Security by Design
9th November 2020
Phishing campaigns are undoubtedly the most common form of cyber crime and usually take the form of a scam e-mail, with the aim to distribute malicious links or gain sensitive data such as bank account details.As you can imagine, in the lead up to summer, phishing emails containing tempting holiday offers, great flight deals or even medical and travel insurance are rife.
Remember, if it seems too good to be true, it probably is! Be vigilant if you receive an email that doesn’t quite look right – check the sender address, any grammatical errors and verify any links included by hovering your mouse over the hyperlink to see the full URL.
If you would like more information on how to spot these scam emails, then be sure to have a look at our annotation of a real example of a phishing campaign received and spotted by one of our employees here.
When you go to book your holiday, it is integral that you book it through a safe and secure website from a trusted company. Ensure that you go directly to the official website of the company – if you are in doubt, the website address should have ‘HTTPS’ included.
When travelling, it’s often tempting to use public WiFi – whether you want to share your holiday snaps or make an online purchase, virtual hotspots are so widespread individuals tend to connect to them without a second thought. However, there are multiple risks to connecting to unsecured and unverified WiFi networks. These risks include:
These attacks are often compared to eavesdropping. When your device makes a connection to the internet, data is sent from your device to the intended website. If there are vulnerabilities in the connection, then cyber criminals are able to enter these transmissions and consequently gain access to your mobile data…
If encryption has not been enabled for the network you are attempting to connect to, then you are unable to protect your data as it gets sent to the wireless router. Unfortunately, there is no way to ensure whether this unknown network has encryption turned on – hence the need to be wary of public WiFi!
This is where victims are tricked into connecting to what they think is a legitimate network, usually because of an official sounding name. By connecting to a rogue hotspot, cyber criminals are then able to access your sensitive data.
Sometimes, you may not have any choice but to connect to a public WiFi. If you find yourself in this scenario then we strongly recommend that you set up a Virtual Private Network (VPN). By using a VPN, a secure tunnel is created which encrypts the data sent and received whilst using public WiFi, ensuring your data is safe from prying hackers.
Installing adequate security features on your devices whilst on holiday mitigates the potential consequences if your phone or laptop is perhaps left unattended or stolen. We recommend using original passwords for all accounts – You can use a password manager like LastPass to generate strong passwords, whilst also making sure they’re not repeated on multiple accounts.
We would also strongly advice using Multi-Factor Authentication (MFA), this setting simply requires further proof of the user’s identity rather than just a static password. By turning this feature on, an extra barrier and layer of security is provided. According to Microsoft, MFA can block 99.9% of account compromise attacks. Best of all, this feature is usually free and available for most popular apps.
In the age of Instagram and Facebook it’s become somewhat normal to update your network whilst your away, however, it is becoming increasingly unwise to broadcast where and when you are going on holiday. Not only are you advertising when you are not at home, you are also letting potential hackers know that you may have left sensitive data unsecured.
We recommend posting your holiday experiences online when you return to discourage cyber criminals from targeting you when you are perhaps at your most vulnerable.