Understanding Cyber Threats: A Beginner’s Guide

October is Cybersecurity Awareness Month. It’s an unfortunate fact of life that today, it is more important than ever to keep your identity, data and other personal information safe from cyber criminals. This is just as important for individual consumers as it is for companies.

Cybersecurity has been a widespread priority since the second half of the 1990s, when the dot-com boom brought the world online. Now, more than 25 years later, unprecedented events like the COVID-19 pandemic, political turmoil fueled by contested elections, increased sociopolitical unrest, increased prevalence of cryptocurrency and use of artificial intelligence (AI) have led to a surge in the number and severity of cybercrimes.

Here are some tips that can help you avoid falling victim to these constant and increasingly sophisticated attacks.

1. Don’t respond to emails or texts

Often, when we think of cyberthreats, the first types that come to mind are those big data breaches in which cybercriminals hack into companies’ computer systems and steal massive amounts of consumer data. Those breaches often occur because of technical vulnerabilities. However, it’s a lot easier to trick a human than it is to breach a security system. That’s why “social engineering” is one of the most dangerous hacking techniques that cybercriminals use.

According to Verizon, 85 percent of all data breaches involve human interaction. The biggest cyberthreat in 2022 was Trojans, a type of malware that relies on user interaction, according to the ReasonLabs 2023 State of Consumer Cybersecurity report.

A "Trojan," short for Trojan horse, is a malicious program or piece of software that misrepresents itself to gain control, cause damage, gather confidential information or perform other harmful objectives. Unlike viruses and worms, Trojans do not self-replicate by infecting other files. They are spread when the targeted user takes some sort of intentional action such as opening an email attachment. Trojans can be incredibly destructive. They can steal your personal information, take over your system, delete files or track your activity without your knowledge.

More than 75 percent of targeted cyberattacks start with an email. Phishing is a strategy whereby scammers use email messages to trick you into giving them your personal and financial information, such as passwords, account numbers or Social Security number. It is one of the top causes of data breaches, followed by the use of stolen credentials and ransomware. Smishing is the same strategy, executed via texts instead of emails.

Scammers will send you a text or an email that looks like it’s from a company you know, such as a bank or credit card company. They will tell you they’ve noticed suspicious activity or log-in attempts, or they’ll say there’s a problem with your payment.

Many times, your first clue that it’s a scam is the poor English or incorrect spelling. Many of these scams originate outside the United States.

Here are three ways to stay safe from phishing and smishing scams.

1. Never click on links in suspicious emails or texts that ask you for personal information or data. Although many companies do send their customers emails, they will not ask you to share important details via an email or a text. If in doubt, contact the company to ask if there is some kind of issue with your account.
2. Install security software on your computer and phone, and set up automatic updating.
3. Use multi-factor authentication (MFA) or two-factor authentication (2FA). MFA and 2FA, you will set up an account to require two steps to log in, instead of just one. So you might enter your username and password, but then you also need to take a second step, such as having a code texted to your phone or an email sent to you, and once you respond to those prompts, then you can access your account. Yes, MFA takes a few seconds longer to long into your accounts, but it’s worth it.

2. Maintain good “cyber hygiene”

Cyber hygiene refers to regular habits and practices regarding technology use, like using strong passwords, not reusing passwords on multiple sites and avoiding unprotected Wi-Fi networks. Cybercriminals thrived more than ever during the pandemic, when remote work became the norm, and millions of people were working from unprotected home networks.

To maintain good cyber hygiene, follow these strategies:

1. Change your passwords regularly.
2. Install antivirus and malware software on your computer and phone, and scan for viruses regularly.
3. Update your software and hardware regularly.
4. Be extremely careful about letting other people access your accounts and devices.

3. Make your mobile devices less vulnerable

During the pandemic, most of us began using mobile devices more. Touchless payment technology and the use of mobile wallets became commonplace because we were all focused on preventing the transmission of germs. That opened new doors of opportunity for cybercriminals.

We tend to use our computers and mobile devices more in the summer than in other seasons. ReasonLabs found that malware was the top online threat affecting consumers from May to July 2023. Malware was responsible for 58 percent of all detections during that period. The more time we spend online, the greater our vulnerability to cyberattacks.

Malicious apps come in a variety of different forms, including spyware, ransomware, adware, viruses, bots, botnets, rootkits, keyloggers and Trojan horses. In most cases, malware is spread through vulnerable software, file sharing, websites, ads, email attachments, or malicious links. Now that AI is becoming more widespread, cyber attackers are creating AI-powered, situationally aware and highly evasive malware and ransomware.

Here are some tips for reducing the vulnerability of your mobile devices.

1. Avoid using public and insecure Wi-Fi networks.
2. If you want to use public Wi-Fi hotspots, install a virtual private network (VPN), a connection that disguises online data traffic and protects it from external access. Anyone with network access can view unencrypted data, but a VPN keeps cybercriminals from deciphering data.
3. Back up your mobile data regularly so you can recover valuable files if your mobile device is lost, stolen or compromised. Backups can protect against human errors, hardware failure, virus attacks, power failure and natural disasters.

4. Be careful on social media

Cyberattacks don’t happen just on email or via texts; they are also prevalent on social media. Be careful about the information you share on social media.

Cybercriminals can use the information you post on social media to obtain passwords or impersonate you. Many online accounts allow users to reset passwords if they enter a security question. With enough information from social media posts, an attacker could guess the answer to these security questions based on the private information you post.

In addition to being careful not to overshare personal information, here are other ways to protect yourself from social media scams:

1. Change your passwords often on your social media platforms.
2. Never accept friend requests from unknown people, even if the user appears to have several mutual friends with you.
3. Avoid using social media sites on public Wi-Fi hotspots. Public Wi-Fi is a common location for attackers to snoop on data using man-in-the-middle (MitM) attacks.
4. If you are using a dating app, do not link any of your social media accounts to your dating profile. Don’t share your phone number, either. This could give away too much information that a scammer could use against you, If your dating profile is compromised, it could also put your other accounts at risk.

________

Whether on email, text or social media, you can never let your guard down. Always assume a new threat is imminent, and protect yourself in every way possible. Taking a little extra time to thwart attacks can protect you from serious, and potentially costly, cyberattacks. Be aware of the risks you take every time you go online!

Any opinions are those of Tyson Ray and FORM Wealth Advisors and not necessarily those of Raymond James. This material is being provided for informational purposes only and is not a complete description, nor is it a recommendation. There is no guarantee that these statements, opinions or forecasts provided herein will prove to be correct. Investing involves risk and you may incur a profit or a loss regardless of strategy selected. Past performance is no guarantee of future results. Prior to making an investment decision, please consult with your financial advisor about your individual situation.