One of the biggest challenges in cybersecurity is convincing a co-worker or friend that a cybercrime could actually happen to them. We can feel as likely to get struck by lightning or win the lottery as we are to have anything seriously go wrong when clicking through a few emails.
Let’s start by explaining what cybercrime is, then what you can do to protect yourself. Cybercrime is a broad term for online and computer-based crimes. Here is a list of cybercrimes that the FBI considers to be more common:
Account takeover. A criminal takes over someone’s online account. This can be one of the most financially damaging online crimes. If a criminal can take over your email or social media account (like Facebook), they can send emails or post updates on your behalf that appear as though they came from you. Your trusting friends could be easily duped. If the criminal guesses your login information for an online shopping account, for example, unauthorized purchases can occur.
Spoofing and phishing. Emails that appear trustworthy try to trick you into providing sensitive information like credit card numbers or banking information.
Ransomware. This is malicious software (known as “malware”) that prevents you from accessing your computer files or using your computer, and a message is posted that demands you pay a ransom to get your files or use your computer. If your computer holds your only copy of particular financial records, important documents, or photos, this could be devastating.
What are the chances any of this could happen to you? Maybe it already has. Cybercriminals can be stealthy. For some real-world examples, consider this: In 2020 scammers sent emails with subject lines such as “Shalom aleichem” and “Blessings” to rabbis asking for gift cards supposedly on behalf of their congregants. Also that year a New Jersey synagogue was a victim of extortion where the criminals began leaking stolen data online until a ransom payment was made.
Most people do not think they are at risk, but it is a very good practice to take some precautions. You would not want to wait until something bad happens to prompt you to put cyber protections in place, just as you would not want to walk down a dark alley just to see if you come out the other side with your purse or wallet intact.
There are precautions you can take to protect yourself when on the Internet, but one of the most important defenses is free and effective. That defense is you and your skepticism of any email you receive or website you visit. That’s right. Antivirus software, web filtering services, and long/strong passwords are all useful, but pausing and considering whether a web link (also called a “URL”) or a file attachment is safe will serve you well. The slight downside is that you will need to be more awake and aware as you review your emails or browse the Internet. Attentiveness and a questioning mind will pay off.
Now that you are appropriately suspicious of file attachments and web links in emails, here are guidelines for helping to determine what is legitimate. No rules of thumb can reduce your risk to zero, but let’s at least lower your chances of falling victim to the criminals. Ask yourself these questions about any email you receive.
- Does the message have a tone of panic or urgency, and does it urge you to take an action?
That alone is a red flag. Consider carefully who sent the message and what the request is.
- Is the sender, even if a familiar friend or business, urging you to click a link or file attachment in that email?
Simply reading an email is considered safe, but clicking a web link or file attachment can cause trouble.
If you think an email from a business is legitimate, and there are links or file attachments included, go to their website directly in your web browser rather than clicking the link or attachment. For emails from local businesses like your bank that you are uncertain about, you could call them on the phone with a number you already have or take a printed copy to the local branch. This all takes time, but can save you a lot of trouble later.
- Does the message make big promises of financial gain or great savings? Alternatively, does it warn of big losses or penalties from your bank, the IRS, Social Security Administration, etc.?
As you have probably heard before, if it sounds too good to be true, it probably is. As for dire warnings, a legitimate business or government agency will not communicate critical information through email. Contact them through other means, as mentioned above.
To reduce the volume of emails you need to evaluate, unsubscribe from messages you no longer wish to receive. To safely unsubscribe, rather than click a link in the email (remember, that’s risky), see if your email provider has an unsubscribe option. Google and Yahoo provide an “Unsubscribe” selection which is located above the message.
Stepping back from your email to consider what is being requested, and exercising caution will help prevent you from being one of the thousands of people who have experienced a loss through cybercrime.
* * *
Scot Henry is the IT and Cybersecurity Manager for Milwaukee Jewish Federation.