Some of the things people do online – posting photos of their credit or debit cards on Twitter, for instance – are hard to believe. But even sophisticated Internet users often make elementary security mistakes such as reusing passwords.
Hosting specialist UKFast has revealed the top ten cyber security gaffes of the year so far, highlighting the shocking levels of ignorance amongst the public when it comes to online security.
Stuart Coulson, director of data centres at the Manchester, UK-based firm explained that although some people may laugh at the major security mishaps of naive web users, many of us underestimate the value of the information we post online and the serious implications if it’s compromised.
Over-sharing hands access to cybercriminals
Coulson said: “As a society we rely on technology more than ever nowadays. We communicate through social networks, pay bills and manage our bank accounts online, and carry a wealth of personal data around with us on our mobile phones.
“We are so comfortable sharing information on the net that people don’t realise that their over-sharing could hand cybercriminals access to their bank accounts and leave them vulnerable to identity fraud.”
Here’s UKFast’s shortlist of biggest cyber security blunders:
1. Not realising the value of images you post online
Accounts like @NeedaDebitCard are highlighting how oblivious to risk many users are, by retweeting photos Twitter users have posted of their credit and debit cards.
With card details in the image including cardholder’s name, number and expiry, cybercrims are left only to decipher the cv code on the back – which has only 1,000 possible combinations.
2. Sharing your contact details with the world
How many times have you seen a message like this pop up on your Facebook feed: “Hey guys, I’ve got a new mobile, my number is 07890 123 456. via Facebook for iPhone”?
This user has just informed the world – on their unsecured Facebook account which grants everyone access to their timeline – that they have a shiny new iPhone and how to send targeted spam to them on it. And if they have location services enabled, they are also telling phone thieves where they can find a shiny new smartphone.
Which leads us to…
Sharing your arrival in the Bahamas on FourSquare, tweeting with location services enabled from the airport as you set off for “two weeks in the sun” may seem like innocent boasting but in conjunction with a previous check-in at “home” you have just told the world where your house is. And that it will be empty, and free to burgle, for two whole weeks.
4. Type your password here
Moving away from social media, password security is a key factor of all online security but how freely do we give them away? Sites that offer free password strength checks are, more often than not, data-mining exercises that trick users into handing over their log-in details for everything from Facebook to your online bank account.
5. Password re-use
While on the topic of passwords, how many different passwords do you have? Having one password that you recycle across all of your online accounts means that once one account is compromised, hackers can use the same password to access every account – and do what they please online while pretending to be you.
6. QR codes
Now a ubiquitous marketing tool in most modern countries, the QR code is a 2D image that is scanned by a mobile device’s camera, launches the web browser and opens the webpage to which the code is linked.
These codes appear on stickers on the underground, flyers in the street and social media avatars and we scan them without knowing where they lead – could be to a marketing campaign, could be to a malware download.
7. Public computers
If you stay logged in on a public computer, whoever uses the computer after you has access to that account. Yes, this applies to the iPad that you logged into Facebook on in the Apple store.
8. Public wifi
When using public wifi your connection is unsecured. Anyone can simply jump aboard and find out what you are doing on your device. Public wifi is therefore definitely not appropriate for online banking.
9. Dodgy downloads
Despite warnings since the dawn of the internet, web users are still downloading files, software, or apps despite having no idea what they are or where they come from, potentially infecting their devices with malware or spyware for example.
Link shorteners like bit.ly are an essential part of sharing the latest news with the world on social networks, but how do you know where the link leads to? It could take you to a dodgy download or load a strictly NSFW website.
- Free WiFi can lead to identity theft, hijacked accounts (infographic)
- Consumer Reports: Four tips for creating stronger passwords
- Two new exploits aimed at Facebook and Twitter users
- 25 most hacked passwords of 2012 and 3 tips for better ones
- LinkedIn, eHarmony confirm millions of passwords leaked
© 2012, TechJournal. All rights reserved.