Employee Cybersecurity Training – Internet browsing and WiFi Scams.
Our subject today is how to avoid internet browsing and Wi-Fi scams. This subject is important because of the drive remote work or WFH, which we believe will continue in the future. Working remotely comes with a variety of scams. Our last episode covered scams that go through the email. Today we are discussing internet browsing scams and how to protect yourself when using public Wi-Fi.
Types of Internet Browsing Scams :
Internet browsing scams are the second most used vector bad guys use to attack and gain access to your systems for their exploits.
One of the most prevalent ways is to use a redirect. Let’s say you are going to a website like Yahoo or your Gmail, and you suddenly see a pop up on your screen with words in huge red letters. The letters are often animated with loud noises. The message conveys that you have been infected with a virus and you should immediately call the 800-number listed so that they can clean the virus for you. If you call the number, they may even falsely identify themselves as Microsoft security center. You then speak with a random person and give them access to your computer. Once they have access to your computer, all they do is close the internet browser window and then charge you $600 to $1000 for fixing your computer. In this scenario, the fact is that your computer was not infected. This is simply a scam to try to extort money from you. Most antivirus software, especially business-grade antivirus software, is designed to present you with a pop-up that alerts you to a problem and instructs you to contact your IT provider.
Consumer-grade antivirus software, such as McAfee, will instruct you that the site has been blocked for your safety and will give you instructions on how to unblock it or get more information related to that site. The biggest difference is that there is not an 800 number to contact. Using antivirus software is key to avoiding this scam.
• Trojan Horse or Rider
Sometimes your computer can be infected by downloading software that has a rider or “a passenger” in it. Just like the mythical trojan horse of the Aeneid, these files covertly bring other files onboard to infect your computer. If you are attempting to download a free program allowing you to do a one-time task, such as editing a PDF file, and because you are looking to avoid a subscription, you may not pay attention to how the website looks. Once the file is downloaded, it may come with malware or spyware as well. You will then begin seeing many pop-ups and ads on your computer. The performance of your computer may also suffer and begin to react at a slower pace than before. These trojan horses can also install key loggers so that anytime you log into a website, they can pick up your password. You would be better advised to pay for the licensed subscription and then cancel it. Using good antivirus software can help to avoid suspicious sites and malware infection.
Using Public Wi-Fi Safely :
When using public Wi-Fi offered at the airport or a conference, you must be mindful that any type of sensitive information may be discoverable by others.
• HTTP vs. HTTPS
There has been a push lately to using HTTPS across all the websites. The difference between HTTP and HTTPS is that HTTPS uses encryption that is helpful to mitigate security issues. One way that scammers get around HTTPS encryption is by creating a hotspot that is similar to the public Wi-Fi offered by a facility or conference sponsor. Instead of connecting to the one supplied by the facility or conference sponsor, the individual connects to the imitation hotspot allowing their traffic to be decrypted, even over HTTPS. This can be real trouble for the individual. When using public Wi-Fi, always choose the option that offers you a password, instead of one that simply instructs you to checkboxes to access the Wi-Fi.
• Virtual Private Network (VPN)
Most companies will offer their employees access to a VPN for remote access. In the past, there have been issues with rogue employees using their laptops and connecting back to the corporate network to access the files. VPNs are now used differently in that all traffic from your computer to the VPN is always encrypted so no one can look at it. Also, the VPN provider can either connect you to a browser session or connect your computer to a corporate office so that you can conduct all things you would normally do on your computer at work. If your employer does not provide you with a VPN, you can sign up for a personal VPN account, which is usually around $10 a month.
These are ways you can avoid internet scams and keep your sensitive information safe while internet browsing and downloading files. If you need additional help with protecting your computer, ArchIT is a full-service IT management company. working exclusively with architecture, design, and engineering firms. Reach out to us directly if you have any questions or need help with your IT.