With cyber hackers getting ever more sophisticated with their methods to steal people’s financial and personal information, vigilance and caution are crucial to avoid becoming a victim.
That was the message from San Diego Deputy District Attorney Brendan McHugh when speaking for a Continuing Education Center at Rancho Bernardo virtual class on Nov. 11.
McHugh told attendees — who were primarily area seniors — that they need to have situational awareness. Just like they would not access an ATM located in a dark alley, they have to be very cautious when clicking on links they come across on their computer or smartphone.
During his presentation, McHugh covered a wide range of ways criminals are using technology to steal people’s money and information. This is done through ransomware, spyware, adware, worms, trojans (malware snuck on a computer) and botnets (computers turned into “zombies” where they are accessed to commit crimes).
While some of these methods are geared toward companies, he said individuals can be targeted so they — or their devices — become unwitting participants in the crimes. With an increasing number of homes having “smart” devices like refrigerators, toilets, toys, robotic vacuum cleaners, locks, light bulbs, coffee makers, smart watches and home automation devices, hackers have many new ways to access one’s devices and networks.
In addition, McHugh said many of these Internet of Things devices do not have the same system updates that computers have, so vulnerabilities are not fixed. This leaves them more susceptible to hacking.
Ransomware is especially popular when committing fraud, he said. When launched on someone’s system, their files are encrypted and they lose access to their photos and documents.
“Typically it comes in an email with a code that encrypts all files in the hard drive,” McHugh said. “They ask for payment, often by cryptocurrency or gift cards. … It is fraud.”
McHugh said the “first generation” of ransomware only encrypted a computer hard drive, but the “second generation” now not only demands payment for the files to be unlocked, but threatens to release those files on the dark web.
“They will publish your data on the dark web,” McHugh said. “This is extortion.”
He said the best way to not become a ransomware victim is to not click on links that come in emails, whether the sender is known or not. Just because the email sender’s name is someone you know, their system could have already been hacked.
“Be very cautious about clicking links,” McHugh said, adding it is best to verify with the sender via phone or other means that the email is really from them.
“It is critical to have a backup, either cloud-based or external hard drive that is not connected to your system except when doing the backup,” he said. “If your backup is connected it could also be encrypted … so keep it separate.”
McHugh said this is also a good practice to follow in case the computer gets damaged through other means, such as by water or fire. A separate, unconnected system allows for the system’s files to be restored.
He said phishing is also a popular way to steal personal information and often comes in messages that appear to be from a financial institution.
“If it is an unsolicited text or email don’t click on the link,” McHugh said, explaining the hacker is trying to access the financial account’s username and password.
According to McHugh, trojans can give the hacker remote access to a device. For example, the hacker can turn on a computer’s video camera and see or hear whatever is going on within the computer’s range. He said it is best to turn off the computer, not just put it in sleep mode.
As for other types of crimes, McHugh said it is important to stay on top of one’s credit reports in case a company one does business with has been hacked. “We have to make sure our information is not used to victimize us,” he said.
He also said it is important to practice “cyber hygiene.” This includes using complex and unique passwords for each account and changing passwords frequently. Multi-factor authentication is also something he advises. When logging into an account, a code is sent to a cell phone and that code must also be used for the account to be accessed. He said most banking and email sites offer multi-factor authentication. Update anti-virus software and operating systems whenever an update is released as it fixes the latest-known system vulnerabilities.
If one becomes a hacking victim, McHugh said it is important to not give the criminal money. The rise in cryptocurrency has made it “extremely difficult” to investigate and get the money back. He also said it is important to file a police report.
“The only way we can investigate is if we know about it,” he said.
He also said people should consider putting a fraud alert on their credit reports, especially if they will not be applying for new lines of credit. If they need to, he said they can have their credit unfrozen. In addition, they should obtain a free credit report each year from the three main credit reporting agencies — Equifax, Experian and TransUnion.
Those who have been victimized can get assistance. One place to contact is the Identity Theft Resource Center at 888-400-5530 or idtheftcenter.org.