People around the world have their Internet credentials compromised every day, and Internet users in South Africa are no different.
This does not change the fact that if attackers manage to gain access to your online banking account, social media platforms, or hack their way into other sensitive areas of your life, it is usually your own fault.
While some hackers may target individuals due to their importance or personal significance, most South Africans who find their Bitcoin stolen, their Google account compromised, or their Facebook and Instagram taken over, have essentially handed over their credentials to their attackers themselves.
Whether it is through a database breach, phishing attack, or malware infection, the vast majority of these attacks prey on mistakes made by the victim, including bad credential management and naivety.
The anatomy of bad security
If you know anyone who has had their social media, banking, or other important account hacked, they might have expressed disbelief at the possibility of their account being compromised.
However, many of these people use the same email and password pair across all their website and service registrations, meaning that if a single one of those services is compromised, all of their accounts are vulnerable.
Data breaches are far too common for Internet users not to be aware of the dangers of using the same credentials everywhere, as demonstrated by the massive collections of pastes and breaches collated by Have I Been Pwned.
Other common errors include Internet users who receive phishing emails and naively follow through the instructions without examining the details of the mail or its sender.
Phishing attacks are so common because they are effective, and essentially result in victims volunteering their banking or other important login credentials to criminals.
It may seem a simple process to implement spam filters and double-check emails for any suspicious communication, but many Internet users are not properly educated regarding the dangers of following email links or opening attachments.
This can also lead to situations where victims unknowingly download malware to their computer.
While an up-to-date version of the latest Windows or macOS operating system should be well-equipped to handle software threats, many people do not update their machines or run any virus protection at all.
This can result in devices becoming infected with cryptojacking software, keyloggers, ransomware, and an assortment of other malicious software.
Once again, these attacks can be mitigated easily by simply keeping your system up to date and being cognizant of which attachments and files you download from your email client and websites.
Of course, if for example your online banking login details were compromised by a direct attack on your bank’s database, you are not to blame.
However, if you used the same email address and password for MyFitnessPal as you do for your banking app, you can’t blame the bank when attackers pilfer your account using those leaked credentials.
Victim and cause
Speaking to MyBroadband, Checkmark cybersecurity director Rudi Dicks that while companies may receive a fair amount of criticism after a vulnerability in their service is exposed, they generally work hard to protect customer data.
“Despite how quick we are to point and laugh when a vulnerability is detected in a major vendor’s product, most large companies take security very seriously and work hard to keep you safe,” Dicks said.
“For the average consumer (assuming you keep your device up to date), if your device is infected or exploited, in more than 90% of cases the cause is you, and not the product you used.”
“This generally comes down to a lack of education and awareness about the different techniques that criminals use to manipulate you into doing something that you don’t understand the consequences of,” Dicks added.
For example – A user receives an email asking them to log into their Google or iCloud account. They follow the link provided and type their credentials into a fake version of the website owned by criminals, who then harvest this data to exploit later.
When it comes to defending against these attacks, the responsibility rests with the users themselves and their ability to educate themselves on the potential dangers of phishing and other attacks.
“Just do the basics you’ve been told a million times,” Dicks said. “Pick complex passwords, use anti-virus and most importantly keep all your devices updated.”
You may feel slighted or surprised if your accounts are compromised, but the fact is that unless you are a high-profile target or have been duped by a sophisticated spear-phishing attack, you could have prevented the situation by simply being more stringent with your passwords and online security practices.