With more and more of our social lives being lived online, it can be easy to leave personal information vulnerable, or fall prey to scams and tricks. From viruses to identity theft, it is important for students to know how to protect themselves against scammers and hackers.
Recently, scammers posed as companies looking to hire students on UNB campus, asking for students to provide them their Social Insurance Number (SIN).
Tim Martin, a cybersecurity specialist at Brökvisk Security, says that companies might claim to need it to create a unique identifier. He reminds individuals that you do not have to provide them with your actual last four digits, you can say anything.
“They do not have the authority to do so, they are not the government,” said Martin.
Phishing is another common tactic for hackers who target the student population. It refers to emails, messages, or texts sent by hackers posing themselves as trusted entities in order to steal an individual's data, like login information.
“Most of the time you’re going to be the victim of a small phishing scam,” said Martin. “Phishing happens to literally everybody.”
As students do not have a lot of money, they are not commonly a target for hacking. If you are working somewhere, such as in a research division, you might be targeted by someone looking to get that information.
Martin recommends checking the sources of these emails, asking if they are valid, and double verify, such as contacting them through legitimate channels.
Most people would not answer their phones these days unless they know who is calling them, but emails and texts can also be sent by scammers. Trust your gut when it comes to potentially untrustworthy messages or requests. If it feels too good to be true, it probably is.
“Especially if they are asking for very targeted information.”
When it comes to viruses, Martin said that you do not always have to go to a certified professional to get rid of them. They are fairly easy to remove yourself, simply by uninstalling them. As long as you have admin control it should not be too difficult.
Slowness is a telltale sign that your device has a virus.
“A lot of them are using your computer’s resources for whatever they are doing. The most common one is bitcoin mining,” said Martin.
You can check via your task manager, or whatever shows your systems resources, to see if there are any suspicious programs running. They usually use a name that will seem slightly less than legitimate. Martin said you can just google it to find out who made it and what it is.
Martin recommends the use of malware and virus protection applications, saying that they largely operate with the same effectiveness.
“It does not matter which one you have, you just want one, which is gonna catch 90% of the time whatever the problem is. All an antivirus program does is it has this big database of known viruses,” said Martin.
Martin uses Malwarebyte, but he says it is no better than the other ones. They also check whether the thing you download is bad or not, and if it is, the program would block it. Martin said you should also keep whatever antivirus program you have updated.
“There are ones for your phone as well, you can find them in the app store or Google play store,” he said.
Passwords, are a frequent topic in conversations of cyber security, as they can be found, hacked, or breeched. Martin recommends against reusing the same passwords for multiple websites.
“Have I been pwned” is a great website for checking if a password of yours has ever been leaked online. It lets you search via your email whether you have been affected.
At the beginning of November, Chrome became aware of a vulnerability and alerted users to update their browsers upon fixing the problem. Martin said that there are multiple parts to a browser, like Chrome, that users might not be aware of.
“There is a lot of stuff that happens in the back end that you are not really aware of, like how the browser interacts with the computer and how it interacts with the website. Or, if you’ve got extensions in there—ones that track prices for stuff on Amazon, remember your passwords for you, or block advertisements—those are all third party integrations that big companies like Google might vet them a little bit from their store, but thats still any area where you can get hacked or have issues,” he said.
Martin says that Google does have a Quality Assurance division for their browser whenever they put out a change. However, “if their QA department does not have a process yet for this new thing that’s available to be done, they’re going to miss it. They can only catch what they know to look for.”
“Overall your browser being an attack vector, meaning it is a method of which someone could attack you, is kind of low.” Once browsers know about it, there is only a narrow window of vulnerability as they are fast to update and fix the issues.
Uwera Nina Ntaganzwa, third-year UNB student in Software Engineering, uses DuckDuckGo as a search engine instead of Google, in an interest to preserve privacy.
“Unlike Google (and other major search engines), DuckDuckGo does not store IP addresses, log user information or profile users.” said Ntaganzwa.
Another area rising in cyber security concerns is social media. Martin used an example of his participation in a podcast, Hackable, where he was able to find a significant amount of personal information about the host just from data attached to an image.
Fortunately, social media sites like Facebook and Instagram do not store this type of data, like where the image was taken, but if you share the image via email or text that data can still be retained.
In an effort to be more secure and private, instead of using Facebook messenger, Ntaganzwa prefers to use WhatsApp and Telegram.
“WhatsApp has an end-to-end encryption which means that only you and the person you're writing to can read what's sent. Telegram has optional end-to-end encryption referred to as Secret Chats which can be destroyed after a conversation or automatically deleted if a timer is used,” said Ntaganzwa.
As well, Ntaganzwa said that Telegram has three layers of encryption compared to other apps that only have two layers. Telegram is also available for both mobile devices and desktop.