A client’s Yahoo email account was hijacked recently. She found out after an email was sent out in her name, to her entire contact list, asking to borrow several thousand pounds. This was such an obvious scam that no-one fell for it. Fortunately, other than some embarrassment and inconvenience, there were no serious consequences. It could have been much worse.
How did this happen? She’ll probably never find out but easiest route would have been by getting hold of her password. Criminals use different techniques but common methods are:
- ‘phishing’;
- ‘shoulder-surfing’;
- through an infiltrated computer;
- by capturing the transmitted information.
‘Phishing’
This method because is so common that I’d be surprised if you’ve never encountered it. Phishing is when someone tries to trick you into visiting a fake website and entering your login credentials. Treat any email asking for your account details with suspicion. If in doubt, contact the company using their published telephone number or email address to double-check.
‘Shoulder-surfing’
Shoulder-surfing is a technique where someone simply looks over your shoulder watching what you type. You’re most susceptible to this when you’re working in a public place, like an internet cafe, airport or train. To avoid this, just be aware of your surroundings.
Through an infiltrated computer
Computers can be infiltrated by software that secretly records everything you type on the keyboard. The most risky are those in internet cafes or hotel business rooms. What happens is that a malicious person will install recording software and wait for people to use the computer. A while later, the person retrieves the captured information, which would include web addresses, usernames, passwords and emails. It can be very difficult to know when this is happening so don’t trust public PCs.
Your own computer can also be infiltrated by a computer virus caught through email attachments or infected websites. Windows users should keep their anti-virus software up to date. Apple users have less to worry about but it’s still a good idea to be cautious and occasionally run virus checks.
Capturing transmitted information
This technique is probably one of the most difficult to avoid. Someone with enough technical knowledge can literally watch the passwords and emails flowing through your internet connection. Although it’s possible for this to happen with your wired office network, you’re most at risk when using WiFi.
If you have wireless internet at home, read the manual to make sure you configure it with the highest security setting possible. Things get more tricky when you’re travelling and using the wireless internet services at cafes and hotels.
To protect against this, you’ll need to use VPN software. VPN stands for Virtual Private Networking and is a way of scrambling your transmitted information, hiding it from prying eyes. Unfortunately this software can tricky to set up. They’re often used by corporations with their own IT department. As a small-business owner, this will probably be outside of your comfort zone unless you have someone technical on-board. Nevertheless, if you’re willing to give it a try, ask a computer retailer about VPN broadband routers.
Just remember to exercise caution
As you can see, the techniques range from old-fashioned confidence tricks to high-tech computerised traps. I’ve glossed over the details but key is to use the same common sense online as you would in the real world: don’t take everything at face value; be cautious when in unfamiliar surroundings; get advice on how to use your tools.
This is a complex topic so if there’s demand, I’ll write a more in-depth articles in the future.