Curtin alumnus Andre de Moeller-Samarin
Every year, cyber criminals receive more gifts than anyone on Christmas in the form of login credentials and credit card details.
It’s the season of phishing, that time of year we can get tricked into unknowingly giving away our personal information.
Phishing is the most popular and lucrative method when it comes to exploiting the weakest link in cybersecurity – humans.
Research shows that 90 per cent of all data breaches occur due to phishing, with online shopping causing a sharp increase in such attacks.
Why do more people fall victim to phishing scams this time of year and what can we do to safeguard ourselves from getting caught?
As we buy gifts for our loved ones and friends over the holiday period this can lead to us becoming more susceptible to these attacks.
Here are my top three tips for staying safe online during the festive period.
1. Think before you click.
Have you received an SMS with a strange looking website URL? Chances are, it’s probably a phishing scam.
Always take a step back and cross reference site URLs and email addresses, even if it looks real, because attackers can get extremely crafty. This is how cyber criminals hook their victim.
For example, it’s important to be aware that even URLs that end with .com or .com.au can still be malicious, as anyone can buy these domains. For those URLs you can’t see, such as those located in buttons, make sure to right click ‘Copy Link Address’ and then copy and paste the link into a new tab so you can see what it is and verify it. Secure sites will always start with https:// but this doesn’t always guarantee legitimacy.
2. Never give out personal information.
You should never share personal information such as passwords or bank details over the internet on untrusted sites. If you crossed referenced a website URL and email address but are still unsure, you can always call up the company in question to check.
3. Bolster your personal security arsenal.
Multi-factor Authentication (MFA) is a great way to enhance your personal security.
The most popular methods of MFA are authenticator apps, email and SMS, all of which provide users with random codes that require a login, even after entering a password on a website. This ensures that if an attacker gets their hands on your login credentials, they would still be required to access your authenticator app, phone or email to receive the unique code that would allow them to login.
My top MFA apps are Google Authenticator and Microsoft Authenticator.
This holiday season, ensure that you’re aware of the methods attackers use to reel you in and get you hooked. No one wants to wake up on Christmas Day with an unwanted bank withdrawal or find out they’ve been locked out of all their accounts. Stay safe and remember – think before you click.
Written by
Andre de Moeller-Samarin, Security Engineer at VGW
Graduating from Curtin with Bachelor of Science (Computing) in 2021, Andre currently works as a Security Engineer at VGW Holdings Ltd and has held previous roles at Deloitte and SecDim. In 2019, Andre was an Administrative Support Officer at Curtin where he ran several cyber security and coding workshops and later became a Sessional Academic.
