• 3 types of unusual activity that are putting you at risk

3 types of unusual activity that are putting you at risk

|

The digital age is well and truly underway. Alongside technological advancements, though, are criminal ones too, and cyber security is increasingly at risk, meaning Australians need to be aware of the threats that it poses according to the Dell Identity Theft Guide (ITG). Risks to a user's identity are often easily spotted as unusual activity from websites or email addresses that are not recognised, however cyber criminals are getting more intrusive.

Here are three types of activity that, if spotted, could protect a user's sensitive information:

1) Phishing emails

A phishing email attempts to 'fish' personal information, often to do with finances, by tricking a user into thinking that it is from a legitimate source1. These emails can be easy to spot if the obvious tricks are known. For example, many phishers operate from overseas so having a message that is in broken English is a great way to distinguish whether or not it can be trusted. The origin of the email is also a giveaway, although scammers are becoming more advanced in their tactics and branding can often fool a recipient that is not aware of the clues.

The Australian Federal Police (AFP) saw it happen twice in 2015. Their own branding was used in a phishing email that distributed traffic infringement fines of around $1502. Malware was also present in the email and infected computers further.

"This email has taken off widely today and looks legitimate, and many people have been compromised, so I would urge people to be vigilant," stated AFP national coordinator cyber crime Adrian Norris2.

Links or attachments are also often found within these messages and can cause widespread system infection, so if an email is received from an unknown source, it is best to delete it straight away rather than investigate and put a system at risk.

2) Fake social media accounts

Late in 2015, a new risk to cyber security became prevalent. Photo sharing application Instagram, that has more than 400 million active accounts3, has seen an influx of profiles that link to adult dating websites4. These accounts are spam, and unfortunately are not always picked up by the developers of the application because there are so many different accounts that already need monitoring. These fake accounts can be spotted however, with vigilance and education.

According to Symantec Security Response, there are three profile variations that Instagram users should be wary of4. The first type of fake Instagram account is somewhat more complex in its makeup, as it includes a profile image and bio, but the photo posts are tiles of a single photo with strategically placed "18+" icons. Each individual tile of the photo is captioned with the instruction to visit the "official website" in the bio.

The second style of profile has a stolen profile picture and no posts to show. The name of the account itself may even be stolen, and in the bio is a link that leads to an adult dating website. These links are not all legitimate and may infect the device on which it is accessed, so to avoid clicking the link is the best option.

The third variation varies from the second in that the profile has some photograph posts as well. These are often stolen from other profiles so that the identity of the profile owner remains hidden. The profile bio again contains a link to a dating website, and there may be a comment that suggests people should access the website if they are looking for girls who "like muscular boys" or reassure the user that the person in the fake photos on the profile will be the one they meet4, even though the photos are stolen.

Information entered onto these dating sites could be compromised, and so it is important that users are aware of the risks that these fake Instagram profiles pose. If a user comes across a fake Instagram account, the best thing to do would be reporting it as spam.

3) Malware

Unfortunately, malware comes in many forms itself and infects a system in such a way that it cannot be shutdown or removed especially easily. Malware can come from a downloaded application or a link from a phishing email, or even transferring data from an infected device like a co-worker's USB drive. The ITG states that as the online community becomes more accessible, there is a greater need for understanding what threats are posed to users.

Malware can hide in a system for some time and read information that a user inputs, such as financial details that are then stolen and used or sold to another scammer. Malware needs to be scanned for regularly with anti-virus software.

"2016 will present new security challenges, but also a more active and organised front in the fight against cybercrime5," according to the ESET Trends 2016: (In)Security Everywhere report.

With all kinds of threats becoming more prevalent to a user's identity, awareness and vigilance is the key to protecting sensitive information. If you think you may have been compromised, contact Identity Watch today to learn more about its identity protection services.

1. Expert Reviews. Accessed January 2016.

2. Australian Federal Police. Accessed January 2016.

3. Instagram. Accessed January 2016.

4. Symantec. Accessed January 2016.

5. ESET. Accessed January 2016.