In today’s global world, evolution has become a major part of life that we must keep up with. Just as technology comes with its gift and blessings, so does it come with its dark side—Cybercrime. With global evolution, the internet has become an integral part of our everyday life that we can’t do without.
Cybercrime, also called cyber-attack, is a social crime that involves devices over a network. This attack occurs primarily over the internet, where a host attempts to compromise another to extract information, theft and fraud. Not all cyber-attacks are aimed at individuals. Some are aimed at a group of people, an organization or numerous devices.
It is important to note that an individual can fall prey to cybercrime to attack the victim’s organization, family or friends. This is why some individuals are attacked and they won’t notice that they have been compromised until it is too late.
My focus will be on cybercrimes that are particular to individuals. Examples are social engineering, malicious attacks, identity theft etc.
To explain each of these common cybercrimes, we will analyse different scenarios and discuss how to prevent them.
Ade wanted to save Instagram pictures and videos. He found a third-party Instagram saver Application online and downloaded it. On installation, the Application requested for permissions to his phone which he allowed without reading through. After installation, he launched the App and was requested to login to his Instagram account from the App. To login, he entered his login details but it kept telling him his password was wrong. Ade, being a smart young man, used different passwords for different social media accounts, so he kept trying all his passwords.
In annoyance, he uninstalled the App and never used it again. A few days later, he received a notification that he is attempting to log in to his email account. To his surprise, the login attempt was pinned at faraway Australia. Who was trying to log into his account? How did the person get his login details? These were the questions spinning in his head.
Let us analyse
In his quest to find an Instagram saver he stumbled on a third-party app that has no review and has not been entrusted as a native App. Third-party Applications are usually found on random sites. Anyone can drop an Application on these sites, be it a legit or a malicious Application. These Apps are most times not tested by the site host.
Ade allowed the Apps permission to access his phone’s contacts, messages, microphone, camera etc. A lot of these permissions are usually needed for an Application to function. But then, what does an Instagram saver need all those permissions for?
The Application redirected him to a supposed Instagram login page to allow Instagram permission. He didn’t check to confirm if the site was really an Instagram site, he proceeded to log in. Being an illegitimate site, he couldn’t log in but he kept attempting to log in with all his possible passwords. After a few days, his account was accessed somewhere else.
This was what happened; the attacker already created a clone site which was the supposed Instagram site Ade tried to log in to. These clone sites look exactly like the original site but with little differences. Such clone sites will usually have a different domain as against the original sites. For example, the original INSTAGRAM site is http://instagram.com. The cloned site could be instagam.com, Instagram.mobi, Instagram.nip.com etc. Do you notice the difference in the domain name and the introduction of a sub-domain? It is important to be vigilant and look closely at a link before accessing it no matter how familiar it looks.
Ade was attempting to login to Instagram site unknown to him that it was a cloned site. The clone site does not have his credential in its login database, so no access was granted. Unknown to Ade the site was storing every credential he entered in his attempt to login. In just a few minutes, the cybercriminal already had a lot of his account credentials.
Ade didn’t know, right? This is how a lot of internet and App users fall victim of credential theft. The attacker, having saved enough details proceeded to other online accounts. In Ade’s case, the attacker gave him a few days, hoping he didn’t have a reason to change his account details before attempting to login to his mail account. He would have tried all the credential options he got to eventually gain access to his mail account. This becomes more dangerous as the attacker would have reset his password. Ade will not be able to access his email again.
Do know that often time we have too much information in our mailbox? Including bank details, personal information, and lots more
How to prevent it
· Always check the permissions before downloading an App
· Read App reviews before download
· Don’t download pirated/cracked Apps
· Don’t download from third-party sites
· Confirm legitimacy of a site’s link before login
· As Ade did, have different credentials for different accounts
· Always enable 2-way authentication on all accounts
· Stop being nonchalant about technology
· Set notifications for your mailbox or account, especially ones related to account access.
TO BE CONTINUED…