The malware and scam landscape is ever changing, threats a year or even a number of months ago may have now evolved or disappeared. The criminals behind the threats are constantly looking for the next opportunity, trying to make the biggest impact in a short amount of time so to not get caught.
Malware creation is undoubtedly the hardest part of the hacking timeline, thanks primarily to distributing the malicious software becoming so easy. It has been reported (by the Symantec Corporation) that 75% of the websites on the internet have security vulnerabilities, which ‘leaves us all at risk’. In the same report they found that in 2015 there was 1 million online attacks every day on internet users. Here’s some examples of online threats today you should be on the lookout for so you can better your chances of not being part of a statistic in next year’s report -
Identity theft via key logging software is one of the most common attacks seen online today. By installing a piece of malware on your computer called ‘Spyware’, the writer of the program can log every keystroke made on your computer, specifically highlighting login pages so they can steal your username and password combinations. Online banking sites have cracked down on this threat partly by offering different password styles, for example, you may have started using a memorable word to log in to your bank. The site will ask you for characters at certain points in that keyword, so you may be asked to input the 2nd, 4th and 5th letter or number in that memorable word. This way, the keylogging software would return jumbled up letters. Unfortunately, it isn’t a perfect workaround as over time the memorable word will become clear to the keylogger, especially if it captures the screen as well as the keystrokes. You can protect yourself from this threat by having an up to date antivirus installed on your computer.
Another mentionable threat is ‘spear-phishing’, a more advanced and targeted form of the classic internet emailing issue ‘phishing’, which you are very likely to be familiar with. Spear-phishing is just like phishing, but targeted on one or, albeit less often, a small group of people. The standard procedure with this type of threat is to gather information on a company’s email address format, then proceed to search for the names of some of the people in the company. With this information, the phisher can rather realistically appear in the email box of an employee of said company as a colleague looking for private information. To make the phishing attempt more likely to get ‘a bite’, the perpetrator will often appear as someone of authority in the business, making it much harder for the targeted employee(s) to not give up confidential information.