Part 1 - Tips to staying safe online
- Use strong, unique passwords and change your password if you believe it may have been compromised.
- Adopt two-factor authentication for your important accounts to add an extra layer of security.
- Install an anti-virus software and keep it updated to reduce the likelihood of being impacted by malware.
- Regularly back up your computer and devices.
- Think before you share information on social media, especially personal information such as the address of your new house in a photo.
- Be aware of phishing emails and don’t click on them.
- You may receive scam calls even if you have a private number.
- Never disclose your personal information, financial account or online account details over the phone unless you made the call and got the number from a reliable source.
Part 2 - Phishing attacks
Phishing emails often impersonate large, trustworthy organisations or government agencies. They may contain a link asking you to enter your information or to respond quickly to their request via email.
- Be on the lookout for poor spelling, grammar or other errors in the email that don't match the organisation's presentation.
- Be suspicious of emails with offers that seem too good to be true or that threaten you to take an action they've proposed.
- If you weren't expecting a message from a person or business, don't click on the links or open attachments to an email. You can always reach out to the person or business via another communication channel to verify the legitimacy of the message you've received.
- Before you click a link, hover over it to see the actual web address it will take you to. If you don't recognise or trust the address, you can always search for the article or site via a search engine with relevant key terms the page might use.
- Utilise a spam filter to block suspicious messages from reaching your inbox.
- Remember, we'll never ask you for your passwords or secure codes via email.
Part 3 - Malware
Malicious software, often shortened to malware, can be used by cybercriminals to:
- Remotely access your computer or smart device (e.g mobile phone, tablet, etc.)
- Use your computer to attack a third party
- Install additional software on your software including ransomware
- Attempt to log keystrokes and capture sensitive information while the user is typing
- Access the microphone and/or webcam on a user's device
Malware can infect your device through a variety of methods such as:
- Opening a suspicious file
- Clicking on a link to a malicious website
- Installing modified software that's been shared for free on the internet
- Opening a Microsoft Office document with macros embedded in them.
If you've been affected by malware, you might notice your device is running slower than usual, ads popping up on your machine you did't expect or notice websites asking for more details than they normally do to do something like logging in. You may also notice alerts from your anti-virus software telling you about an infection. Some of the ways to reduce your risk of being affected by malware include:
- Use anti-virus software and keep it updated
- Make sure your applications and operating systems are up to date
- Regularly back up your files
- Use strong passwords
- Regularly run anti-virus scans of your machine and review installed applications for unusual items
- Don't download applications from third-party download sites or peer-to-peer networks
- Don't click on online ads to download applications
Part 4 - Ransomware
Ransomware is a type of malware that locks your device and its files down so you can’t use them without paying a fee. Ransomware can be very costly to recover from. It commonly uses encryption techniques to lock your files, making them unreadable, and some go one step further and make your computer unusable.
Ransomware infects users' devices through the same techniques as malware and can include:
- Opening a suspicious file sent to you
- Clicking on a link to a malicious website
- Installing modified software that's been shared for free on the internet
- Opening a Microsoft Office document with macros embedded in them.
- It's not recommended to pay the ransom if you're affected by ransomware. There's no guarantee that paying the ransom will see you get your files back and your computer fixed. You should engage a technical resource for assistance if affected
Some of the ways to reduce your risk of being affected by ransomware include:
- Use anti-virus software and keep it updated
- Make sure your applications and operating systems are up to date
- Regularly back up your files
- Use strong passwords
- Disable Microsoft Office macros by default and only use macros you know and trust
- Regularly run anti-virus scans of your machine and review installed applications for unusual items
- Don't download applications from third-party download sites or peer-to-peer networks
- Don't click on online ads to download applications
Part 5 - Identity Theft
Identity theft happens when a criminal steals personal information and uses it to commit a crime such as opening fraudulent loans or stealing money from your bank accounts. Cybercriminals can steal information including contact details, tax file numbers, card details, online account usernames and passwords.
Some of the signs of possible identity theft include:
- Your bank transaction history shows purchases or withdrawals you haven’t made
- You stop receiving mail or stop receiving regular, expected mail like your utility bills
- You start receiving communications related to a credit facility you didn’t open
- A government agency gets in touch regarding a benefit that you haven’t applied for
- You start receiving calls from debt collectors without being behind in loan repayments
Some of the ways you can minimise the likelihood of having your identity stolen include:
- Limit what you share online
- Set your social media privacy settings to ‘private’
- Don’t accept new connections on social media from people you don’t know
- Be suspicious of communications asking you to confirm sensitive personal information
- Use strong, unique passwords for each online account
- Keep your devices, applications and operating system patched and up to date
Part 6 - Technical Support Scams
Technical support scams involve cybercriminals getting in contact with users and pretending to have identified a serious problem with the user’s computer or internet connection and offer to help. They’ll ask for remote access to the user’s computer but in doing so, will access files, intercept bank account logins and other sensitive information on the machine. They may also ask the user to pay a fee to fix the machine.
This scam works on intimidating the user, often using technical words and phrases to confuse the victim and employing techniques to build urgency. The scams can be initiated via a cold call, mass-messaged emails to users or via pop-up ads suggesting you’ve got a virus and to call a specific number for help.
Some of the ways you can protect yourself from scams such as these include:
- Always keep your computer up to date with the latest software updates, antivirus software and a good firewall
- Never disclose your personal information, financial account or online account details over the phone unless you made the call and got the number from a reliable source
- If a stranger asks for remote access to your computer, say no, even if they claim to be from a reputable business
Part 7 - For More Information
CERT VU is Vanuatu's cyber security information and incident response hub for Vanuatu to address cyber security threats and issues. There website is https://cert.gov.vu/
CERT offers additional information that might be of use to you:
- Login Best Practice: https://cert.gov.vu/index.php/resources/guides/130-login-best-practice
- Public Wi-Fi Safety: Considerations https://cert.gov.vu/index.php/resources/guides/124-public-wi-fi-safety-considerations
- My 7 Best Practices on How to Stay Secure: https://cert.gov.vu/index.php/resources/guides/126-my-7-best-practices-on-how-to-stay-secure