Safety first in an increasingly dangerous cyber world

Vincent Blaauw Articles
Please Share

person in black hoodie wearing white maskWe live in a time of increasing cybercrimes. Hackers and scammers are becoming smarter and malicious software are on the rise. Antivirus and Security suites do help in certain scenarios but the main problem is our habits.

We will be covering a few different things that can possibly assist you to avoid an expensive mistake.

Proof of payments

It is becoming increasingly easy to quickly compile a proof of payment PDF.

There are 2 things I want to bring to your attention here.

Firstly, PDFs and email links can potentially contain malicious code which can harm your PC.

Be very wary of where an email comes from, is it someone you know? Does the email look suspicious?

Secondly, make sure that if you are receiving proof of payment that it is sent from a legitimate financial institution’s email address and not from a client or scammer.

Be wary of email addresses from institutions with a different domain in the email address eg. Google. fnb@gmail.com is a good example of what not to trust but finance@fnb.co.za looks to be fine, but can also be spoofed (See below video). The main thing to look out for here is the characters after @. the name should normally match the institutions’ website with no special characters in i.e. finance@fnb1.co.za or admin@223fnb.co.za is very likely to be a scammers address.

Also .co.za is South Africa’s default domain. Be careful on any other domains i.e. finance@fnb.net or finance@fnb.co.au could be either a legitimate website from a different intuition elsewhere in the world or again be a scammer’s website.

Even if you receive proof of payment DO NOT release goods before the payment actually reflects in your bank account even if the above steps have been followed there are clever ways that scammers and hackers can hide where an email actually comes from and disguise it with a valid looking email address.

I can highly recommend watching the following YouTube video from ThioJoe relating to the above-mentioned securities.

Email Links

Have you ever received an email stating your account has been hacked and you must immediately click on a link to correct it?

The chances are very high that this is a scammer.

If you suspect that your account has indeed be hacked or just want to steer on the side of caution when receiving such an email NEVER click on the link provided.

Rather go to the official website of the suspected site, log in with your account details, go to your profile, and change your password.

A lot of websites also provide 2 Factor Authentication (2FA) and it is highly recommended that you activate this wherever and whenever possible. This will include either an SMS / Email key each time you log in or an app on your phone like Google Authenticator.

Passwords

Passwords are a very important but very neglected part of most people’s Cybersecurity.

Here are a few hints and recommendations.

Never use a password for more than 1 website.

Never use only alpha (i.e. Jackjohnson) characters or only numbers (i.e. 1243) and have it as long as possible.

At the very least keep a Password protected Excel with passwords.

If you want to use a free route, use something like Lastpass password Generator to generate a password for you (i.e. Pu52AC!LceQ97yq!$NWtHldX) https://www.lastpass.com/features/password-generator

or even better

Get a paid subscription to a service like 1Password (From $2.99 pm paid annually)

https://1password.com/sign-up/

How these work is you have 1 master password to login to the app and all your passwords are encrypted and safe on that database.

Again enable 2FA wherever possible

To see if your email address or cellphone number has been leaked on an online database you can use https://haveibeenpwned.com/

It will show you each website that your email has been compromised on and when the leak happened.

This helps for large leaks but just because your details don’t appear here doesn’t mean that you weren’t compromised on a website.

Backups

Local Backups

Smart-IT Backups both to the local PC and to our Cloud.

The local backup is stored on the server.
Make sure to have an offline backup I.E memory stick or external hard drive.

Why do I need offline backups?

If something would happen to your server I.E the server breaks or gets stolen. Then you have additional backups that you can restore to continue working/

Also, Malware and especially Ransomware are on the rise.

Ransomware takes your files, encrypts them with a password so you can no longer access them.

This includes your Smart-IT database.

They then demand an amount of money (They normally want Bitcoin) and give you a very limited amount of time to pay them which after the period will be locked forever.

If you have offline backups on a secure backup server and have not been attacked by ransomware, you can use these backups to recover your data.

Cloud Backups

Also, make sure that your Cloud backups are enabled in Smart-IT.

To check if the backups are enabled, open your Smart-IT backend on the server PC.

Click on the Options tab and check on the bottom right Check if Status is set to Enabled underneath SiCloud Backup.

If not click on the Enable button and follow the prompts.

As always be vigilant and happy browsing.