educational

Cybersecurity and You: The Latest Online Threats to Ward Against

Cybersecurity and You: The Latest Online Threats to Ward Against

Let us discuss the differences between the viruses of yesteryear and the highly-developed cyber intrusions of today, when we must be on the lookout for sophisticated attacks and those delivered via “social engineering.” How can you best defend yourself? Read on.

COMPUTER VIRUSES

Most manufacturers set up the administrator account on routers with the same username and password for every piece of equipment they sell, so log in and change those before a hacker does it for you.

In a nutshell, a computer virus is a type of malicious code or program written to alter the way a computer operates, and is designed to spread from one computer to another. Viruses need a computer file to act as the host of the virus, and the device receiving said file will become infected with the virus. Typically, viruses are transmitted via email attachments or from websites that may have been unknowingly attacked with malicious code injected onto their pages. After all, the reality is that successful viruses are often spread due to dumb luck or operator error.

Typically, the best way to avoid catching a computer virus includes not clicking attachments to emails without first vetting the source and nature of the attachment. An email from a trusted colleague, but with odd phrasing, is a red flag, as is an email from an unknown source offering attached materials. You should also be wary of clicking on pop-up ads, while using strong passwords, keeping your software up to date and installing some antivirus software.

PHISHING

Phishing is defined as a type of “social engineering” attack often used to steal user data, including login credentials and credit card numbers. Phishing, much like a virus, occurs when “hackers” masquerading as someone you think you can trust spoof an email address or use a legitimate company’s logo to trick victims into opening an email, instant message or text that has an attachment containing a malicious link. The main difference between a virus and phishing is that instead of just slowing down your PC, or showing you annoying pop-up advertisements, phishing can compromise your personal data, leading to such things as identity theft.

SPEAR PHISHING

While phishing is similar to viruses, in that both are transmitted via mass dissemination and playing the odds that a few recipients will infect themselves, spear phishing is much more targeted, aimed at public figures like a celebrity or the CEO of a multinational conglomerate. Phishing attacks can also target employees with specific company email addresses. All the hacker is looking for is a way into the victim’s network, to cause damage throughout the company or their own finances.

RANSOMWARE

While having your identity stolen is definitely something to be avoided, ransomware can literally be a national security issue. If you have poor internet habits when it comes to your personal email at home, there is an excellent chance that you’ll engage in the same behavior at work, which can lead to problems that go far beyond your own personal detriment.

When hackers utilize phishing or spear phishing, a primary goal can be to have the recipient inadvertently install malicious software (malware) on their PC or company network. This malware may then encrypt the victim’s files so their network or PC no longer works. Then, hackers demand a ransom to restore access to the data upon payment. Hackers typically ask for payment via Bitcoin or a gift card.

If you need an example of how serious spear phishing can be, just think back a couple of months ago to the Colonial Pipeline shutdown, or the JBS meatpacking plants hack.

SO, WHAT CAN YOU DO?

You would think that after 30 years of having the internet around, people would know by now that it’s not a good idea to click on suspicious links. But such is not the case. Fortunately, there are additional precautions you can take to prevent being infected:

  • If you have an email program that allows you to set a maximum file size for email attachments, use it, and set it low. You can always override the setting if needed.
  • If your bank calls you and asks you to verify your account number, hang up. Call the number on the back of your bank card if you are concerned it was a legitimate call, but know that your bank will never ask you for information like that when they initiate the call.
  • If the IRS calls and says you owe them money that can be paid via Western Union or a gift card to Target Stores, hang up.
  • Update your passwords often—and avoid playing those quizzes you find on social media sites, as many of them are basically fishing for your answers to security questions.
  • Be careful about the sites you visit. If you are giving any kind of personal information to them, be sure the page’s URL begins with https:// for peace of mind.

While the above suggestions may seem like common sense to you, these are all security issues that happen daily. However, one of the most important items in maintaining your network security is the Wi-Fi router in your home. Cyber criminals are known to drive through neighborhoods looking for vulnerable routers, and if they find yours, network security can be almost impossible to maintain. Luckily, it is very easy to secure your network from outsiders:

  • The most obvious method of maintaining your home’s network security is to create a difficult password to access your network, but beyond that, do not give out your password to visitors; if you must for one reason or another, change your password after they leave. The reality is, you should regularly change said password whether you give it out to others or not.
  • Since hackers cruise neighborhoods looking for vulnerable routers, do yourself a favor and hide your router. Most manufacturers set up the administrator account on routers with the same username and password for every piece of equipment they sell, so log in and change those before a hacker does it for you and locks you out of your own router.
  • While you are at it, change your network name and hide your network so that it does not appear on the list of available networks. Doing this will require that anyone accessing your network know the exact name of the network in order for it to become visible.
  • If your router allows remote access, turn that off. And while this should go without saying, you should ensure your router’s firmware is kept up to date. While one would expect this would be done automatically, when you are changing your password, you should confirm the change has taken effect.

TAKE YOUR GOOD HABITS TO WORK

You can take many of these suggestions to work with you and help keep your business network safe. For instance, if you offer an online shopping cart for customers, you should keep track of things like IP addresses that consistently come up with fraudulent attempted sales. IP addresses will point to the part of the world your “customer” is coming from.

Sometimes it just makes sense to block an entire range of IP addresses. Granted, you might block all of Nigeria due to an inordinate number of fraudulent purchases and as a result miss the two or three legitimate sales, but you must weigh the odds.

Similarly, if you notice that someone is attempting to guess a correct credit card number or the associated Card Verification Value (CVV), it could be in your best interest to block the credit card number, or an entire range of credit card numbers.

Do not hesitate to utilize CAPTCHA on your payments page. While a hacker may use a script to automatically run credit card numbers until it stumbles across one that works, CAPTCHA will require human intervention, which may make it more trouble than it is worth to the hacker.

Finally, keep your software, firmware and patches current. A few months ago, it was revealed that Wi-Fi has had a built-in vulnerability since it was invented in 1997. If that does not convince you to pay attention to your security updates, I am not sure what will. It can be a scary world out there, but hackers rely on the uninformed. Don’t let that be you.

Jonathan Corona has over 15 years of experience in the electronic payments industry. As MobiusPay’s COO, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. MobiusPay specializes in merchant accounts in the U.S., EU and Asia. Follow them @MobiusPay on Twitter, Facebook and IG.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More