One of the wonderful things about the Internet is the capacity to share information quickly and with a lot of people.
Conversely, one of the big problems with the Internet is people with malicious internet obtaining your confidential information. Everyone from the ‘Big Brother’ of Facebook, Google and others watching everything we do to scammers trying to steal from us.
Here are some actions you can consider to protect your online security
Have up to date anti-virus and anti-malware on all of your computer devices
Don’t give out information that you don’t want scammers to have, unless you are sure of the person or website you are giving it to.
Be careful – if something looks too good to be true then it’s likely to be a scam
Never click on a link or open an attachment unless you are sure it is safe
Avoid public WI-FI if you intend to access online banking or anything else that needs to be secure.
There are a number of things you can do to make your website browsing more private and safer.
Use the privacy/incognito mode
Block web activity trackers
Block your ads
Use encrypted messengers
Get a VPN
Avoid non-https:// websites for input of confidential information
Doxing means to analyse information posted online by someone in order to identify and later harass that person. It is typically used to shame or punish people who would rather stay anonymous, because of their controversial beliefs or because they are making trouble in some way.
Doxing can be called a cyber attack involving uncovering the real-world identity of an Internet user. The attacker then reveals that person’s details online. This can then lead to other people attacking the ‘victim’ online and this can be malicious.
However much we may wish to hide out r identity online, we all leave a trail of breadcrumbs that the determined investigator can use to try to find out our real identity.
Typical methods used to determine someone’s identity may include:–
searching publicly available databases
searching social media websites
The key point of doxing is to find and publish personal information about the victim but it can be done for a wide range of reasons, including: harassment, online shaming, extortion or vigilantism.
Newsweek writer Leah McGrath Goodman revealed the identity of the anonymous creator of Bitcoin, Satoshi Nakamoto although she was heavily criticized by some for her actions.
Some believe a journalist using doxing is crossing the legal line into harassment, by publishing information about an individual’s private life against their wishes.
The Des Moines Register published racist tweets made by a 24-year-old Iowa man whose beer sign on ESPN College GameDay resulted in over $1 million in contributions to a children’s hospital, readers retaliated by sharing social media comments previously made by the reporter, Aaron Calvin, which contained racial slurs and condemnation of law enforcement.
The newspaper later announced that Calvin was no longer an employee.
3. In July 2016, WikiLeaks released 300,000 e-mails called the Erdoğan emails (named after the Turkish leader). However, Included in the leak was a lot of personal information about Turkish citizens. The files were removed due to privacy concerns, as they included spreadsheets of private, sensitive information of voters.
If you have any experiences with these scams do let me know, by email
Manchester United football club experienced a ransomware attack in late 2020. They were held to ransom for millions of pounds by cyberhackers who targeted the club’s computer systems and demanded payment to stop them from releasing sensitive data.
It is a difficult decision for any business – pay up or risk seeing highly sensitive information being wiped out or leaked into the public domain.
The club were clear from the start that the attack was very serious but it did not impact on their schedule of matches.
United brought in a team of technical experts to contain the attack and they informed the Police and the National Cyber Security Centre (NCSC).
The NCSC revealed that in 2019 an English Football league club was hit with a £5m ransomware demand. They were unable to access their CCTV or use entry turnstiles, but its’s not believed that they paid anything.
It took weeks of effort to get things back to normal following the attack and United could face fines of up to £18 million or two per cent of their total annual worldwide turnover from the Information Commissioner’s Office if the attack is found to have breached their fans’ data protection.
The NCSC has previously warned that there is a growing threat to sports clubs.
It took roughly 2 weeks for United IT staff and outside experts to regain control of the situation. It is believed they did not pay the attackers.
The episode was embarrassing for United and they are still under investigation by the Information Commissioner’s Office.
If you have any experiences with these scams do let me know, by email.
Generally on web pages, you have to click a link or a button or do something to enable the page to download malware to your device.
But, if your software is sufficiently out of date or missing security updates, then it may be possible for a web page to initiate a download of malware without you taking any action and it may not warn you of the download.
This can be very dangerous.
Anti-malware services can generally spot such danger and block the download but the key is to always keep your software fully up to date.
Common drive-by exploits
Hackers looking to create drive-by malware, generally look at the following:-
Old operating systems
Browsers such as FireFox, Chrome, Opera, and others, especially out of date versions
Out of date browser plug-ins
Early versions of Microsoft Office
Adobe/Shockwave Flash (ActiveX)
The types of drive-by malware commonly found include:-
Trojan horses – these take remote control of the user’s device
Ransomware—allows the attacker to encrypt or threaten to destroy data on the device unless a ransom is paid
Botnet toolkits—attackers may install a botnet application that on many devices which can then be controlled as one to carry out actions such as sending spam email or participating in DDoS attacks
Man in the Middle tools—enables attackers to eavesdrop on the user’s communications
Keyloggers—capture keystrokes and feed them back to the hacker.
If you have any experiences with scammers, spammers or time-wasters do let me know, by email.