Brad Melrose, a computer systems security specialist, gave a very comprehensive and informative talk to Pattaya City Expats Club (PCEC) members on how to avoid becoming a victim of online predators at their Sunday, February 4, meeting.
Brad has worked in the Information Technology field in Canada for 30+ years. During this time, he has worked in all aspects of Information Technology by deploying current technologies and keeping up with the massive rate of change in it. One of Brad’s interests is Computer Security, to which he has used his expertise to ensure large computing environments are secure against the accidental or deliberate disclosure of unauthorized information.
On line threats are numerous and the ability to stay safe online today is a priority. Though it is becoming more difficult, Brad put safety down to some key things and explained how hackers exploit basic human nature for their own malicious purposes. Firstly, he explained the three main types of threat: Spam-viruses, Ransomware, and Phishing. Seemingly, we are our own biggest security threat because on line predators/hackers are creative and use our own human traits against us.
Spam and Viruses lead to a staggering loss of productivity and are annoying. The ‘spamsters’ send out billions of messages to email addresses which costs them virtually nothing. Even if only 5-10 people reply they have accomplished their goal in confirming it is a good email address to be targeted. Also, Viruses and Ransomware are often delivered through spam, but usually require your help to be effective.
A computer virus is a type of malicious software program (“malware”) that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be “infected” with a computer virus. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files through encryption. Once a ransom is paid it will give a password to unlock your files. The email usually has an embedded link or attachment that contains the malware. Even if you know the sender, do not open attachments or go to links unless you were expecting the email. If it is unexpected but from someone you know, contact the sender to see if it is a legitimate email from them before opening or linking. Brad’s advice: if you receive an email you are unsure of, do not open it.
Brad mentioned that some malware will have your computer mining for cryptocurrency in the background unknown to you. Use task manager to see what programs are running in the background and the amount of CPU (Central Processing Unit) being used, if the program is unfamiliar to you and using a lot of your processing power, it could be mining for cryptocurrency and slowing your other computer processes.
Phishing is used in fraud and ID theft. It is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an email. It is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate one and the only difference is the URL of the website in concern.
Phishing emails may contain links to websites that distribute malware. Phishing is an example of social engineering techniques used to deceive users, and exploits weaknesses in current web security. Scammers will send an email, often one that looks very much like the website of a legitimate business such as a bank or financial institution, and take you to a fake site where you voluntarily enter your details. This may include credit card, bank account or just personal data, enabling them to take your ID and/or money. Did you notice that you voluntarily offer information? This is the only way you can be hacked. They need you to let them in somehow.
Brad suggested you visit this website: https://takefive-stopfraud.org.uk/ and “take the test” to see if you are too smart to be scammed. Scams could include for examples Facebook or emails. You may receive a request that you log in to your Facebook or email account. Think before you do because this could be a phishing trip and if you do, you will be voluntarily giving away your password to let them have full access to your emails and your Facebook accounts. Brad asked the question…are your friends on Facebook visible to the world? If they are, this is not sensible and could lead to cloning where a predator pretends to be you. And never accept a friend request from someone you do not know.
Malware attachments are sometimes on phishing emails. They will be a zipfile attached to the email that will contain viruses. Unfortunately, virus checkers don’t always check zipfiles. Brad said that the odds are that they will pass through your security. So be cautious.
Spear phishing targets you personally. Brad urges us all to use our common sense. As regards passwords Brad advised that when selecting one it has been proven that long phrases, as long as possible, are more effective than a mixture of numbers, symbols, and letters. Don’t have the same password for everything. Brad ended by saying that we should all get into the habit of backing up files and photographs just in case a predator does come knocking with ransomware. Be safe out there and use common sense and avoid curiosity!
After the presentation, MC Roy Albiston brought everyone up to date on upcoming events. This was followed by the “Open Forum” portion of the meeting, where questions are asked and answered and comments made about expat living in Thailand. For more information on the Club and their activities, visit www.pcec.club.