Online hackers are making the news more and more often for compromising the data of major businesses and even threatening Canada’s national security, but they also make daily attempts at Canadians’ personal accounts and information.
As cybercriminals become more sophisticated in their tactics, protecting your personal information is increasingly critical – and it’s not always intuitive. Here’s what we learned from talking to two experts about how to know when your personal information has been compromised, what to do about it, and how to prevent it.
What does hacking look like, and what is ‘phishing?’
According to Randy Purse, senior cybersecurity advisor at Rogers Cybersecure Catalyst –Toronto Metropolitan University’s centre for training, innovation and collaboration in cybersecurity, most people don’t actually get “hacked” in the official sense of the word. Instead, the largest threat to average Canadians are social engineering attacks. Rather than access your data through traditional hacking strategies, which can be very difficult and require a lot of technical skill, these attacks attempt to access your data through human interaction.
The most popular type of social engineering scam is “phishing,” where a user receives a text message or e-mail either pretending to be someone the person knows or an organization they’re a part of. The goal of a phishing message is to get the user to either click on a malicious link, or share their personal or financial information.
Other examples can be receiving a call from someone claiming to be from your financial institution asking for account information through the phone, or an e-mail warning a user that their device is infected with serious malware, prompting them to install a malicious program.
What are the signs something is wrong?
Be suspicious if the offer seems too good to be true, or you’re being asked to share personal information. And most importantly, take your time when making a decision. If you receive a message claiming to be from a person or organization you know, reach out to them through a different communication platform to confirm or deny the message.
“While scams used to be easy to spot, tactics have become increasingly believable. Scammers will take the time to browse your social-media accounts in order to impersonate someone you know, with the goal of tricking you into revealing sensitive personal info,” said cybersecurity expert and director of Telus online security Leigh Tynan. “Cybercriminals are also using technology like AI [artificial intelligence] to evolve their tactics.”
Other signs to look out for are grammar or spelling mistakes in a message, an unfamiliar or unusual e-mail or website domain, or an unrecognized phone number.
If you think you’ve fallen victim to a social engineering attack, stop all communication with the scammer, report it to your local police and the Canadian Anti-Fraud Centre, notify your financial institutions and businesses where your info may have been compromised, and change your passwords.
How to keep data and devices safe
While social engineering attacks are more common, actual hacking attempts do happen – either directly to a user’s accounts, or through a third-party organization that holds your valuable data, like a shopping website where a user might have their credit card and address saved.
One of the main methods to secure your data is to use strong passwords. Though it’s easy to use the same password for multiple accounts, it greatly increases the chances that your data could be compromised. If only one of those accounts are hacked or included in a data breach, every other account could be at risk. If you have trouble remembering longer passwords, use a password manager, like Dashlane or NordPass, to store all your unique passwords in one place.
Purse and Tynan recommend enabling multifactor authentication on all your accounts as well. MFA is a security measure where you confirm your login through another program, application or device. This could be a confirmation code sent to your phone or an authenticator app, a request for a face ID, or a physical confirmation device, like a Yubikey. Even if a hacker gets your login information, they would have a significantly harder time getting into your account if MFA is enabled, since they would require access to the secondary account or device.
Most apps and websites either require MFA to login, or have an option to set it up in its security or login settings. Apps such as Google Authenticator are a great free option to generate MFA codes.
Here are more steps you can take to help keep your data safe from hackers:
- Avoid using public WiFi networks, which can be unsecured and vulnerable to attack. If you absolutely have to, use a virtual private network, which encrypts your data and helps to hide your sensitive info.
- Regularly back up personal and critical information on separate devices, such as USB sticks or external hard drives, without internet connection.
- Review your privacy settings on your social-media accounts, and be wary of accepting follow requests from accounts you don’t know.
- Install reliable security software, such as McAfee or Norton Antivirus, on all your devices. The Canadian government’s Get Cyber Safe web page includes tips to keep your devices safe, including laptops, smartphones, gaming systems and internet-connected home appliances.
Experts say two things preventing a lot of Canadians from enacting these cybersecurity measures are either a belief they wouldn’t be affected by cyberattacks, or a lack of confidence in their technical skills to prevent them. But taking a few of these simple measures can be easy and have a huge impact.
“We wouldn’t consider leaving our homes without locking the doors,” Tynan said. “So why wouldn’t we treat our most valuable possession – our identity – the same way?”