On Thursday, November 28th, we discussed the risks the average person faces when going online today.
Chris started by referencing her notes from the Club’s 2021 presentation on Internet security, noting that many of the points remained true: e.g. That most of the risk assessment was in the corporate sphere and there was little information about the risks faced by individual users. She quoted from a Scientific American article:
“The main source of information about online scams and what to do about them is from security experts. However, recommendations offered by these experts turn out to be inconsistent”
Security experts cannot agree on the measures people needed to be safe. 41 experts asked to list their “top five” came up with a total of 118 unique pieces of advice.
https://javeacomputerclub.com/2021/03/18/internet-security-and-privacy-2021/
However, some things have changed. With AI, deep fakes, the proliferation of social media and mobile devices, “Phishing” scams have broadened in scope and become more prevalent and sophisticated. (By the way – someone asked what “Catphishing is: “A catphishing scam is a type of online deception where someone creates a fake persona on a dating app or social media platform in order to form a relationship … ) Chris forgot to mention the roll-out of “Two step verification” which greatly improves the protection of e-mail, banking and other online accounts.
We looked through the safety tips suggested by Malware Bytes :
https://www.malwarebytes.com/cybersecurity/basics/internet-safety-tips
.. and had an animated and sometimes technical discussion about the risk of being hacked in an airport by a Man in the Middle attack: Peter explained how it works. Basically, a bad actor sets up a fake WiFi network in an airport and passengers are fooled into connecting to it, instead of the real WiFi. In theory, the bad guys could then monitor, interfere and modify your internet data unless you use a VPN. However, what happens in practice? What is the actual risk?
After the Club session, Chris did some sleuthing to see if the real-life risk had been assessed and found this recent article: Why it’s time to take warnings about using public Wi-Fi, in places like airports, seriously https://www.cnbc.com/2024/09/29/its-time-to-take-warnings-about-using-airport-public-wi-fi-seriously.html
A commentator quoted in the article said ” …attacks are “definitely” occurring with regularity in the United States,” – i.e. no-one seems to know the degree of risk. The article described an attacker caught in Australia recently (it’s rare for these people to be apprehended). The attacker’s strategy was relatively simple: “When people tried to connect their devices to the free WiFi networks, they were taken to a fake webpage requiring them to sign in using their email or social media logins. Those details were then allegedly saved to the man’s devices.”
So, he was not using sophisticated software to monitor the victim’s internet traffic. Instead, he had set up a plain old phishing trap, fooling users into giving him their Social Media usernames and passwords. No VPN would have protected the victims from being tricked. Chris reported that she knew of two young people who had had their Facebook and Instagram accounts “stolen”, possibly in this way. The Instagram account could be retrieved, but not the Facebook ones.
This article defines classical Man in the Middle (MitM) attacks and gives some examples: https://www.csoonline.com/article/566905/man-in-the-middle-attack-definition-and-examples.html It says: “… based on anecdotal reports, … MitM attacks are not incredibly prevalent,” says Hinchliffe. “Much of the same objectives—spying on data/communications, redirecting traffic and so on—can be done using malware installed on the victim’s system. If there are simpler ways to perform attacks, the adversary will often take the easy route.”
It also points out that: Greater adoption of HTTPS and more in-browser warnings have reduced the potential threat of some MitM attacks. In 2017 the Electronic Frontier Foundation (EFF) reported that over half of all internet traffic is now encrypted, with Google now reporting that over 90 percent of traffic in some countries is now encrypted. Major browsers such as Chrome and Firefox will also warn users if they are at risk from MitM attacks. “With the increased adoption of SSL and the introduction of modern browsers, such as Google Chrome, MitM attacks on Public WiFi hotspots have waned in popularity,” says CrowdStrike’s Turedi.
That’s all very comforting. On the other hand, there seems to be a rash of phishing scams doing the rounds. e.g.
- “Parking Ticket”: Don’t scan the QR code it’s a Scam ! It purports to be a note from the Spanish police saying that your car is badly parked and that you should scan the QR code to see your fine. The code will create a link to a Phishing site or Malware App.
2. WhatsApp verification code scam. https://euroweeklynews.com/2024/11/26/beware-of-new-whatsapp-scam-spanish-police-issue-urgent-warning/
2. Apple ID phishing e-mail: https://www.dailymail.co.uk/sciencetech/article-14127769/apple-id-scam-iphone-users-suspended-warning.html?ito=native_share_article-nativemenubutton
3. The BBC is running a series called “The Scam Interceptors” – This is a team which intercepts phone call phishing scams..
Also, be careful what you install. There are even some dangerous apps on Google Playstore – these include free VPNs: https://www.forbes.com/sites/zakdoffman/2024/11/23/google-play-store-warning-do-not-install-these-free-apps/
Chris reported a really elaborate scam, in which fake scientific journal websites had been created. These are cloned copies of the real thing: Papers published on the cloned websites appear to have content recycled from other sources. The company will most likely offer to publish papers in legitimate and reputable journals, but submitted papers will instead appear on cloned versions of the websites. This new scam represents high-quality fraudulent websites, with a remarkable resemblance to legitimate ones, capable of deceiving even experienced researchers. https://retractionwatch.com/2024/11/25/exclusive-new-hijacking-scam-targets-elsevier-springer-nature-and-other-major-publishers/
Have your e-mail account details been exposed to the world? Visit https://haveibeenpwned.com to find out. This lists e-mail accounts and/or passwords which have been stolen from on-line databases and shared publicly for anyone to see. This site is said to be encrypted and safe. Chris later tested her several Gmail accounts and the oldest appeared in 5 “breaches” and another in one breach. However, not to panic:
- The “breaches” often consist merely of lists of usernames and e-mail addresses for logging into online services or subscriptions such as travel sites, newspaper subs. etc. Sometimes millions of accounts are involved: e.g: a Facebook breach in 2021 consisted of 509,458,528 compromised accounts revealing the following data: Dates of birth, Email addresses, Employers, Genders, Geographic locations, Names and Phone.
- None of Chris’s important passwords had appeared in any breached list. Unsurprisingly, the password “123456” had been breached 42,563,603 times! (Some mothers do have them).
- Chris uses Two-step authentication for her e-mail accounts. It would take a determined, skilled bad actor with time on his hands to steal them. Hackers tend to go for “High Value” targets. i.e. people who have important information worth stealing and selling!
By the way, you may think you are safe if you use a Password Manager – but they have been hacked too! https://bestreviews.net/which-password-managers-have-been-hacked/
In conclusion: These days, hi-tech hacking seems to be directed more towards the corporate, political and military spheres. The average person in the street has to be vigilant so as not to be fooled into giving away important personal information to tricksters and fraudsters. Downloading and installing unsafe software could give control of your device to a thief. Beware the Artful Dodger!
Chris Betterton-Jones – Knowledge junkie