Log in
Updated few hours ago

How to stay ahead of online fraud?

Every day you are fighting a cyber-war and may not even know it. The internet has abolished borders and we are all interconnected so this gives hackers easy access to you from any part of the globe and keeps them anonymous.

According to a 2018 Global Economic Crime and Fraud Survey report, (GECS) by PricewaterhouseCoopers Uganda, 31% of Uganda respondents reported having experienced cybercrime in the past two years. 

The report also stated that 7% of Ugandans are unlikely to report cyber-attacks to the Ugandan law enforcement agencies either because they don’t believe the government has the expertise to do anything about it, out of shame or out of a lack of trust for the government.

Hackers attack the people that make it easy for them so you have to take this “cyber war” personally and protect yourself and not wait for the government to do it for you. How strong your defense is will depend on if you already adhere to the precautions we will be discussing below.

Install an Antivirus 

Antivirus programs scan incoming files before they enter your device. The antivirus program has a pre-installed database of known viruses, so it scans incoming files to look for a match. This is the reason why you have to keep updating your antivirus program because with every update, the database of known viruses is updated.

Antimalware programs are also a class of antivirus programs. They specialize in uprooting already installed viruses and closing any backdoor channels the viruses would have created.

Go for a reputable brand of antivirus that has been around for a longtime, to avoid fake antivirus programs circulating in the market.

Update your smartphones software promptly

Every now and then, your smartphone prompts you to update its software. This is because new security patches are available. A security patch could be deployed by the software developer due to reasons such as an error being discovered in the old software code.

Antivirus only detects malware and stops it from executing on your device but patching security holes works on the core of your device software and strengthens it so that the antivirus can do its job better.

If you don’t update your device software when prompted, a hacker can design a virus that can avoid detection by your antivirus program. So both antivirus and security patches work in tandem.

The software updates to patch software holes should be carried out without delay, as your smartphone could be breached by hackers during the delay period.

It doesn’t matter if you use an Apple, Android or windows smartphone, you need to update the software whenever you are prompted to do so. 

Use different strong passwords across different Apps

If your password is something as simple as Password123@, it is very insecure and easy to guess. A strong password should contain capital letters, numbers and special characters. The idea is it should be difficult to guess for example @!Gp0z%mY4a.

A report by Safe Forex Brokers found that most of the security experts suggest that you should use passphrases instead of passwords. A passphrase could be something like “I @m 0n a pl@ne g0ing to Ug@nd@ for hol!d@y”. 

This passphrase is 34 characters long and has spaces in between. It is also easy to remember because it is a phrase which means I am on a plane going to Uganda for holiday, just that the “a” has been replaced with a special character “@” and the “I” with “!” etc. 

Cyber-security experts say it will take a password cracker decades to decipher a password phrase and just seconds to decipher a weak password. They also warn not to use the same password for all of your accounts and suggest downloading a password manager to help manage all your passwords.

Activate Two Factor Authentication (2FA)

Hackers work remotely and could get your password through methods including brute force hacking or by social engineering. This is where 2FA comes in. 2FA demands another form of authentication in addition to your password. It requires you to key in a verification code sent to your phone via SMS or email.

Covid-19 lockdowns saw many Ugandans turn to online Banking and investing because of the restriction of movement at the time. Some did so without proper risk & security management in place.

According to research by Safe Forex Brokers, there was almost 300% increase in online trading volume with retail brokerages in Africa during the pandemic. And there was nearly a 400% increase in active traders in the same period of the last 2 years. 

The report suggested that during the Covid-19 lockdowns, most new online investors who have started trading online for the first time are at increased risk of being scammed & hacked. 

Most of the new traders don't activate basic security features like 2FA on their trading apps for important activities such as withdrawals, so they were vulnerable. If the hacker is able to get hold of their passwords, they easily log in, deactivate notifications, and link hacker-controlled email accounts, and withdraw funds anonymously in their crypto wallet if the broker offers this method. 

The investors were not aware because notifications were turned off. If 2FA had been activated on the App, the hacker’s efforts would have been thwarted as the App would have required a verification code before the transfers were affected. The code would have been sent to the mobile phone of the victim.

Crypto currency traders in Uganda have also been targeted by phishing emails. These emails contain links that redirect the victim to a fake crypto currency landing page. Once they attempt to log in by supplying their crypto keys the landing page times out but their keys have been harvested by the hacker who goes ahead to empty the victim's crypto wallet.

Use safe web browsers

A safe browser is one equipped with additional security features than the regular browser. They watch out for, detect, and stop malicious third-party activity while you are browsing. Once they sense any activity that is not on their whitelist, they halt it immediately thus keeping you safe.

Safe browsers don’t wait till a virus has landed in your system before they act, instead they try to prevent the landing. Safe browsers don’t share your identity and prevent cookies from harvesting sensitive data about you. They also prevent browser fingerprinting. 

Some safe browsers in the market include Google Chrome, Firefox, Chromium engine-based Brave, and Tor.

Google also maintains a list of unsafe websites under the Safe Browsing project & they issue over 2 million warnings to users every week as per their status page. This project is used by major browsers to block phishing & suspicious websites. You can also report any fake website.

Limit information you share on social media

Research has shown that over 50% of online frauds have origins from social media. When you share sensitive information about yourself on social media, a scammer can use that information to profile you and customize a fraud that fits your profile. 

Your office history can be gotten from LinkedIn, geo-location on Instagram can tell the hacker where you were at a given time etc. This is information the scammer needs to launch an attack against you.

A hacker trying to guess your password may be asked security questions. The answers to these questions can be deduced from information you reveal on social media. For instance, the answer to a question like “what is the name of your spouse?” can be gotten from your relationship status on Facebook. 

Think before you click

According to the 2018 GEC report by PricewaterhouseCoopers Uganda, 1 in 3 of cyber- attacks in Uganda were either malware of phishing attacks.

Scammers will try to get you to reveal personal details by sending you phishing emails and SMS messages containing links. They can get your email by conducting social engineering or via email extraction Apps such as Hunter.io and email extractor pro.

If you receive a suspicious email containing a link, hover your cursor above the link and the true destination URL will pop up. For a malicious mail, the destination URL will be different from what the link is about. If you get such a mail, delete it immediately.

Also avoid clicking on popups that tell you a virus has been detected and your device needs to be scanned, as it usually an attempt to land malware on your device. While on the internet be cautious and before you click, think. 

Avoid Public Wi-Fi

We all love free Wi-Fi but it can be used as a watering hole. Hackers target popular public places like hotels, gyms, and parks etc., where free Wi-Fi is offered by the management of those places. 

The hacker spoofs the Wi-Fi of the location he is at, by creating an identical Wi-Fi connection using the same name of the original one. The hacker’s Wi-Fi is usually free and will not be password protected so as to bait his targets.

Once you connect to the spoofed Wi-Fi, everything you do can be monitored by the hacker and your passwords and credit card information can be harvested.

Don’t make it easy for them

The fact is that hackers are out to ruin you so don’t make it easy for them. Once you have been hacked, your information could be floating around the dark web, and you risk repeat attacks which may be more sophisticated.

It is better to prevent any data breaches by practising good web hygiene which means practising everything we have discussed in this article. 


Comments are now closed for this entry