Most people rarely think about the top online security threats when they browse the internet. After all, if you have good antivirus software and are careful about what you click on, the chances that you’re going to get hacked or be taken advantage of by bad actors must be slim, right?
Not so. Even if you take precautions, your security and privacy are still at risk. Just look at the stats. In 2019, there were more than 1,000 data breaches, with over 150 million sensitive records exposed. More than 650,000 people reported identity theft, a 46% increase from 2018. And phishing attacks increased by 350% during the COVID-19 quarantine.
Even worse, new threats are emerging daily. The only way you can keep yourself protected is by understanding the most common cyber attacks and staying up to date with the latest security vulnerabilities. With that in mind, we compiled a list of the top 12 online security threats you should keep an eye out for in 2020.
Malware (which stands for “malicious software”) is software designed to perform a malicious task on a target device without the user’s consent. A malware infection can disable hardware, steal information, corrupt files, delete data, and do all sorts of other damage.
There are different types of malware out there, including viruses, worms, rootkits, trojan horses, spyware, adware, and ransomware. Each type has varying capabilities. Sometimes, cybercriminals use a combination of malware (known as a “blended threat”) to speed up and increase the severity of the attack.
One of the most popular ways to distribute malware is through emails. However, malware can also spread via infected software and malicious websites.
2. Social Engineering Attacks
Imagine this: You receive a text from a bank asking you to supply additional details via a link they’ve included. There’s just one problem: you don’t have an account with that specific bank. Ignoring the text, you just avoided falling victim to a phishing scam, a type of social engineering attack.
Social engineering is a manipulation technique that cybercriminals use to trick you into disclosing sensitive information or performing a specific action (like submitting your financial details via a fake website).
Phishing is just one example of social engineering. There’s also “vishing” (a type of phishing that refers specifically to phone fraud), baiting (where a cybercriminal offers you something hard to resist, like a download to a recently released movie that’s actually malware) and quid pro quo (a variant of baiting where a bad actor promises to give you something in return for information).
3. Unpatched Security Vulnerabilities
There are two types of people in this world: those who install software updates as soon as they become available and those who put off this small but annoying task indefinitely. If you fall within the latter category and have software that needs updating, you might want to get on it immediately.
Many threats rely on unpatched security vulnerabilities in common applications and browsers. For example, in 2017, the WannaCry attack, which affected over 200,000 computers worldwide, took advantage of a security weakness in the Microsoft Windows operating system.
The thing is: Microsoft had released a security patch for this vulnerability about two months before the attack. Had those affected taken five minutes out of their day to update their operating systems, they could have avoided the hack.
4. Social Networking
If the Facebook-Cambridge Analytica data scandal did not convince you to ditch social media for good, this might. According to a recent report by Dr. Mike McGuire, a criminology expert at the University of Surrey, social media cybercrime grew by over 300-fold between 2015 and 2017. Facebook messenger, for example, was found to spread a cryptocurrency mining bot disguised as a video file and several ads on YouTube hijacked viewers’ computers to secretly mine cryptocurrencies.
According to the report, at least 40% of malware on social media comes from malvertising, whereas 30% comes from plug-ins and apps. As soon as the user clicks on a fake ad or plug-in, the malware executes, allowing the hacker to carry out an attack or steal data.
The information you share on social media is also a treasure trove for cybercriminals (who might use the data to figure out when you’re away from home or commit identity theft) and data brokers (who will use the information to compile a detailed profile about you and then sell it to third-parties).
5. Data Brokers
Speaking of data brokers: Even if all your social media accounts are set to private, major people search sites likely still have a profile on you, which can include things like your name, address, telephone number, marital status, and more.
Contrary to what you might think, it’s not against the law for data brokers to gather this type of information about you, mostly because it’s publicly available.
However, just because it’s legal doesn’t mean that you have to put up with it. Data brokers will sell your data to anyone with a credit card. Luckily, you can opt-out of most data broker sites by following our detailed guide. But if you need a hand or if you’re worried that your profile will reappear (it inevitably will), think about subscribing to DeleteMe, a monthly service that’ll do all the hard work for you.
6. Password Attack
If you use the surprisingly popular “123456” as your password or reuse the same password over and over again, don’t be surprised if a third party gains access to your accounts.
Hackers employ a variety of methods to steal your login details, including, but not limited to, the above-mentioned phishing attack as well as:
- Brute force attack. A trial and error method that sees hackers trying all possible combinations of a targeted password.
- Dictionary attack. A technique that involves using popular words and phrases.
- Credential stuffing. A method where hackers use login details made public following a data breach.
To avoid falling victim to a password attack, make sure all your passwords are complex, use two-password authentication, and never use the same password more than once (a password manager can help with that).
Pharming, a combination of the words “phishing” and “farming,” is a type of scam that’s meant to redirect the victim to a fake website with the goal of obtaining their personal information.
While most people can avoid phishing scams by being careful about who they respond to and what links they click on, pharming is much scarier because it compromises internet traffic at the server level. As such, even if the victim types in the correct URL or visits the site via their bookmarks, they’ll still be redirected to the bogus website.
Pharming is typically carried out either by a malicious download/email or through DNS poisoning, which can affect countless people. The latter is particularly dangerous because users don’t need to have been infected by malware to fall victim to this scam.
8. Evil Twin Attacks
Ever heard of an evil twin attack? If you regularly use public WiFi networks, you might have. This scam tricks people into connecting to a malicious WiFi network that looks more or less like the real deal.
Cybercriminals tend to use one of two approaches when it comes to executing an evil twin attack. The first is imitating a captive portal that asks people to enter their login information on a specific page before they’re allowed to connect to the internet, which acts as a social engineering scam (i.e., you’ve just handed over your login details for a real WiFi network). The second is setting up a fake WiFi network. Once you connect to the fake WiFi network, cybercriminals can intercept your information.
Because it’s almost impossible to detect an evil twin, your best bet is always to use a VPN when connecting to a public WiFi — or even better, avoid public WiFi all together.
9. Internet of Things
Smart gadgets can undoubtedly make your life easier. But they can also pose a serious risk to your privacy. That’s because there’s currently no security standards for the billions of Internet-of-Things devices, which means that your smart doorbell or fridge might be susceptible to simple hacking techniques. IP cameras are the most targeted IoT devices, followed by smart hubs, network-attached storage devices, printers, and smart TVs.
Another worry is that smart devices might be listening to everything you say all the time, not just when you give them a command. And even if they do listen to you only when activated, who else is paying attention to every word you say? Hint: If you have Alexa, it’s Amazon employees.
Alright, so Amazon’s employees are listening in on your conversations so that Alexa can understand human speech better. But why are some IoT devices tracking your habits and preferences and sharing your data, including usage habits and location, with third-parties? One thing is certain: if you’re becoming increasingly reliant on smart devices, make sure the tech you choose is secure and the company behind it transparent about the way it uses data.
10. Web Tracking
You’ve probably noticed that you’re asked to accept cookies every time you visit a new site. When you do, the cookie is stored on the site so that when you return to the site in the future, it can remember you from your last visit. This helps improve the browsing experience (for example, that’s how the site remembers the items in your shopping cart) and customize ads specifically for you.
However, in most cases, it’s not just the site you visit that’s tracking you (i.e., first-party cookie). Third-party cookies are cookies tracked by someone other than the site you’re visiting, usually marketers. Over time, these third-parties may develop a detailed profile about you and your online activities and habits.
The issue here is that most users are not aware of all the third-parties tracking them. According to a 2018 factsheet by the Reuters Institute and the University of Oxford, an average European news site uses about 40 third-party cookies per page. Because this is done without your knowledge, it can be seen as a breach of browser security.
The good news is that Google is planning to phase out third-party cookies entirely within the next two years. In the meantime, use a browser privacy tool like Blur or Privacy Badger to see who is tracking you or block access to third-party cookies on Chrome, Firefox, or Safari.
11. Hidden Apps
According to the 2020 McAfee Mobile Threat Report, hidden apps are the newest security threat to mobile devices. In 2019, hidden apps were responsible for almost half of all mobile malware, a 30% increase from 2018.
Cybercriminals typically distribute malicious apps through links in gamer chat apps and YouTube videos. Fake apps are hard to spot, mostly because they mimic the icons of legitimate apps, like Spotify, FaceApp, and Call of Duty. Once downloaded the icon changes to one that looks like Settings. Clicking on the icon will return the error message “Application is unavailable in your country. Click OK to uninstall.” Clicking on “OK” won’t delete the app, though. It’ll do the exact opposite — complete the installation and then hide the icon, making it incredibly difficult for the user to remove the malware.
Hidden apps bombard users with ads to generate fraudulent revenue, collect sensitive information, and distribute other malicious apps. You can avoid downloading these malicious apps by sticking to official app stores, reading app reviews, and keeping your operating system and all existing apps up to date.
12. Data Collection
It’s not just hidden apps that track you. Some legitimate apps spy on you, too. A 2018 study by Oxford University, which looked at almost one million free Android apps, found that most of them transfer information, which may include your precise location, back to companies such as Google, Facebook, Twitter, and Amazon.
The study also found that the average app can transfer data to 10 third parties, whereas one in five apps can share data with over 20 third parties. A more recent research paper seems to back this up, claiming that at least 17,000 Android apps collect identifying data.
Stay Current on Security Threats
Now that you know the top 12 online security threats, you can take the necessary measures to protect your device and data. Keeping your device safe is probably easier than safeguarding your sensitive information. If you’re worried that your data is already out there, consider subscribing to DeleteMe. For only $10.75 a month, we’ll remove you from all the major data brokers out there, including Spokeo, MyLife, and Whitepages. Not only that, but we’ll also do our best to ensure that your profile is never relisted.