A few weeks back, a handful of BDO clients lost money from hacking. This week, teachers who are account holders at Landbank lost theirs in a phishing attack. This underscores the need for companies to offer cyber wellness and digital hygiene programs to counter online scams
COVID-19 forced people to adopt digital banking and e-wallet for cashless transactions and e-commerce, and because of this, online scams increased too. A collective campaign to bring awareness to the associated risks and survival guide in the digital space needs to be introduced and stories like above need to be retold for the protection of the public.
Social engineering is the mother of all online scams
Generally speaking, social engineering is an attempt to play with your emotions like fear or curiosity to trick you to do something you will regret.
- That something can be blackmail material that the cybercriminal can use to manipulate you (cyber harassment and bullying).
- This something can be clicking a link in your social media timeline, responding to an email or SMS (smishing) or spoof website, downloading malware, which will give access to your device (hacking), or getting hold (phishing) of your bank or digital wallet credentials (identity theft).
Cyber wellness and digital hygiene program to counter online scammers
Cyber wellness is a mindset of proactive, critical, and safety-first online behavior. Digital hygiene on the other hand is about the best practices to keep our digital assets clean.
I have collaborated with academic institutions, student organizations, and CHED in running this cyberwellness and digital hygiene program for students. Of late, the Human Resources of large companies has been inviting me for the above program to equip their employees too.
How do we keep our money safe?
Having said that, the below pointers can help you from falling victim to phishing and online scammers:
- If possible, use a different gadget for gaming and entertainment, and for financial transactions
- If using the same computer, use a different browser, for your online transactions
- Use a different email address for your financial transactions.
- If using debit/credit cards for offline purchases, make sure it is swiped in front of you.
- If doable, avoid visiting and using sites that promote gaming hacks, illegal downloads, or streaming entertainment stuff.
- Be mindful of the apps that you are downloading.
- Be mindful of the information you are turning over to app developers, or the access level of an app to your device
- Read the privacy policy and terms of use of the apps or websites you are visiting or using.
- Make sure your apps, and browsers are updated
- Do not make a financial transaction in an unsecured digital environment (free wi-fi)
- If engaging with a new seller in e-commerce, use COD instead of transferring money.
- If you are using a public computer, always clear your cache and cookies after use.
- Use a fairly difficult password for your banking and e-wallet apps, and keep it safe.
- Use OTP and/or any two-factor (or multi-factor) authentication scheme before any transaction.
- If available, use information security and privacy app
- Use an appropriate anti-virus solution
- Be critical of the SMS, email, and calls you are receiving allegedly from your e-wallet providers and banks.
- Are they appealing to your emotions like fear because you will lose access to your account? Or excitement because you’ve won something?
- Do not click the link, instead place the cursor over the link to check if it is spoofed.
- Do not download or install any file
- Do not respond to the SMS or email, instead use the spam and block feature of your email or phone
- Do not give personally identifiable information, account numbers, OTP, password, allegedly for validation.
- Do not click the unsubscribe button to the spam emails you are receiving
- Check with your provider if indeed they are sending these SMS, email, or voice call
- Change your password regularly
- As a company, include cyber wellness training in your employee welfare program, and have your IT institute a digital hygiene practice
- If available in your professional network, connect with an information security guy. They can help you in a more complicated situation.
Online fraud is an evolving animal, as security increases, so are new ways to deceive people. So keep yourself informed of the latest security breach and adapt to the ever-changing security landscape.
Dwayne, bro., if you are reading this, feel free to add more safety tips (he is my infosec buddy).
And dear readers if you have additional security tips or have a story to tell, feel free to share them in our comments section.
Yes Jimi King, Park King, and other accounts I don’t know. Threatening me on Facebook, email as well. Posting my private videos because I don’t want to talk to him anymore
Have you sought help with the women’s desk or the cybercrime division of the police?
As what we are preaching, the human side is the weakest link in the infosec chain. So awareness is key. Companies should invest in that too. All security mechanisms are useless if the one who uses IT is the weakest link.