Stranger Danger: how not to get into trouble online

Shannon Saxby, Senior Consultant
KPMG Forensic
In today’s tech driven society, where ‘automation’ and ‘AI’ echo throughout the office, cyber based attacks are increasing. Unlike what Hollywood would have you believe, the attacks aren’t from a Guy Fawkes’ masked renegade hacking government servers. Instead, it’s the opportunistic and organised who prey on the naivety of humans, to gather personal details through ‘phishing’ or inflict ‘ransomware’, a form of blackmail, where data is held for ransom until payment is made.

While companies rightly invest considerable resources into IT security controls, unfortunately, the weakest link in cyber protection is the human element. Growing up, our parents teach us golden rules to protect us from the big bad world. However, as we grew up, we do not seem to apply this same wisdom in the virtual world.

 “Don’t get into a stranger’s car”

Children are taught not to get into a car with a stranger, yet we willingly enter the information motorway cruising on free WiFi networks offered by cafes and stores. This creates an opportunity for networks to be ‘spoofed’, in other words, creating fake WiFi networks. Customers will order a coffee and join what appears to be the free WiFi offered by the café. Once on this fake network, the ‘spoofer’ is able to intercept the websites visited, along with any login details, such as usernames and passwords.

As society becomes more accustomed to these perks, like the lure of a chocolate cookie being held out of a white van, greater consideration needs to be given on who you are hitching a ride from in the online world.

“Don’t take candy from a stranger”

Kids are told to say no when offered food or a drink by a stranger. Yet, adults will happily open emails from people they have never met and click on the links within. Whether it’s a ‘Nigerian Prince’ sharing his inheritance, or an electricity bill from a provider you don’t have an account with. While these types of attacks are nothing new, what has changed is the level of deception. Scammers will send an email perfectly replicating one from your bank attaching a fake monthly statement. Opening this file could redirect to a new website or install software allowing your computer to be externally accessed.

Children are told to never accept anything from a stranger and the same approach should be used when receiving unsolicited emails as this will go a long way in preventing a device being compromised.

“Don’t trust a stranger”

When our parents took us to a playground they told us not to trust a stranger, especially one who needs help finding a lost puppy. This is one of the earliest forms of social engineering training you will experience. Often it’s believed a hack has occurred, but a post mortem finds that the system was never compromised. Instead, access was gained by someone falsely portraying who they were. By having a presence on a number of social media platforms, your life can be collated and pieced together by anyone. Armed with a personalised backstory, it’s possible for a person to pose as someone you work for manipulating you into bending the rules to help a ‘mate’ out. It’s common for someone to pretend to be a CEO of a company and pressure an employee to urgently action something.

There is hope

For many, “all things technology” is overwhelming and stressful; while for others who have grown up in this tech revolution its second nature. While there is no guaranteed protection, it is possible to reduce the risk of harm from cyber-attacks.

Be alert. Go back to basics.

Don’t forget the simple lessons of your childhood: be cautious of the WiFi you’re free-riding on; question emails from strangers; and double check who you are talking to when sharing business or personal information.

Add Comment