Around the time of Christmas when the online shopping activity tends to be at its highest during the year, the trend also tends to be reflected in terms of scammers and cyber criminals activity. With that we will take a look at few ongoing problems in the year of 2020 and how we as users can step up the game to minimize the chances of falling as a victim.
Falling as a victim to a scam statistically gets higher as users build more online activity, as time goes by some of the companies the user registers with and shares their personally identifiable information gets leaked or hacked.
As a consequence of the leaked data such as email, phone, full name, password(s) & address the scammers are equipped with information which allows them to craft more legitimate looking scam attempts becoming overall more effective in the execution of the scams.
First tip would be to accept the possibility of any service you are using becoming a victim of hackers. No matter whether it is your cooking app you used for years, your parent's email, or whether it is someone as big as Google.
With that the first obvious attack vector is credentials re-usage, because sadly most of users simply still do keep on re-using the same username/email & password combination across different sites.
The second tip suggests to start treating all the communication which contains links and/or attachments with some degree of suspiciousness, the more unexpected communication the more suspicious one should be when dealing with it.
One can scan the link before visiting it to get a feeling of the sites legitimacy and any potential known threats with tools like https://sitecheck.sucuri.net
When dealing with a downloaded file before attempting to open/execute it, it is advisable that one first scans the file with an anti virus or at least a with an online tool like https://www.virustotal.com to make sure that it doesn't contain known exploitable vulnerabilities.
The third tip centers around understanding that there is a high level of greed in year of 2020 which has seen more and more reputable companies such as Google allowing phishing ads to be placed on its marketplace, starting from the notorious youtube ads with cryptocurrency scams mostly featuring Vitalik Buterin in the past months and ending up on the most recent MetaMask ad positioned as the first Google search result luring victims to a site which steals crypto backup keys and drains funds.
Furthermore as highlighted in the recent article the mobile app stores such as Google Play Store are becoming a minefield in terms of scam apps, with scammers easily inflating apps with fake reviews pushing malicious apps high in the search results.
The final tip would be to secure your accounts adequately to the personally identifiable information and funds being stored within the account, for instance someone with considerable amount of funds being held within an exchange should at least consider adding a phone verification on top of the username & password logins/withdrawals. However as one's risk profile grows and becomes a higher risk in terms of being targeted by hackers, one should consider if phone verification on its own is sufficient for example with the past article highlighting how at least twenty individuals highly involved with Crypto projects were targeted as part of telecoms exploit on the Israeli Orange provider.