can include costs associated with business interruptions, responding to the incident and paying relevant fines and penalties.</p> <p>The global cyber-insurance market is now worth an estimated US$9 billion (A$13.9 billion). It is tipped to grow to <a href="https://www.munichre.com/content/dam/munichre/contentlounge/website-pieces/documents/MunichRe-Topics-Cyber-Whitepaper-2022.pdf/_jcr_content/renditions/original./MunichRe-Topics-Cyber-Whitepaper-2022.pdf" target="_blank" rel="noopener">US$22 billion by 2025</a>.</p> <p>But a big part of this growth reflects escalating premium costs – in Australia they increased more <a href="https://www.insurancebusinessmag.com/au/news/cyber/whats-driving-up-cyber-insurance-premiums-in-australia-417542.aspx" target="_blank" rel="noopener">than 80% in 2021</a> – rather than more business taking up insurance.</p> <p>So coverage rates are growing slowly, with about 75% of all businesses in Australia having no cyber-insurance, according to 2021 figures from the <a href="https://insurancecouncil.com.au/wp-content/uploads/2022/03/Cyber-Insurance_March2022-final.pdf" target="_blank" rel="noopener">Insurance Council of Australia</a>.</p> <p><strong>Challenges in pricing cyber-insurance</strong>&lt;/p</p> <p>With cyber-insurance still in its infancy, insurers face significant complexities in quantifying cyber risk pricing premiums accordingly – high enough for the insurers not to lose money, but as competitive as possible to encourage greater uptake.</p> <p>A 2018 assessment of the cyber-insurance market by the <a href="https://www.cisa.gov/sites/default/files/publications/20_0210_cisa_oce_cyber_insurance_market_assessment.pdf" target="_blank" rel="noopener">US Cybersecurity and Infrastructure Security Agency</a> identified three major challenges: lack of data, methodological limitations, and lack of information sharing.</p> <p>Lack of historical loss data means insurers are hampered in accurately predicting risks and costs.</p> <p>Because of the relative newness of cyber crime, many insurers use risk-assessment methodologies derived from more established insurance markets <a href="https://www.rand.org/pubs/external_publications/EP67850.html" target="_blank" rel="noopener">such as for car, house and contents</a>. These markets, however, are not analogous to cyber crime.</p> <p>Companies may be hesitant to disclose information about cyber incidents, unless required to do so. Insurance carriers are reluctant to share data pertaining to damage and claims.</p> <p>This makes it hard to create effective risk models that can calculate and predict the likelihood and cost of future incidents.</p> <p><strong>So what needs to be done?</strong></p> <p>Deakin University’s <a href="https://cybercentre.org.au/" target="_blank" rel="noopener">Centre for Cyber Security Research and Innovation</a> has been working with insurance companies to understand what must be done to improve premium and risks models pertaining to cyber insurance.</p> <p>Here is what we have found so far.</p> <p>First, greater transparency is needed around cyber-related incidents and insurance to help remedy the lack of data and information sharing.</p> <p>The federal government has taken two steps in the right direction on this.</p> <p>One is the <a href="https://www.accc.gov.au/focus-areas/consumer-data-right-cdr-0" target="_blank" rel="noopener">Consumer Data Right</a>, which provides guidelines on how service providers must share data about customers. This came into effect in mid-2021.</p> <p>The other is the government’s proposal to amend <a href="https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6940" target="_blank" rel="noopener">privacy legislation</a> to increase penalties for breaches and give the Privacy Commissioner new powers.</p> <p>Second, insurers must find better ways to measure the financial value and worth of the data that organisations hold.</p> <p>The primary asset covered by cyber insurance is the data itself. But there is no concrete measure of how that data is worth.</p> <p>The recent Optus and Medibank Private data breaches provide clear examples. The Optus event affected millions more people than the Medibank Private hack, but the Medibank Private data includes <a href="https://www.afr.com/technology/privacy-fallout-from-medibank-hack-will-be-widespread-20221023-p5bs75" target="_blank" rel="noopener">sensitive medical data</a> that, in principle, is worth far more than data regarding just your personal identity.</p> <p>Without an accurate way to measure the financial value of data, it is difficult to determine the appropriate premium costs and coverage.</p> <p>Cyber insurance is a new, specialised market with significant uncertainty. Given the ever-increasing risks to individuals, organisations and society, it is imperative that insurers develop robust and reliable risk-based models as soon as possible.</p> <p>This will require a consolidated effort between cyber-security experts, accountants and actuaries, insurance professionals and policymakers.<img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/193533/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /></p> <p><em>Writen by Jongkil Jay Jeong and Robin Doss. Republished with permission from <a href="https://theconversation.com/just-25-of-businesses-are-insured-against-cyber-attacks-heres-why-193533" target="_blank" rel="noopener">The Conversation</a>.</em></p> <p><em>Image: Getty Images</em></p>

Money & Banking

Placeholder Content Image

What is ransomware and how is it dealt with?

<div> <div class="copy"> <h3>What is ransomware?</h3> <p>Ransomware is a type of malicious software – AKA malware – that infects and takes control of a device. It blocks access to files or even whole devices, and then sends a message demanding a ransom to grant access to those files.</p> <p>This is a common form of cybercrime that has recently affected <a rel="noreferrer noopener" href="https://www.afr.com/policy/health-and-education/unisa-cyber-attack-hits-staff-email-20210519-p57td5" target="_blank">universities</a>, <a rel="noreferrer noopener" href="https://www.stuff.co.nz/national/health/125294482/cyber-attack-waikato-dhb-counting-ransomware-cost-but-it-remains-to-be-tallied" target="_blank">hospitals</a> and <a rel="noreferrer noopener" href="https://www.abc.net.au/news/2021-06-02/fbi-investigating-jbs-meatworks-ransomwear-cyber-attack/100183376" target="_blank">meatworks</a>. Because it blocks vital data from being accessed, it can <a rel="noreferrer noopener" href="https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/" target="_blank">massively disrupt</a> organisations that use the shared networks and/or the internet – which is, well, everyone at this point.</p> <h3>How does ransomware work?</h3> <p>Malware is infectious software that will download onto a computer, phone or other device. It can be shared though phishing emails, links in messages or other online locations, or fake download buttons. Sometimes it can be difficult to tell whether a link or button is malicious in the first place.</p> <p>When the fake link is clicked, the malware automatically downloads and then hunts through the system or network to identify important data. The software can lock the device or files with a new password, or encrypt files with a secret key, preventing access.</p> <p>This can be exacerbated because malware can be accompanied by social-engineering tools that trick you into granting admin access, or it can exploit security holes to dive into the important files and software on the computer without even needing to get ‘permission’.</p> <p>There are <a rel="noreferrer noopener" href="https://resources.infosecinstitute.com/topic/a-brief-summary-of-encryption-method-used-in-widespread-ransomware/#gref" target="_blank">many ways of encrypting files</a>, but the point is to prevent user access with computer algorithms. Without an up-to-date backup, this data is essentially lost.</p> <p>The user will then often see a ransom note in the form of a message demanding (usually) money to lift the password or encryption.</p> <p>Of course, paying the ransom doesn’t mean the cyber-criminal will actually lift the encryption, and if you have paid up once, there is incentive for the criminal to do it again.</p> <p><iframe title="vimeo-player" src="https://player.vimeo.com/video/497805836" allowfullscreen="" width="640" height="360" frameborder="0"></iframe></p> <p class="caption"><em>Credit: cyber.gov.au</em></p> <p>The real kicker here is that the infectious software can gain access to a whole network of connected devices, even if it has been downloaded on just one computer – which means businesses that have shared data can be completely prevented for accessing anything<em>, </em>including saved files, emails and user profiles.</p> <p>There is no simple explanation of how the programming works – it is complex software engineering that can be continuously updated, and there are <a rel="noreferrer noopener" href="https://www.unitrends.com/solutions/ransomware-education" target="_blank">different examples</a> that can be spread and downloaded in ways the suit the attacker.</p> <h3>What does ransomware look like?</h3> <p>Because malware can pop up in almost anywhere, it is often hard to identify.</p> <p>A lot of ransomware is designed to look like something real, such as a casual email attachment, something shared via social media, or a website that looks <em>almost </em>like a real website you wanted to visit, but has a few different letters in the URL.</p> <p>in one sneaky approach, the attacker can even pretend to be somebody from law enforcement who is “stopping another cybercrime” that they accuse you of, and then demand a fine from you – but there are easier ways to get access to a device.</p> <p>The main thing to remember is that a lot of phishing can be prevented by not clicking suspicious links. Just a little life hack on how not to get hacked.</p> <p><iframe src="https://giphy.com/embed/MM0Jrc8BHKx3y" width="480" height="270" frameborder="0" class="giphy-embed" allowfullscreen=""></iframe></p> <p><a rel="noopener" href="https://giphy.com/gifs/hacker-MM0Jrc8BHKx3y" target="_blank">via GIPHY</a></p> <h3>Who is committing ransomware cybercrimes?</h3> <p>More seriously, this in an increasingly big business – between ransoms paid, loss of data and downtime, costs of recovery, and other security and investigations, ransomware attacks cost the world <a rel="noreferrer noopener" href="https://cybersecurityventures.com/ransomware-damage-report-2017-part-2/" target="_blank">$5 billion in 2017</a>.</p> <p>Cybercriminals are often individuals or work in teams or networks, but there are also <a rel="noreferrer noopener" href="https://cosmosmagazine.com/people/society/cybercrime-can-be-a-tough-game/" target="_blank">crimeware-as-a-service</a> groups that essentially operate as a business.</p> <h3>What cybersecurity measures need to be in place?</h3> <p>Technology develops so quickly that defenders and attackers can get stuck in an arms race, so cybersecurity and trained professionals are <a rel="noreferrer noopener" href="https://cosmosmagazine.com/technology/ai/cosmos-briefing-intelligent-manufacturing/" target="_blank">absolutely essential</a> to an online world, especially as we begin to incorporate more AI and machine learning into our manufacturing. Once ransomware is in a network, it’s extremely hard to remove.</p> <div class="twitter-tweet twitter-tweet-rendered" style="display: flex; max-width: 550px; width: 100%; margin-top: 10px; margin-bottom: 10px;"><iframe id="twitter-widget-0" scrolling="no" frameborder="0" allowtransparency="true" allowfullscreen="true" class="" style="position: static; visibility: visible; width: 551px; height: 389px; display: block; flex-grow: 1;" title="Twitter Tweet" src="https://platform.twitter.com/embed/Tweet.html?creatorScreenName=CosmosMagazine&amp;dnt=false&amp;embedId=twitter-widget-0&amp;features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&amp;frame=false&amp;hideCard=false&amp;hideThread=false&amp;id=1399844326855880704&amp;lang=en&amp;origin=https%3A%2F%2Fcosmosmagazine.com%2Ftechnology%2Fwhat-is-ransomware-and-how-is-it-dealt-with%2F&amp;sessionId=1edacffebc49fba152bed8435892b99ad3545164&amp;siteScreenName=CosmosMagazine&amp;theme=light&amp;widgetsVersion=fcb1942%3A1632982954711&amp;width=550px" data-tweet-id="1399844326855880704"></iframe></div> <p>First and foremost, <strong>keep backups</strong>. If all your files get encrypted but you have another offline backup, it’s simple to restore your data.</p> <p><strong>Always keep your malware security up to date</strong>. Attackers obviously try to get around this security, but it is a whole lot better than having none at all. Many companies test their systems with <a rel="noreferrer noopener" href="https://us.norton.com/internetsecurity-emerging-threats-what-is-the-difference-between-black-white-and-grey-hat-hackers.html" target="_blank">white hat hackers</a>, who attempt to hack their systems to recognise – and fix – the security flaws.</p> <p>Teaching people to recognise <a rel="noreferrer noopener" href="https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams" target="_blank">phishing emails</a> and be cautious about suspicious sites and links is also necessary, but it can only go so far, because phishing material is constantly being ‘improved’ to blend in better. Don’t click on links or open attachments if you don’t know the sender of the email. A lot of these emails suggest you need to make a payment, have breached some sort of contract, or pretend to have blocked access to an account.</p> <p>Because ransomware secretly searches your device, there can be a delay between when a link is clicked and when files are encrypted. There is a rise in predictive analytics and machine learning to help detect this suspicious behaviour and shut it down early.</p> <p>And finally, if you do get attacked, <a rel="noreferrer noopener" href="https://www.cyber.gov.au/ransomware#:~:text=Ransomware%20is%20a%20type%20of,to%20get%20back%20your%20access." target="_blank">don’t pay up</a>, because it’s likely to make you seem like an easy target in the future.</p> <h2><strong>Q&amp;A with a cybersecurity expert</strong></h2> <p>We asked Diep Ngyuen, Senior Lecturer in the Faculty of Engineering and Information Technology at UTS, for a little more depth. This is what they said</p> <h3>How can a cyber-attack effect a whole network?</h3> <p>Cyber attacks target either to bring down networks/systems (make them malfunction) or to compromise the information access authority or integrity.</p> <p>Although the former is often closer and easier to understand to most people, the latter is more popular and the major target of most daily life cyber attacks.</p> <p>For example, DoS (Denial-of-Service) attacks can make a network or service inaccessible for some time, disrupting corporates’ functioning or business. These types of attacks can be easily detected.</p> <p>However, cybercrimes often target high-value information and attempt to illegally access it or even alter the information.</p> <p>The information authority or integrity attacks are more difficult to be detected but their consequences can be very damaging, even much worse than the DoS attacks.</p> <h3>What are some common cybersecurity precautions?</h3> <p>To prevent or reduce risks from cyber attacks, IT core engineers/experts and daily users can take different approaches. However, these approaches all aim to early detect cyber threats, then effectively protect or cure the systems when the attacks really happen.</p> <p>One of the most common precautions [is] to avoid using services/websites, apps, hardware from non-certified or low-reputation sources/providers. These systems often have back doors or vulnerable loopholes that can be leveraged by cybercrimes.</p> <p>The second precaution would be to update and follow security recommendations from governments and experts, e.g., using multi-factor authentication methods, not to share or be cautious on sharing personal/private information like Date of Birth, photos, [etc] on open platforms (even social media).</p> <p>The last, but not least, is to become more aware of cyber threats/risks before deciding to take any action (e.g., do you understand the risk of using Apple pay or using activity trackers?).</p> <h3>How has cyber security changed over the last decade?</h3> <p>Cyber security landscape has been changing dramatically over the last 10 years. This is because of the penetration of IT to every corner of our daily life, from working, entertaining, to sleeping.</p> <p>This is also because of the ever-growing advances in attacks and their countermeasures. In comparison with 10 years ago, the number of connecting devices today has been increased by multiple times.On average, each person now would have more than a few connecting devices (e.g., phones, activity trackers, laptops, sensors at home).</p> <p>These devices, [while they] bring us lots of conveniences, are making us more vulnerable to cyber threats when they are attacked or compromised. More importantly, most of these newly added devices (e.g., in Internet of Things) are limited in computing and storage capability or referred to as low-end devices in cyber security. They are more susceptible to cyber threats.</p> <p>The advances in machine learning and AI also empower cybercrimes, allowing them to launch larger scale and more damaging attacks.</p> <em>Image credit: Shutterstock                         <!-- Start of tracking content syndication. Please do not remove this section as it allows us to keep track of republished articles --> <img id="cosmos-post-tracker" style="opacity: 0; height: 1px!important; width: 1px!important; border: 0!important; position: absolute!important; z-index: -1!important;" src="https://syndication.cosmosmagazine.com/?id=154123&amp;title=What+is+ransomware+and+how+is+it+dealt+with%3F" alt="" width="1" height="1" /> <!-- End of tracking content syndication -->          </em></div> <div id="contributors"> <p><em>This article was originally published on <a rel="noopener" href="https://cosmosmagazine.com/technology/what-is-ransomware-and-how-is-it-dealt-with/" target="_blank">cosmosmagazine.com</a> and was written by Deborah Devis. </em></p> </div> </div>

Technology

Placeholder Content Image

Michael Buble admits he’s received “a lot” of death threats following controversy

<p><span>Michael Buble has admitted he and his wife were targeted by disgruntled fans after a video showing the singer nudging his partner with his elbow sparked a major controversy.</span><br /><br /><span>The Canadian star appeared alongside Luisana Lopilato on Instagram to chat to fans back in April.</span><br /><br /><span>However many supporters became concerned when he appeared to interrupt and grab her.</span><br /><br /><span>The singer's representative put out a statement calling the controversy "a failed effort of cyber bullying".</span><br /><br /><span>Speaking on Argentinian TV show Intrusos, Luisana revealed that while the couple received support over stories surrounding the event, there were a lot of hateful comments too.</span><br /><br /><span>"We received a lot of love from people but you wouldn't believe the amount of people who sent me photos with weapons saying they were going to kill Mike when he reached Argentina, photos of knives from people laughing and saying they were going to cut off his fingers, leave a bomb for us or give him a beating," she said.</span><br /><br /><span>"It made me afraid and I still feel a little bit frightened."</span><br /><br /><span>Luisana went on to add: "It's not nice to receive death threats. There were a lot of threats. The positive messages we received outnumbered them but I am worried for my family. I suffered a lot with what happened."</span><br /><br /><span>"It caused Mike a lot of pain too. He loves Argentina and he loves being with me in Argentina when I'm working.</span><br /><br /><span>"He loves the friends he has in Argentina. Can you imagine what it feels like to receive a photo from Argentina of a youngster holding a weapon and the warning: 'This is what you're going to get when you come here!'"</span><br /><br /><span>Buble says he is the victim of a “fake news” campaign.</span><br /><br /><span>"Mike is a gentleman who is always concerned with trying to make me even more happy than I already am,” Luisana said.</span></p>

Beauty & Style

Placeholder Content Image

Why password sharing is becoming more common

<p>You'd forgive me for being perturbed when I recently noticed someone accessing their partner's smartphone using their fingerprint.</p> <p>Knowing your loved one's passcode for reasons of occasional access to their phone – say, when they are driving – is one thing. Having your fingerprint pre-loaded on their phone so it can be scanned for instant access? That tells me you're either way too close, or don't have enough trust in each other.</p> <p>Yet the sharing of passwords is common in most households. A Pew Research study found that 67 per cent of couples in committed relationships have shared passwords.</p> <p>Sharing passwords and other login details on everything from social media to streaming services makes sense for a lot of couples. It's probably out of convenience: sometimes your partner will ask you to log on to their computer and find an email, others you might want to buy and stream a movie on Google Play and you only have one account between you.</p> <p>The reality of password sharing is that 95 per cent of us share up to six passwords with others, according to password management service LastPass.</p> <p>The most commonly shared passwords are for wi-fi networks (58 per cent), followed closely by TV/film streaming accounts (48 per cent), financial accounts like online banking (43 per cent), and e-mail addresses (39 per cent).</p> <p>Who's doing this password sharing? Time magazine data says it matters little what age you are. Sixty-four percent of 18-29-year-olds share passwords, compared with 70 per cent of 30-49-year-olds, 66 per cent of 50-64-year-olds, and 69 per cent of people 65-plus.</p> <p>From an interpersonal point of view, the sharing of passwords likely means you have nothing to hide, and that's usually a good thing. From a privacy and security perspective, it also means you're ignoring a lot of risks.</p> <p>While 74 per cent of passwords are shared verbally, 15 per cent are shared by pen and paper, 5.8 per cent by text, and 4.4 per cent by e-mail. Only two per cent are shared using secure password sharing services.</p> <p>What's more, although 73 per cent of people agree that password sharing is risky, that same 73 per cent are unlikely to change a password after sharing it with someone.</p> <p>That's extremely problematic when it comes to the kind of data that is available over one's wi-fi network or financial accounts, and even more so because 59 per cent of people re-use their passwords across different online accounts.</p> <p>That means, giving somebody your Netflix password could likely mean you've given them your Twitter login and iTunes password, too.</p> <p>When it comes to sharing passwords amongst people who don't live in the same households, Reuters/Ipsos research suggests not many of us do it, but it does happen.</p> <p>Just 12 per cent of adults overall password-share for TV/film streaming services in this way, although 24 per cent of young people 18-24 do it.</p> <p>In the fine print of most tech companies' terms and conditions, there's often a stipulation that you're agreeing that only you will use that account. But this is something there's no policing on, and many services allow multiple access from different locations at one time without issues.</p> <p>From a personal perspective, there's only one area in my life where I share passwords - paywalled news sites.</p> <p>I have a group of about five friends and all of us subscribe to a different international outlet (they're usually around $10-15 a month), so we're all getting a "pay for one, get access to five" ad-hoc deal.</p> <p>Rationally, none of us would subscribe to all services and pay over $50 a month for our online news. At least we're paying something for quality journalism, we argue, and we are still being served up advertising on paywalled sites and aren't getting a completely free ride.</p> <p>The method we do this is theoretically the safest way to share passwords, if there is such a thing, and – if you're going to share any kind of them – how I'd advise you do proceed.</p> <p>We create a unique password for every service that does not feature elsewhere in anybody's digital lives. It's for that service, and that one only. Passwords are shared only in person, not via digital communication, and changed regularly.</p> <p>If we were to really take security seriously, though, we all acknowledge that what we're doing still counts as unsafe online behaviour and we shouldn't be doing it at all.</p> <p>Do you share passwords with your loved ones?</p> <p><em>Written by Lee Suckling. First appeared on <a href="http://Stuff.co.nz" target="_blank"><strong><span style="text-decoration: underline;">Stuff.co.nz</span></strong></a>.</em></p>

Technology

Placeholder Content Image

12 cybersecurity tips to keep your computer safe and secure

<p>So it looks as if the CIA could potentially break into most smartphone or computer networks, at least according to the stolen documents released by WikiLeaks last week.</p> <p>Whether you have anything to hide or not, it's a good reminder that in a digital age, keeping your life private requires some work.</p> <p>Here's a list of nine things everyone should be doing already to keep their information relatively confidential, plus four more for the truly paranoid.</p> <p><strong>1. Don't get phished</strong></p> <p>The most common way the CIA's cyber tools, and hackers for that matter, get into your devices are via phishing emails or texts. These are created to look like they're from a friend or trusted sender (say your bank or a software company) and contain a link they try to trick you into clicking on.</p> <p>Doing so loads software onto your computer, tablet or smartphone that allows the spies, or hackers, in. Once there, they can install any number of programs that allow them to spy on you and steal data. The CIA documents describe programs that can search through emails, contacts, texts and photos and send them from your device without your knowing it.</p> <p>All of this is why you want to be very careful about what emails you open and what links you click. Hackers, and presumably the CIA, are good at creating realistic-looking emails that entice you to click on dangerous links. Double and triple check before you click on links sent via email or texts. When in doubt, don't click on the link but instead go to the actual website it claims to be from.</p> <p><strong>2. Turn on two-factor authentication</strong></p> <p>This is that annoying step that comes after typing in your password. It sends a code to your smart phone or a landline or sometimes email. You input the code - the second factor in the authentication process - and you're good to go.</p> <p>While it seems like a hassle, it's actually an extremely powerful way to keep anyone but you from getting into your accounts. They'd have to not only have stolen your ID and login but also your phone.</p> <p>You should turn two-factor authentication on for every app, program and device for which it's available. It's a small hoop for you to jump through but an enormous wall for hackers, and would-be spies, to overcome.</p> <p><strong>3. Use only secure web browsers</strong></p> <p>Look for websites that use the secure version of the web protocol. You can tell by looking at the URL, which should start with HTTPS rather than simply HTTP. It stands for Hypertext Transfer Protocol Secure and keeps malicious third parties from inserting code onto the site.</p> <p><strong>4. Use strong passwords</strong></p> <p>There are weak passwords and then there are crazy weak passwords. According to a survey by Keeper, which makes password management software, 17 per cent of users have 123456 as their password, followed by 123456789 and qwerty. At least put up a fight! Choose strong passwords or sign up for a password management program that will create them for you.</p> <p><strong>5. Install a modern operating system</strong></p> <p>Many of the vulnerabilities detailed in the WikiLeaks documents are older and target dated systems. It's entirely possible that the CIA has newer tools for newer programs, but we don't know. What we do know is that the longer an operating system or program is around, the more vulnerabilities in it that are found and exploited. So use the most recent version of whatever operating system you prefer (Microsoft, Apple or Linux generally) and when a new one comes out, don't wait forever to switch.</p> <p><strong>6. Install security updates and patches</strong></p> <p>When you get a new phone or computer or install a new system, set it up to automatically update with security patches. If there's no automatic update available, check periodically to see if anything new is available.</p> <p><strong>7. Use a security program</strong></p> <p>There are many out there, from free to ones you pay for. While it's unlikely they'd keep the CIA out of your system, they'll do a good job of keeping run-of-the-mill hackers away, and might make it a little harder for spies to get to you.</p> <p><strong>8. Use encrypted messaging software</strong></p> <p>There's no evidence the CIA was using the tools described in the WikiLeaks documents to spy on Americans, which would be illegal under U.S. law as the CIA can't operate within the United States. That said, if you really want to keep your life confidential, here are a few more things you can do.</p> <p>Popular programs include Signal, Telegram and WhatsApp. The WikiLeaks documents claimed that the CIA had a program that allowed it to see what users were typing on certain phones running the Android operating system, but they hadn't been able to break the encryption of the programs themselves.</p> <p><strong>9. Install a camera cover</strong></p> <p>This keeps anyone from being able to surreptitiously turn on your camera and use it to record you. At hacker conferences it's common to see little bits of paper taped over computer cameras, or little plastic sliding covers that allow them to close off the lens when they're not using it. It's a low-tech fix for a high-tech problem.</p> <p><strong>10. Use a landline</strong></p> <p>Making a call on a land line is more secure than making a call on a cell phone. It also doesn't leave a digital trail as texts or email do.</p> <p><strong>11. Unplug and turn off your devices</strong></p> <p>For the truly paranoid, the best way to make sure the devices that surround you aren't spying on you is to unplug them or turn them off.</p> <p><strong>12. Finally, think about what you're giving away for free</strong></p> <p>All of this raises a simple question - how much information do you voluntarily turn over to websites, apps and online services every day? Remember that no is always an option, though it sometimes means foregoing convenience for privacy.</p> <p>Do you think you’ll follow any of these cyber-security tips?</p> <p><em>Written by Elizabeth Weise. First appeared on <a href="http://www.stuff.co.nz/" target="_blank"><strong><span style="text-decoration: underline;">Stuff.co.nz</span></strong></a>. </em></p>

Technology

Placeholder Content Image

Grim warning as cyber-crime continues to rise

<p>Barely a day seems to pass without hearing about a <a href="http://www.oversixty.com.au/finance/money-banking/2017/03/accc-warns-fake-online-stores-are-targeting-shoppers/"><span style="text-decoration: underline;"><strong>brand-new internet scam</strong></span></a> lurking in our inboxes, and if a recent report from online security company Symantec is anything to go by, the threat of cyber-crime is only going to get worse.</p> <p>The Symantec Annual Threat Report highlighted both the<a href="http://www.oversixty.com.au/news/news/2017/04/accc-warns-about-new-internet-scam/"><span style="text-decoration: underline;"><strong> growing number of instances of cybercrime</strong></span></a> and the increasing sophistication of the scams.  </p> <p>Symantec security expert Nick Savvides said email attacks were at their highest level in five years, with one in every 121 emails expected to contain a malicious link or attachment.</p> <p>Mr Savvides told <a href="http://www.News.com.au" target="_blank"><em><span style="text-decoration: underline;"><strong>News.com.au</strong></span></em></a>, “The cyber-criminals wouldn’t use this method if it wasn’t successful and they are always improving the content of their emails to make them very convincing.</p> <p>“For example, while many people have learned that the federal police will never send you a speeding fine by email, pretty much every Australian is buying goods online, so the fake invoice, fake delivery docket or parcel pick up emails can be very convincing.”</p> <p>So how do we avoid these common internet scams? Well, Symantec have offered a few tips to help keep your computer clear of any malicious online viruses.</p> <ol> <li>Change the default passwords on your devices and services.</li> <li>Keep your operating system and software up to date.</li> <li>Be extra careful on email.</li> <li>Back up your files.</li> </ol> <p>Have you ever fallen victim to cyber-crime? If so, how did you cope?</p>

Money & Banking

Placeholder Content Image

3 personal details you should never post on Facebook

<p>While the whole point of social media sites like Facebook is to share your life with others, some details are better left kept to yourself. Here are three personal details you should always keep private.</p> <p><strong>1. Phone number</strong></p> <p>Never add your home or mobile number to your Facebook page (even when Facebook asks you too). Not only will this make you a target for prank callers, scammers and identity thieves, it also make you easily searchable online. There’s a Facebook search feature that means anyone can use your phone number to find your Facebook page.</p> <p><strong>2. Home address</strong></p> <p>Never post your home address onto Facebook or “check-in” at home or post a clearly identifiable photo of your home location. There have been real-life cases where people have posted holiday snaps or expensive purchase on Facebook only to find that these pictures have helped thieves target their homes.</p> <p><strong>3. Payment information</strong></p> <p>Sometimes Facebook asks for payment details (like your credit card) so you can buy gift cards or other products straight through the social media site. It might be convenient, but not if your account is hacked. Furthermore, if you often leave your Facebook account logged in, someone else (like a small grandchild) could accidentally purchase something on your account.</p> <p><strong>Related links:</strong></p> <p><span style="text-decoration: underline;"><em><strong><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/myths-about-facebook/">3 myths about Facebook busted</a></strong></em></span></p> <p><span style="text-decoration: underline;"><em><strong><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/great-tip-for-using-youtube/">YouTube tips you didn’t know</a></strong></em></span></p> <p><span style="text-decoration: underline;"><em><strong><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/tips-for-using-tablets/">Ingenious tips and tricks for using your tablet</a></strong></em></span></p>

Technology

Placeholder Content Image

The biggest cybersecurity threats of 2016

<p>Security service vendor Proofpoint have revealed their predictions for the biggest cybersecurity threats this year.</p> <p>According to Proofpoint, cybercriminals will move with the times, no longer using the widely-known format of malicious document attachments. Instead they’ll target the human factor, or in other words, mankind’s natural curiosity to click on the internet.</p> <p>“Our six 2016 predictions all have one theme in common — cybercriminals are targeting the people behind devices and are looking to capitalise on their willingness to click,” vice president of Threat Operations at Proofpoint Kevin Epstein told news.com.au.</p> <p>With a growing number of social media accounts distributing harmful software in 2015, Proofpoint expects the incidents of malware to increase in 2016 as hackers continue to try and steal personal customer data or an organisation’s financial data.</p> <p>Hackers are also expected to increase attacks on high-value financial infrastructure, like ATMs, point of sale terminals and payment portals.</p> <p>Proofpoint director of Threat Intelligence Patrick Wheeler said the biggest threats this year won’t be new or revolutionary but old methods taking on a different shape.</p> <p> “Truly new threats are quite rare and often expensive to threat actors. Known attacks deployed in new ways are actually a much greater threat because they are more likely to be both effective and cost-effective,” Wheeler said.</p> <p>“The big ‘new’ threats of 2016 will most likely be well-known techniques from email – and web-based attacks – applied to less well-defended areas such as social media and mobile apps.”</p> <p>So what’s the best way to protect yourself online?</p> <p>Wheeler advises, “For individuals, the best practices are pretty well-known: run good, up-to-date protection on your devices, don’t open emails and click attachments from people you don’t know, apply relevant OS and application patches when they become available and don’t provide your personal or financial information over social media.”</p> <p>While Wheeler warns all online users to be vigilant with the security of their data, he emphasised the incident of cyber-criminal activity is not actually increasing. Unfortunately, however, it is here to stay.</p> <p>“We could argue that the feeling that cybercrime is getting worse is actually rooted in an increasingly widespread grasp that cybercrime isn’t going away, which is a really important – and scary – thing to realise.</p> <p>“There will be cybercrime as long as there is a way to profit from stealing information online, and every individual and organisation are a potential target: understanding that, we can move on to using intelligence, education and solutions to focus on threats, risks, and response.”</p> <p><strong>Related links:</strong></p> <p><span style="text-decoration: underline;"><em><strong><a href="/entertainment/technology/2016/01/how-to-spot-fake-apple-products/">How to spot fake Apple products</a></strong></em></span></p> <p><span style="text-decoration: underline;"><em><strong><a href="/entertainment/technology/2015/12/top-tips-and-tricks-for-using-skype/">Top tips and tricks for using Skype</a></strong></em></span></p> <p> </p> <p><span style="text-decoration: underline;"><em><a href="http://www.oversixty.co.nz/entertainment/technology/2016/01/myths-about-facebook/"><strong>3 myths about Facebook busted</strong></a></em></span></p> <p> </p>

Technology